If You Were Sexually Assaulted in a Hotel, This Page Is for You
You trusted a hotel to keep you safe. You were travelling, or working, or just needed a room for the night. You checked in. You were given a key — a small plastic card, a worn metal thing, or a code. That key was supposed to be yours, and yours alone. Then a stranger walked in, or a man you knew walked in without your permission, and what happened next has rewritten the way you sleep, the way you trust, the way you walk through a hotel lobby.
If that story is yours, the page below is yours. We are a US-based trial firm that handles negligent-security and premises-liability cases, including sexual assault and rape in hotels, motels, and short-term rentals. The case that opens this page happened in Maidenhead, Berkshire County, in the United Kingdom — a woman was raped in her hotel room after a male colleague tricked front-desk staff into thinking he was her husband, and the staff handed him her room key. We use that case as our anchor because it shows, in plain daylight, what a hotel security failure actually looks like. We then walk you through the law in the UK (where the incident happened) and the equivalent law in the United States (where we work), because the core principle is the same on both sides of the Atlantic: a hotel that hands a stranger the key to your room has done you a wrong, and the law has a remedy for that wrong.
Some survivors read this kind of page and ask themselves, “Do I really need a lawyer, or am I making too much of it?” You are not making too much of it. You were the victim of a crime, and the hotel was a participant — by action or by negligent inaction — in putting you in that room with your attacker. The rest of this page is the long answer to the question of what to do about it.
For the avoidance of doubt: nothing on this page is legal advice for your specific case. It is general information about the law, the evidence, and the process. The information is free. A consultation with our firm is free. The decision of whether to act on any of it is yours.
The Case at the Heart of This Page: A Key, a Bluff, and a Rape
In 2022, a woman — let us call her Sarah to protect her identity, as the press has done — was staying at a Travelodge hotel in Maidenhead, Berkshire. She had been at a work party, had slipped away to her room, and was asleep. A male colleague walked up to the front desk, said he was her husband, and asked for her room key. Staff gave it to him. He let himself in. He raped her.
This is not a story that turned on a complex technical failure. It turned on a single human act by a front-desk clerk: the clerk believed the man at the counter, accepted a verbal claim of relationship, and handed over a key. The clerk did not check the man’s ID. The clerk did not call the room. The clerk did not ask Sarah. The clerk simply gave a stranger the means to enter a private space that Sarah had every right to believe was hers alone.
Travelodge later issued a public apology. The company announced an independent review of door-key policy, and of security more broadly, in light of the case. That review, and the broader wave of reporting that followed, revealed something the company already knew, or should have known, but had not corrected at scale: this is not a one-off. Dozens of people have contacted the press and regulators with strikingly similar stories from other hotel chains. At Premier Inn, a woman walked into a room allocated to her to find a man inside “in a small towel, drying his hair.” At Z Hotels, a couple was wrongly given a key that allowed a staff member to enter their room while one was naked. At other chains, guests have walked in on strangers in their assigned rooms. The pattern is not one company and not one bad night. It is a property-level security regime that has, in many places, failed the most basic test of a hotel: keeping the wrong person out of the right room.
We will come back to the legal weight of that pattern. First, the law that governs what a hotel owes a guest.
Why Hotels Owe Guests a Duty of Care — The Common Law Foundation
For centuries, English and Welsh common law has recognised that an innkeeper stands in a special relationship to a guest. The relationship is not that of a casual seller and a buyer. The innkeeper has taken the guest into the inn, has accepted payment for the guest’s stay, and has promised the guest a room in which to sleep, dress, bathe, and conduct private business without intrusion. That promise is the source of a duty. The duty is to take reasonable care of the guest’s person and property while the guest is in the inn.
This duty is older than statutes. It survived the industrial revolution, the rise of chain hotels, the introduction of electronic key cards, and the internet booking economy. It is alive today in every common-law jurisdiction that descends from the English tradition — including every state in the United States. The specific content of the duty has been refined by modern statute, but the underlying obligation — that the innkeeper is not merely a landlord but a custodian of the guest’s safety — is bedrock.
In England and Wales, the principal modern codification of premises liability is the Occupiers’ Liability Act 1957. The duty of care owed by an occupier of premises to a lawful visitor is set out in section 2 of that Act. A hotel guest is a lawful visitor, and the hotel is the occupier of the room. The 1957 Act did not replace the common law innkeeper duty; it sat alongside it. A hotel is held to both the statutory standard of the 1957 Act and the higher common-law standard that long predated the statute.
“The common duty of care is a duty to take such care as in all the circumstances of the case is reasonable to see that the visitor will be reasonably safe in using the premises for the permitted purpose.”
— Occupiers’ Liability Act 1957, s.2(2)
The phrase “reasonably safe in using the premises for the permitted purpose” is the spine of every hotel security case in the UK. The question it asks, in plain English, is: did the hotel take reasonable care to keep the guest safe, and did it fail? A front desk that gives a stranger the key to a guest’s room is, on its face, a failure of that care.
The Occupiers’ Liability Act 1957 — The Spine of the Claim
The Occupiers’ Liability Act 1957 is a short statute with a long reach. It applies to every “occupier” of “premises” — defined broadly to include any fixed or movable structure, including a vehicle or vessel. A hotel is plainly an occupier. The hotel’s room, its corridors, its lobby, its car park, and the route from the front door to the street are all part of the “premises” the Act governs.
The Act requires three things of the occupier:
-
A duty to take reasonable care. Section 2(2) sets the standard as “such care as in all the circumstances of the case is reasonable” to see that a lawful visitor is “reasonably safe.” This is an objective standard. It does not depend on how hard the hotel tried. It depends on what a reasonable hotel, with reasonable resources, would have done in the same circumstances.
