On June 22, the Supreme Court issued its decision in Los Angeles v. Patel, striking down a Los Angeles city ordinance that allowed law enforcement to inspect hotel guest registers on demand as facially unconstitutional.  Writing for a 5-4 majority, Justice Sotomayor held that the ordinance violated the Fourth Amendment by failing to provide for any form of review of search requests before hotels were forced to comply with law enforcement demands.  According to the Court, this failure was fatal to the City of Los Angeles’ argument that the ordinance satisfies the requirements for the administrative search exception to the Fourth Amendment’s warrant requirement.

The ordinance, Lost Angeles Municipal Code Section 41.49, required hotel operators to maintain records containing specified information about each hotel guest.  Operators were required to make this information available to any officer of the Los Angeles Police Department for inspection on demand, and faced arrest and jail time for failure to comply.  A group of hotel owners brought a facial constitutional challenge to the statute under the Fourth Amendment.  After the district court ruled in favor of the city and the Ninth Circuit affirmed, holding that the hotels lacked a reasonable expectation of privacy in the records, the Ninth Circuit reversed after rehearing the case en banc.  The Ninth Circuit’s en banc decision found not only that the records constituted the hotel’s “private property,” but that the ordinance violated the Fourth Amendment by failing to provide for an opportunity to obtain review of the search demand prior to punishment for a refusal to comply.

The Supreme Court affirmed the Ninth Circuit’s holding, finding that the ordinance failed to meet the requirements for the administrative exception to the search warrant.  First, the Court held that facial challenges are permitted under the Fourth Amendment, although Justice Sotomayor cautioned that such challenges are “unlikely to succeed where there is substantial ambiguity as to what conduct a statute authorizes.”  Turning to the merits of the claim, the Court held that the ordinance did not satisfy the requirements for the administrative search exception to the Fourth Amendment’s warrant requirement.  According to the Court, unless consent or exigent circumstances exist, the administrative search exception only applies if the subject of the search is provided with “an opportunity to obtain pre-compliance review before a neutral decisionmaker.”  Justice Sotomayor emphasized that the Court’s decision only requires “an opportunity” for pre-compliance review, such as that provided by an administrative subpoena, and a review would not need to occur if the hotel operator voluntarily complied.  An officer would also have the power to seize the registry, pending the outcome of a challenge to the search, if the officer reasonably suspects that the hotel operator may tamper with the registry.

Justice Scalia, joined in his dissent by Justice Thomas and Chief Justice Roberts, argued that the ordinance was facially constitutional due to the hotel industry’s status as a “closely regulated business.”  Justice Sotomayor’s majority opinion disagreed, noting that the Court’s jurisprudence has only identified a limited number of closely regulated industries, of which hotels are not one.  In addition, the Court noted that the warrantless inspections were not necessary to the statutory scheme and the inspection program did not include adequate safeguards regarding the frequency and consistency of its application.

While the Court’s decision may be of limited impact in circumstances involving exigent circumstances or other exceptions to the warrant requirement, such as within the national security context, the decision does establish that more ordinary administrative searches must provide some form of pre-compliance review.  The Court does allow for relatively simple methods of compliance, such as an administrative subpoena, which can be issued without a showing of probable cause.  However, the Court’s holding will establish some safeguards, however limited, for businesses and individuals to obtain review of certain government requests for information.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Caleb Skeath Caleb Skeath

Caleb Skeath advises clients on a broad range of cybersecurity and privacy issues, including cybersecurity incident response, cybersecurity and privacy compliance obligations, internal investigations, regulatory inquiries, and defending against class-action litigation. Caleb holds a Certified Information Systems Security Professional (CISSP) certification.

Caleb specializes in assisting…

Caleb Skeath advises clients on a broad range of cybersecurity and privacy issues, including cybersecurity incident response, cybersecurity and privacy compliance obligations, internal investigations, regulatory inquiries, and defending against class-action litigation. Caleb holds a Certified Information Systems Security Professional (CISSP) certification.

Caleb specializes in assisting clients in responding to a wide variety of cybersecurity incidents, ranging from advanced persistent threats to theft or misuse of personal information or attacks utilizing destructive malware. Such assistance may include protecting the response to, and investigation of an incident under the attorney-client privilege, supervising response or investigation activities and interfacing with IT or information security personnel, and advising on engagement with internal stakeholders, vendors, and other third parties to maximize privilege protections, including the negotiation of appropriate contractual terms. Caleb has also advised numerous clients on assessing post-incident notification obligations under applicable state and federal law, developing communications strategies for internal and external stakeholders, and assessing and protecting against potential litigation or regulatory risk following an incident. In addition, he has advised several clients on responding to post-incident regulatory inquiries, including inquiries from the Federal Trade Commission and state Attorneys General.

In addition to advising clients following cybersecurity incidents, Caleb also assists clients with pre-incident cybersecurity compliance and preparation activities. He reviews and drafts cybersecurity policies and procedures on behalf of clients, including drafting incident response plans and advising on training and tabletop exercises for such plans. Caleb also routinely advises clients on compliance with cybersecurity guidance and best practices, including “reasonable” security practices.

Caleb also maintains an active privacy practice, focusing on advising technology, education, financial, and other clients on compliance with generally applicable and sector-specific federal and state privacy laws, including FERPA, FCRA, GLBA, TCPA, and COPPA. He has assisted clients in drafting and reviewing privacy policies and terms of service, designing products and services to comply with applicable privacy laws while maximizing utility and user experience, and drafting and reviewing contracts or other agreements for potential privacy issues.