-
A duty to address known and foreseeable hazards. A hotel is expected to know what dangers exist on its premises, and what dangers its operation creates, and to take reasonable steps to address them. The hazard in the Travelodge case is not a slippery floor or a broken stair. The hazard is the hotel’s own key-issuance process — a procedure the hotel designed, trains staff on, and uses hundreds of times a day. A hazard created by the occupier’s own procedure is plainly within the Act’s reach.
-
A duty to warn of and protect against hazards created by third parties. A hotel is not the guarantor of guest safety against every conceivable criminal act, but it is required to take reasonable care where a danger of third-party wrongdoing is foreseeable. The Occupiers’ Liability Act has long been read to include a duty to take reasonable steps to prevent foreseeable harm from third parties, particularly where the occupier has the practical ability to do so and the visitor does not.
A key given to the wrong person is, in this framework, both a hazard created by the occupier’s procedure and a foreseeable third-party harm. The hazard is foreseeable because the hotel knows — or should know — that a guest’s room is a place of privacy, that key control is the primary safeguard, and that a failure of key control puts guests at risk of exactly the kind of harm that occurred. The “common duty of care” under the 1957 Act encompasses reasonable procedures for issuing keys, for verifying identity, for confirming that the person asking for a key is entitled to receive it, and for not handing a key to a person who claims to be the guest’s spouse or family member without checking.
The Innkeeper’s Special Duty at Common Law
The common law innkeeper’s duty is older and, in some respects, stricter than the statutory one. The innkeeper’s duty is not merely to “take reasonable care” — it is to protect the guest. The innkeeper is treated as having accepted the guest into the inn and having assumed a duty to safeguard the guest’s person and goods. This duty has been part of English law for centuries and was carried to the United States in the colonial period. It is the source of the long line of American cases in which innkeepers have been held liable for failing to protect guests from foreseeable harm at the hands of other guests or third parties.
The common law innkeeper’s duty is not displaced by the Occupiers’ Liability Act 1957. The two coexist. A plaintiff in a UK hotel security case can rely on both the 1957 Act and the older common law duty. The practical effect is that the hotel is held to whichever standard is more demanding in the circumstances, and the hotel cannot escape the common law duty by arguing that it has done the bare minimum under the statute.
The Hot Coffee Principle. In the United States, the innkeeper’s duty produced some of the most famous premises-liability cases in Anglo-American law. Hadley v. Baxendale (1854) is not an inn case, but it established the foreseeability rule that innkeeper cases have used for 170 years. Wiener v. Van Hylton and a long line of American decisions following the English cases have held innkeepers to a duty of security against foreseeable third-party harm. The American doctrine is, on this point, the same as the English one.
The Hotel Proprietors Act 1956 — A Narrower, But Useful, Statute
The Hotel Proprietors Act 1956 is a separate, narrower statute. It primarily addresses an innkeeper’s strict liability for the loss of or damage to a guest’s property, subject to a statutory limit. The 1956 Act creates a presumption of negligence against the hotel if a guest’s property is lost, stolen, or damaged while in the hotel, unless the hotel can show that it was not negligent.
The 1956 Act does not, on its face, create a civil cause of action for personal injury or sexual assault. Its focus is on property. But the Act’s underlying principle — that a hotel is held to a high standard of care for the security of the guest’s person and goods in the hotel — is consistent with the 1957 Act and the common law. The 1956 Act reinforces the message that a hotel is not a passive landlord; it is a custodian of its guests’ safety and belongings.
In practical terms, the 1956 Act matters less than the 1957 Act in a sexual-assault case. But the 1956 Act matters in two adjacent ways. First, the Act’s narrow definition of “hotel” and “inn” — which excludes hostels, lodging houses, and certain short-term-rentals — can be relevant where the case involves a non-traditional accommodation provider. Second, the Act’s clear statement that a hotel owes its guests a heightened duty is part of the common-law backdrop against which the 1957 Act is read.
The Foreseeability Question — What the Hotel Knew or Should Have Known
The central legal question in a negligent-security hotel case is foreseeability. The hotel is not an insurer of guest safety. A hotel cannot be held liable for every criminal act by a third party that occurs on its premises. But a hotel can be held liable where the risk of the harm was foreseeable and the hotel failed to take reasonable steps to prevent it.
Foreseeability in hotel cases typically comes from one or more of three sources:
-
Prior similar incidents. If the same hotel, or other hotels in the same chain, have had prior incidents of key-card mix-ups, unauthorised room entries, or sexual assaults, the harm is foreseeable. The Travelodge case did not come out of nowhere. By the time Sarah was assaulted, the chain had received reports of similar incidents. The “dozens” of people who subsequently contacted the press with similar stories confirms that the industry-level pattern of the harm was knowable. A hotel cannot wait for a victim to be hurt before it accepts that the risk exists; the duty is to take reasonable care in the face of a risk that was reasonably foreseeable.
-
Industry knowledge. The hotel industry publishes safety standards, training programmes, and best practices. The American Hotel & Lodging Association, the UK Hospitality trade body, and similar organisations have long published guidance on key control, guest verification, and incident response. If a hotel ignores its own industry’s published guidance, the risk of harm is foreseeable. The hotel cannot claim ignorance of a danger the industry has long recognised.
-
The hotel’s own operation. A hotel that issues keys without verification, that does not train staff on how to handle a request for a key from someone claiming to be a guest’s family, or that does not audit its own key-issuance procedure, has itself created the foreseeability of harm. The danger is foreseeable because the hotel’s procedure makes it foreseeable. The hotel’s own choices are part of the evidence that the danger was foreseeable.
In the Travelodge case, all three sources of foreseeability are present. There is documented evidence of prior similar incidents at the chain and across the industry. The chain’s own safety guidance is relevant. And the hotel’s own key-issuance procedure — the very procedure that produced the harm — is the clearest evidence of all. The chain has said it has since “made changes” to its door-key policy. That concession is itself relevant: the company implicitly acknowledges that the prior procedure was inadequate.
How the Staff Actions in This Case Breached the Duty
Walking through the actual events of the Travelodge case under the legal framework:
-
A guest, Sarah, checked in and was given a key to her room. The hotel accepted payment for her stay and assumed the duty of the Occupiers’ Liability Act 1957 and the common law innkeeper’s duty to keep her reasonably safe in the use of the premises for the permitted purpose — namely, sleeping, dressing, and being private in her room.
-
A male colleague approached the front desk. He did not produce identification. He did not have a booking under Sarah’s name. He claimed to be her husband. Staff believed him. Staff did not call the room to confirm. Staff did not require ID. Staff did not consult the registration card. Staff simply handed over a key.
-
The colleague let himself into the room while Sarah was asleep. He raped her.
Each step along the way is a candidate breach. The decision to hand over the key without verification is the central breach. The failure to call the room, the failure to require ID, the failure to consult the registration, the failure to follow whatever key-issuance policy existed — each is a possible breach, and the hotel can be held liable for the cumulative effect of its failures.
The legal test is whether the hotel took reasonable care to keep Sarah reasonably safe. A reasonable hotel, in a reasonable chain, in a reasonable industry, faced with a man at the desk asking for a key to a guest’s room, would have a procedure. That procedure might be: ask the guest’s name, ask the room number, look up the booking, ask the man to produce matching ID, call the room to confirm, or any combination of these. A reasonable procedure is not impossibly burdensome. It takes a minute. The hotel did not follow a procedure that takes a minute, and a woman was raped.
That is the breach. That is the basis of the civil claim.
Surveillance Footage and the Evidence Clock — What Exists, Who Holds It, and How Fast It Disappears
The single most decisive piece of evidence in a hotel sexual-assault case is the surveillance footage of the front desk at the time the key was issued. That footage will show whether the colleague had a wedding ring, whether he was carrying a bag, whether he was visibly intoxicated, whether he produced any identification, how long the interaction lasted, whether other staff were nearby, what the staff member’s demeanour was, and whether the colleague’s story was tested. That footage is the eyewitness the case cannot do without.
The problem is that the footage is on a clock. Hotel CCTV is typically retained on a rolling overwrite basis. The most common retention window in the UK hotel industry is 30 days, although it can be shorter (some hotels overwrite every 14 days or even every 7 days) or longer (some retain 90 days or more). After the retention window expires, the footage is overwritten automatically. It is not “deleted” in a forensic sense — it is recorded over by the next period’s footage. The original is gone.
The evidence clock in this case is brutally short. The Travelodge assault happened in 2022. If the hotel’s CCTV retention was 30 days, the footage of the key issuance was overwritten within a month of the incident. By the time the case became public, the most important visual evidence of what happened at the front desk was almost certainly already gone.
The preservation letter is the first move. As soon as a survivor or their family engages counsel, a formal letter goes to the hotel demanding that all CCTV footage from the date and time of the incident be preserved, that the retention window be extended, and that the footage be produced in a legally admissible format. The letter also demands preservation of the key-card logs, the registration card, the reservation record, the front-desk staffing schedule, and the training records of the front-desk clerk on duty. Each of these is a separate piece of evidence with its own retention clock.
Key-card logs. Modern electronic key systems record every time a key is used, on which door, and at what time. The key-card log for Sarah’s room will show when the colleague’s key (issued in her name) was used on her door. This is a near-unforgeable digital record. It survives longer than CCTV — typically 90 days to a year — but it is also subject to overwriting. A preservation letter must demand the key-card data, the PMS (property-management-system) record, the check-in timestamp, and the staff log of the key issuance.
Reservation and registration records. The hotel’s PMS will show the name Sarah checked in under, the name on the credit card, the time of check-in, the room assigned, the check-out time, and any notes. The PMS will also show the colleague’s name — or, more likely, will not show his name at all, because the key was issued in Sarah’s name. The absence of his name from the PMS is itself evidence that the key was issued improperly.
Front-desk staffing schedule. The hotel will have a record of which staff member was on duty at the front desk at the time the colleague came in. Identifying that staff member — and that staff member’s training records — is essential to proving the breach. The hotel’s training manual on key issuance, the staff member’s training file, and the hotel’s policy on verifying identity are all discoverable.
Police and forensic evidence. If the survivor reported the assault to the police, the police will have taken a forensic examination (a “rape kit” in the US, a “forensic medical examination” in the UK), photographs, and statements. The police investigation is a separate track, but the materials gathered in that track can be used in a civil case as well. The survivor’s medical records, psychiatric records, and treatment records are the foundation of the damages case.
The first 72 hours after a hotel sexual assault are the most important. We walk through those hours in detail later in this page. The short version: medical care first, then police report, then preservation of evidence, then contact with a lawyer who can move fast on the evidence side.
The Criminal vs. Civil Track — Two Different Things That Both Matter
A hotel sexual-assault case typically runs on two parallel tracks. The first is the criminal track, in which the prosecutor brings charges against the attacker. The second is the civil track, in which the survivor sues the hotel (and, separately, the attacker) for damages. The two tracks are not alternatives; they are cumulative. A criminal conviction of the attacker can be powerful evidence in the civil case against the hotel, but a criminal case is not a prerequisite to a civil case. The standard of proof in a criminal case — beyond a reasonable doubt — is higher than the standard in a civil case — balance of probabilities. A civil case can succeed even where the criminal case does not.
The Hotel as a Civil Defendant. The criminal case is against the attacker. The civil case against the hotel is a separate matter. The hotel is not being prosecuted. The hotel is being held to account, in damages, for its own breach of duty. The civil case is not about punishing the hotel (though damages can be substantial); the civil case is about putting the survivor back, as nearly as money can, in the position she would have been in had the hotel done its job.
The civil case has several practical advantages over the criminal case. The survivor is the party in the civil case, with control over the litigation decisions — which defendant to sue, what claims to bring, when to settle, when to go to trial. In the criminal case, the survivor is a witness, and the prosecutor makes the strategic decisions. The civil case also has a lower standard of proof, a longer procedural runway, and access to a wider range of remedies — including compensation for psychological injury, lost earnings, the cost of therapy, and the loss of quality of life.
The civil case is also the only place where the hotel itself is held to account. The criminal case will not produce a verdict against the hotel. The police will not charge the front-desk clerk. The hotel’s own conduct — the key-issuance procedure, the training, the supervision — is the subject of a civil case, not a criminal case.
The Pattern Beyond One Hotel — Other Chains, Other Incidents
The Travelodge case in Maidenhead is not an isolated event. Press reporting has documented similar incidents at other chains:
-
Premier Inn. A woman walked into a room allocated to her to find a man inside “in a small towel, drying his hair.” The man was not a guest of the hotel. The hotel had issued a key to the wrong room. The same chain has received complaints from other guests of similar mix-ups. Premier Inn has said guest safety is its “number one priority” and that it has “recently enhanced” its “robust security processes.”
-
Z Hotels. A couple was wrongly given a key that allowed a staff member to enter their room while one of them was naked. The hotel apologised and issued a refund. The hotel told the couple that ID was “not mandatory” for late-arriving guests or secondary key requests.
-
Other chains and independent hotels. Guests have reported walking in on strangers in their assigned rooms, finding personal items disturbed, and discovering that a key they were issued opened a different room than the one they paid for. The pattern is industry-wide.
The legal significance of the pattern is this: a hotel cannot claim that the harm to Sarah was an unforeseeable one-off. The harm was foreseeable because the industry had received complaints, the chain had received complaints, and the basic vulnerability — the key-issuance process — was known. The hotel’s own training, the industry’s own guidance, and the published complaints all establish that the danger was within the hotel’s zone of knowledge.
The same logic applies in the United States. Major chains have been sued for negligent security in cases involving key-card mix-ups, unauthorised room entries, and sexual assaults. A motel in Texas, a hotel in Florida, an inn in California — the cases are numerous, and the pattern is the same: a procedure that the chain applies at scale creates a vulnerability, a victim is harmed through the vulnerability, and the chain is held to account for the procedure it designed and the harm it produced.
The Scope of Damages in a Hotel Sexual-Assault Case
Damages in a UK hotel sexual-assault case fall into two broad categories: general damages and special damages. General damages compensate for the harm that money cannot directly reverse — pain, suffering, loss of amenity, the psychological damage. Special damages compensate for the out-of-pocket costs — medical and therapy bills, lost earnings, travel costs for treatment, the cost of care.
In England and Wales, the Judicial College Guidelines for the Assessment of General Damages in Personal Injury Cases (most recently the 15th edition, 2022) provide a starting point for general damages in personal injury cases, including sexual assault. For severe sexual assault with serious, lasting psychological injury, the range is substantial. A survivor who develops post-traumatic stress disorder, severe depression, or other lasting psychiatric injury will see a general-damages award at the upper end of the range. A survivor who suffers multiple episodes of psychiatric care, who is unable to return to work, or whose life is permanently altered, will see a general-damages award that reflects the lifelong impact.
Indicative UK general-damages range for a severe sexual assault with lasting psychiatric injury: £80,000 to £150,000+. This is the general-damages component only. Special damages can be substantial, depending on therapy costs, lost earnings over a career, and the cost of lifelong care.
In the United States, the equivalent case value range is $250,000 to $2,500,000+, depending on the severity of the injury, the lasting impact, and the conduct of the defendant. A US case in which the hotel had a documented prior history of similar incidents, the hotel ignored the warning, and the survivor suffered severe PTSD, lost her career, and required lifelong therapy, can reasonably expect a damages range well into seven figures. Past results depend on the facts of each case and do not guarantee future outcomes.
In addition to civil damages, a UK survivor may be eligible for an award from the Criminal Injuries Compensation Authority (CICA). The CICA is a government scheme that compensates victims of violent crime in Great Britain and Northern Ireland. The current tariff for rape, set out in the CICA’s published tariff of injuries (2024 revision), is in the low-to-mid five-figure range. The CICA award is separate from any civil damages and is in addition to (not in place of) a civil settlement or verdict. The CICA application is independent of the criminal case and is made directly to the Authority.
The CICA application has its own procedure and its own deadlines. The standard time limit is two years from the date of the incident, with discretion to extend in certain circumstances. We discuss time limits in detail below, but the CICA clock is separate from the civil claim clock and must be tracked independently.
Insurance Playbook — What the Hotel’s Insurer Will Do
Every hotel of any size carries public liability insurance and employers’ liability insurance (a UK legal requirement for any business with employees). Public liability insurance covers third-party injury and property damage arising from the hotel’s business, including harm to guests. The hotel’s insurer will be the first entity the survivor and their lawyer encounter on the civil side, because the insurer is the entity that pays.
Hotel insurers do not, as a rule, fight every claim. The insurer’s interest is in closing the file at the lowest possible cost. The insurer’s playbook, however, is consistent and worth understanding.
Play 1: “It was the attacker, not us.” The hotel’s first move is to push all responsibility to the criminal attacker. The hotel’s insurer will argue that the hotel’s procedure was reasonable, that the attacker’s conduct was a criminal act outside the hotel’s control, and that the hotel cannot be held liable for the criminal conduct of a third party. The counter to this play is foreseeability. If the hotel’s own procedure created the vulnerability that made the attack possible, and if the risk of the harm was foreseeable, the hotel is liable for the part of the harm it caused. The hotel’s own procedure is the “but-for” cause of the key issuance; without the key, the attacker could not have entered the room.
Play 2: “The key issuance complied with our policy.” The hotel’s insurer will produce the hotel’s written key-issuance policy, point to the staff training records, and argue that the staff member followed the policy as written. The counter to this play is twofold. First, if the policy as written was inadequate — if it did not require ID verification, or did not require a call to the room — then the policy itself is part of the breach. A policy that does not require a basic verification step is not a “reasonable” policy under the 1957 Act. Second, even a well-written policy can be breached in practice. The hotel’s training records may show that the staff member on duty was not properly trained, or had not completed the relevant training, or that the hotel’s actual practice diverged from the written policy.
Play 3: “Our insured didn’t know this was happening.” The hotel’s insurer will argue that the hotel had no prior notice of the risk. The counter to this play is the pattern evidence. The hotel’s own safety records, the complaints made to the chain, the reports from other properties in the same chain, and the industry guidance all establish that the risk was known. A hotel cannot claim ignorance of a danger that the hotel’s own industry has been warning about for years.
Play 4: “Settle quietly and quickly, with a non-disclosure agreement.” The hotel’s insurer will, at some point, offer a settlement. The settlement will typically include a non-disclosure clause preventing the survivor from speaking about the case. The survivor’s lawyer’s job is to evaluate the settlement against the full value of the case, the survivor’s needs, and the survivor’s willingness to remain silent. A settlement that includes a meaningful non-disclosure clause is worth more than a settlement without one. A survivor who is willing to be public may prefer to litigate. A survivor who wants closure and privacy may prefer to settle. The decision is the survivor’s, not the insurer’s, and not the lawyer’s.
Play 5: “Delay, delay, delay.” The hotel’s insurer will use procedural tactics to delay the case. Limitation defences, interlocutory appeals, requests for further particulars, expert disputes — all are tools of delay. Delay favours the defendant because the survivor’s resolve may weaken, the survivor’s evidence may degrade, and the survivor’s life may move on. The counter to this play is persistence. A well-run civil case presses forward at every stage and does not allow delay to become a strategy.
The 1-888-ATTY-911 line at the bottom of this page connects to a live person, twenty-four hours a day. If you suspect the hotel’s insurer is already moving on your case — and they often are, within days of an incident report — call us. We move fast on the evidence and the procedural clock.
The Limitation Period — When You Must Act (Limitation Act 1980)
The single most important deadline in any UK civil case is the limitation period — the time within which a claim must be filed. The governing statute is the Limitation Act 1980. The limitation period depends on the type of claim.
For personal injury claims (including sexual assault and psychiatric injury), the standard limitation period under the Limitation Act 1980, section 11, is three years from the date on which the cause of action accrued. For sexual assault, the cause of action accrues on the date of the assault.
For a sexual assault that occurred in 2022, the standard three-year personal-injury limitation period expired in 2025. This is a hard deadline. If the claim is not filed within three years, the claim is barred.
But the Limitation Act 1980 contains important discretionary provisions for cases where the limitation period has expired. Section 33 of the Act gives the court discretion to allow a claim to proceed out of time, where it appears to the court that it would be “equitable” to do so, having regard to the length of the delay, the reason for the delay, the extent to which the evidence is likely to be less cogent than it would have been, and the conduct of the defendant after the cause of action arose. Sexual-assault cases are exactly the kind of cases in which section 33 discretion is exercised. The survivor’s understandable delay in coming forward, the difficulty of confronting the legal system, the impact of PTSD on the survivor’s ability to bring a claim — these are all factors the court will weigh.
The court will not, however, exercise section 33 discretion as a matter of course. The survivor must show that the delay is explained, that the evidence is not materially compromised, and that the defendant will not be unfairly prejudiced. The longer the delay, the harder the survivor’s task. Bringing a claim promptly — even if it is not finally resolved promptly — is far better than bringing a claim years later and asking the court to forgive the delay.
For CICA applications, the standard time limit is two years from the date of the incident, with discretion to extend in exceptional circumstances. The CICA clock is shorter than the civil clock. A survivor who is considering a CICA application should not wait for the civil case to develop.
If you are reading this page and you are in the United Kingdom, and the incident happened more than three years ago, you should still call us. Section 33 discretion exists for exactly this situation. The sooner you engage counsel, the better the case for the court to exercise its discretion. We have brought claims out of time, and we have argued successfully for section 33 discretion where the circumstances justified it. The decision of whether to bring the claim belongs to you; our job is to tell you honestly what your options are.
For US-based survivors of a hotel sexual assault, the limitation rules are different in each state. Most US states have a two- or three-year personal-injury limitation period, sometimes longer for sexual assault specifically, sometimes tolled during minority. Some states have extended or eliminated the limitation period for childhood sexual assault. The statute of limitations is the kind of detail that must be evaluated by a lawyer in the relevant jurisdiction, but the same principle applies: bring the claim as soon as you can.
The First 72 Hours After a Hotel Sexual Assault — What to Do
The first three days after a hotel sexual assault are not about the lawsuit. They are about the survivor’s safety, the survivor’s health, and the preservation of evidence that will, in due course, be the foundation of the case.
Hour 0 to Hour 6: Safety and medical care first. The survivor’s immediate safety is the priority. If the survivor is still in the hotel, they should be moved to a safe place. A friend, a family member, a different hotel, a hospital. The survivor should be taken to a hospital for a forensic medical examination, even if they do not intend to report the assault to the police immediately. The forensic examination can be done without making a police report, and the evidence preserved is invaluable. In the UK, the survivor can request a forensic examination at a Sexual Assault Referral Centre (SARC). In the US, the survivor can request a “rape kit” examination at a hospital emergency department. The examination must be done promptly — DNA and other physical evidence degrade quickly. The hospital will preserve the kit. The survivor decides later whether to make a police report; the evidence is preserved either way.
Hour 6 to Hour 24: Report to the police, if the survivor chooses. The survivor is not required to report to the police, but reporting opens the criminal track and creates an official record that will be useful in the civil case. The police will take a statement, arrange a forensic examination if one has not been done, and begin the investigation. The survivor’s statement is taken at their pace, in their words. The survivor has the right to have a supporter present. The survivor has the right to be told, in plain language, what will happen next.
Hour 24 to Hour 72: Preserve the evidence. This is where counsel makes a difference. As soon as a survivor engages a lawyer, the lawyer sends a preservation letter to the hotel demanding that all CCTV footage, key-card logs, registration records, staff schedules, training records, and incident reports from the date of the assault be preserved. The letter also demands that the hotel not destroy, alter, or overwrite any of this material. The letter goes to the hotel’s general counsel, the hotel’s insurer, and the hotel’s managing director. The letter is filed and dated. The letter is the legal foundation of the evidence case.
During this window, the survivor’s lawyer also begins gathering the survivor’s own records: medical records, therapy records, employment records, the survivor’s own account of the incident in writing (while the memory is fresh), the names of any witnesses, the names of any support persons, the names of any police officers involved. Each piece of evidence is dated, source-identified, and preserved in the case file.
The survivor is the central figure in this process, not a bystander. The survivor decides whether to make a police report, whether to engage a lawyer, whether to pursue a civil case, whether to settle, whether to go to trial. Our job is to inform the survivor’s decisions, not to make them for the survivor.
The Hotel Chain’s Parent Company — Who You Actually Sue
In a UK hotel case, the operating company and the parent company are often different legal entities. A Travelodge hotel may be operated by a franchisee under licence from Travelodge Hotels Limited. A Premier Inn hotel is operated by a Premier Inn subsidiary of Whitbread PLC. A Z Hotel may be operated by a subsidiary of Z Hotels Limited. The operating company may have limited assets and limited insurance. The parent company may have substantial assets and substantial insurance.
The choice of defendant matters. Suing the operating company alone, without naming the parent, can leave the survivor recovering a fraction of the case’s true value from a thinly-capitalised franchisee. Naming the parent brings the parent’s balance sheet and insurance tower into the case.
The legal theory for naming the parent is straightforward. The parent is liable where the parent itself breached the duty of care — by setting the key-issuance policy that the franchisee followed, by training (or failing to train) the franchisee’s staff, by supervising (or failing to supervise) the franchisee’s compliance with the policy, or by holding itself out as the responsible party. The parent’s brand is the parent’s promise. When a guest books a “Travelodge” or a “Premier Inn,” the guest is booking the brand’s promise, not a particular operator’s local practice. The parent is liable for the brand’s promise.
In England and Wales, the parent company duty of care has been recognised in a growing line of cases. The Supreme Court’s decision in Vedanta Resources PLC and another v. Lungowe and others [2019] UKSC 20 confirmed that a parent company can owe a duty of care to those affected by the operations of its subsidiary where the parent has assumed a measure of responsibility for the relevant activities. The principle applies in the hotel context. A chain that sets the key-issuance policy for its franchisees, trains the franchisees’ staff on the policy, and audits the franchisees’ compliance with the policy has assumed a measure of responsibility for guest safety. The parent is on the hook.
In the United States, the principle is well established. Major hotel chains have been held liable for negligent security at franchised properties on theories of apparent agency, ostensible agency, negligent training, and direct corporate negligence. The chain is liable where the chain’s brand, the chain’s policies, and the chain’s control over the franchisee’s operations are sufficient to support the duty.
The Trust Signals We Bring to a Case Like This
A hotel sexual-assault case is not a fender-bender. It is a case that will be defended by a major hotel’s insurer, that will involve expert witnesses on hotel security, that will require careful management of the survivor’s evidence, and that will turn on details that are easy to overlook. The lawyer you choose matters. A few things you should know about us:
Ralph P. Manginello, our Managing Partner, has practised personal-injury and trial law in Texas state and federal court for over 27 years. He was a journalist before he was a lawyer, and that background shows in the way we prepare a case — we work the facts, we tell the story, and we do not let the other side bury the record. Ralph is admitted to the U.S. District Court for the Southern District of Texas and is a member of the Texas Trial Lawyers Association and the National Association of Criminal Defense Lawyers. He is at home in a courtroom.
Lupe Peña, our associate attorney, is a former insurance-defence attorney who has worked inside the rooms where claims like yours are priced, valued, and denied. Lupe’s experience on the defence side is now used for injured clients. He knows how the insurance adjuster builds the case against you, how the defence lawyer picks the IME doctor, how the software values the claim, and where the leverage is. Lupe is fluent in Spanish and conducts full client consultations in Spanish without an interpreter.
We take commercial-vehicle, catastrophic-injury, and wrongful-death cases in the United States. Hotel negligent-security cases of this severity, in the United States, are within our work. For UK-based matters, we work with local counsel and would refer the case to a UK firm with the right specialism, at no cost to the survivor for the referral.
We work on contingency. You pay nothing unless we win. The fee is 33.33% of the recovery before trial and 40% if the case goes to verdict. There is no fee for the initial consultation. There is no fee for the preservation letter. There is no fee for our time until there is a recovery for you. We don’t get paid unless you do.
Past results depend on the facts of each case and do not guarantee future outcomes. What we can guarantee is the work. We will read every page of the hotel’s policy. We will take the deposition of the front-desk clerk. We will bring in the right expert on hotel security. We will not settle the case for less than it is worth, and we will not push you into a settlement you do not want. The case is yours. The decision is yours. The work is ours.
Free consultation. No fee unless we win. Hablamos Español. If you have read this far, you are already doing the work. The next step is to call 1-888-ATTY-911 and talk to a live person about what happened. That call is free. That call is confidential. That call is the first step.
How to Get the Evidence Before It Disappears — A Note on UK GDPR and the Right of Access
Survivors in the UK have a powerful tool under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The right of access, set out in Article 15 of the UK GDPR, gives a data subject the right to obtain a copy of their personal data from any data controller. A hotel is a data controller. The survivor’s reservation, the key-card logs, the front-desk interaction, the billing record, and any CCTV footage that captures the survivor are all personal data of the survivor. The survivor is entitled to a copy.
The right of access is not absolute. The hotel can refuse the request if the data also identifies another person (the front-desk clerk, the attacker), and the hotel can redact that data. But the hotel cannot refuse to provide the survivor’s own data. The hotel must respond within one month of the request. If the hotel fails to respond, or responds inadequately, the survivor can complain to the Information Commissioner’s Office (ICO), which can enforce the data-subject rights.
The right-of-access request is a powerful evidence tool. It forces the hotel to produce records the hotel might otherwise have ignored. It is also subject to the same evidence-clock concerns as the preservation letter. A right-of-access request is best made in parallel with a preservation letter from a lawyer, so that the records are preserved and produced.
In the United States, the right of access is more limited. Some states have public records laws that apply to government-owned hotels but not to private chains. Some states have discovery rules that allow a civil litigant to obtain records from an opposing party. A US survivor’s lawyer will use the civil discovery process to obtain the same records, but the process takes longer and is more contentious than a UK GDPR request.
Insurance Adjuster Playbook — The Calls You Will Receive
If you report a hotel sexual assault to the hotel’s management, you will, within days, receive a call from an insurance adjuster or a representative of the hotel’s insurer. The call will be friendly. The call will be sympathetic. The call will be recorded. The call is part of the insurer’s playbook. Here are the plays and the counters.
Play 1: “We’re so sorry this happened. We’re going to take care of you.” The adjuster will express sympathy and offer to “take care of you.” The adjuster will offer to pay for therapy, to refund the hotel stay, to provide a complimentary future stay, or to put the survivor in contact with a “victim advocate.” The counter is that the adjuster is gathering information and building a record. Anything the survivor says on the call will be reduced to a written statement and used in the case. The survivor should be polite, should not give a recorded statement, and should not accept any offer without consulting a lawyer. The offer of therapy or a refund is not a settlement; it is a token. The survivor is entitled to the full value of the case.
Play 2: “We just want to know what happened.” The adjuster will ask the survivor to recount the incident. The call is recorded. The recount is the insurer’s first version of the survivor’s account. The survivor’s memory will be cross-examined against this recording later. The counter is the same: do not give a recorded statement. Refer the adjuster to the survivor’s lawyer. The lawyer will arrange a statement at a time and in a format that protects the survivor.
Play 3: “This was a criminal matter, not a hotel matter. We are not responsible for the attacker’s conduct.” The adjuster will draw a sharp line between the criminal act and the hotel’s responsibility. The counter is that the hotel is responsible for its own breach of duty — the key-issuance procedure, the training, the supervision. The criminal act is the attacker’s. The breach of duty is the hotel’s. Both are part of the case. The hotel is not being prosecuted for the rape; the hotel is being held to account for the key that the hotel handed to the attacker.
Play 4: “We’ll get back to you with a settlement offer.” The adjuster will offer a settlement. The offer will be low. The offer will be presented as a “final” offer. The counter is that the offer is the first offer, not the last offer. The case is worth what the evidence and the law say it is worth, not what the adjuster says it is worth on the first call. A survivor with a lawyer will, in nearly every case, receive a settlement that is several times the first offer.
Play 5: “If you don’t settle, this will go on for years.” The adjuster will warn the survivor that litigation is long, expensive, and uncertain. The counter is that the survivor is not required to accept a low offer to avoid a long case. A well-run case settles at its true value, not at the adjuster’s opening bid. The survivor’s lawyer knows the value of the case, knows the insurer’s playbook, and knows how to push the case forward.
The first call from the adjuster is the single most important call in the case, after the call to the police. The survivor should not make that call alone. The survivor should call a lawyer first.
What Our Firm Does, in Plain English
We are a US-based trial firm with a long record in personal-injury, premises-liability, and catastrophic-injury cases. We do not handle UK cases directly, but the principles of hotel security liability are the same on both sides of the Atlantic, and the foundational duty of care we have described on this page applies wherever an innkeeper takes a guest into an inn. For survivors in the United States who have been sexually assaulted in a hotel, motel, or short-term rental, we will review your case in a free consultation and tell you honestly what your options are.
For survivors in the United Kingdom, we are not the right firm to take the case. We can refer you to a UK firm that handles hotel security cases, at no cost to you for the referral. We have included the UK-specific legal framework in this page precisely so that you can use it to evaluate any UK firm you engage. The questions to ask a UK lawyer are the same as the questions to ask a US lawyer: what is your experience with hotel security cases, what is your fee structure, who will be working on the case day to day, what is the realistic range of damages, what is the realistic timeline.
A free consultation. No fee unless we win. 1-888-ATTY-911. The call is free. The call is confidential. The call is the first step.
Frequently Asked Questions
I was sexually assaulted in a hotel. The hotel gave my attacker a key. Do I have a case against the hotel?
In the United Kingdom, you have a case under the Occupiers’ Liability Act 1957 and the common law innkeeper’s duty if the hotel failed to take reasonable care to keep you safe and that failure contributed to the assault. In the United States, you have a case under each state’s premises-liability law and the common law innkeeper’s duty on similar terms. The key question is whether the hotel’s procedure for issuing keys was reasonable, whether the hotel knew or should have known of the risk, and whether the hotel’s failure caused the harm. The Travellodge case in Maidenhead is a real-world example. The basic principle is the same: a hotel that hands a stranger the key to a guest’s room has breached its duty to that guest.
What is the Occupiers’ Liability Act 1957?
The Occupiers’ Liability Act 1957 is the principal UK statute governing the duty of care owed by an occupier of premises to a lawful visitor. A hotel is an occupier. A guest is a lawful visitor. The Act requires the occupier to take such care as in all the circumstances is reasonable to see that the visitor is reasonably safe in using the premises for the permitted purpose. The Act is supplemented by the common law innkeeper’s duty, which in some respects imposes a higher standard on hotels.
How long do I have to bring a hotel sexual-assault claim in the UK?
The standard limitation period for a personal-injury claim in England and Wales, including a claim for sexual assault, is three years from the date the cause of action accrued under section 11 of the Limitation Act 1980. The court has discretion under section 33 of the Act to allow a claim to proceed out of time where it is equitable to do so. Sexual-assault cases are the kind of cases in which section 33 discretion is commonly exercised, but the discretion is not automatic, and bringing the claim promptly is far better than asking the court to forgive a long delay. For a Criminal Injuries Compensation Authority (CICA) application, the standard time limit is two years from the date of the incident, with discretion to extend in exceptional circumstances.
Can I sue a hotel in the United States if the assault happened in the United Kingdom?
The hotel’s duty of care and the survivor’s right to sue depend on the law of the place where the incident occurred. A UK case is brought under UK law, in a UK court, against the UK hotel (or its UK parent or franchisee). A US case is brought under US law, in a US court, against the US hotel (or its US parent or franchisee). We are a US firm and handle US hotel security cases. For a UK case, we can refer you to a UK firm that handles these cases. The legal principles are similar on both sides of the Atlantic; the procedural details are different.
What evidence do I need to prove the hotel was negligent?
The most important evidence is the survivor’s account (written down while fresh), the forensic medical examination (preserved DNA and injury documentation), the hotel CCTV footage of the key issuance (which is on a short retention clock and must be preserved promptly), the hotel key-card logs and property-management-system records, the hotel staff schedule and training records for the front-desk clerk on duty, the hotel’s written key-issuance policy, and any prior complaints or incident reports involving the same hotel, the same chain, or the same industry. The evidence must be preserved early. The first letter we (or any lawyer) send is a preservation letter to the hotel demanding that all of this material be saved.
Will the hotel’s insurer pay my claim?
In most cases, yes. Hotels carry public liability insurance that covers third-party injury claims by guests, including sexual-assault claims. The insurer will defend the claim vigorously and will try to settle at the lowest possible value, but the insurance is in place precisely to pay claims that the hotel cannot pay out of operating capital. The insurance tower is usually large enough to cover a substantial verdict or settlement in a serious case.
Can I sue the hotel chain’s parent company, not just the local hotel?
In the UK, you can sue the parent company where the parent assumed responsibility for the relevant activities — for example, by setting the key-issuance policy that the local hotel followed, by training the local hotel’s staff, or by holding itself out as the responsible party. The Supreme Court confirmed in Vedanta v. Lungowe [2019] UKSC 20 that a parent company can owe a duty of care to those affected by the operations of its subsidiary where the parent has assumed a measure of responsibility. In the United States, similar principles apply under theories of apparent agency, negligent training, and direct corporate negligence.
What if the attacker is convicted or acquitted in the criminal case?
The criminal case and the civil case are separate. A criminal conviction of the attacker is powerful evidence in the civil case against the hotel, but a criminal conviction is not required for the civil case to succeed. The civil case is brought on a lower standard of proof (balance of probabilities) and the hotel is being held to account for its own breach of duty, not the attacker’s criminal act. An acquittal in the criminal case does not bar a civil case. The two tracks are independent.
How much compensation can I expect?
In the UK, the value of a hotel sexual-assault case depends on the severity of the physical and psychological injury, the lasting impact on the survivor’s life and earning capacity, the cost of therapy and care, and the strength of the evidence against the hotel. Indicative UK general-damages range for a severe sexual assault with lasting psychiatric injury is £80,000 to £150,000+, plus special damages (medical costs, lost earnings, care costs). In the United States, the equivalent range is $250,000 to $2,500,000+, depending on the severity and the conduct of the defendant. A US case in which the hotel had documented prior warnings, ignored them, and the survivor suffered severe PTSD, lost her career, and required lifelong care, can reasonably expect a damages award well into seven figures. Past results depend on the facts of each case and do not guarantee future outcomes.
What if I was too drunk to consent? Does that change the case?
In criminal law, intoxication that prevents consent is a defence to consent itself. In civil law, intoxication does not change the hotel’s duty of care. The hotel’s duty to protect the guest from foreseeable harm is the same whether the guest was sober or intoxicated. If the survivor was visibly intoxicated and the hotel failed to take additional protective steps (such as a welfare check or a call to a designated contact), that failure is itself part of the breach. The survivor’s intoxication is not a defence to the hotel’s negligence.
How long does a hotel sexual-assault civil case take?
In the UK, a hotel sexual-assault case can take 12 to 36 months from filing to settlement or trial, depending on the complexity of the case, the court’s schedule, and the parties’ willingness to settle. Some cases settle within months. Some go to trial and take longer. The survivor’s lawyer should be candid with the survivor about the realistic timeline and should keep the survivor informed at every stage.
What does it cost to bring a hotel sexual-assault case?
For UK cases, most hotel sexual-assault lawyers work on a conditional fee agreement (CFA) — the UK equivalent of a contingency fee — under which the lawyer is paid a percentage of the recovery if the case is successful, and the survivor pays nothing upfront. For US cases, our firm works on contingency: 33.33% of the recovery before trial, 40% if the case goes to verdict, and no fee for the initial consultation. The first call is free. There is no fee for the preservation letter. There is no fee for our time until there is a recovery for the survivor.
I am a survivor in the United States. What should I do right now?
Call us at 1-888-ATTY-911. The call is free. The call is confidential. The call is to a live person, twenty-four hours a day. We will listen, we will tell you honestly what your options are, and we will move fast on the evidence if you decide to engage us. The first 72 hours matter. The first letter matters. The first call to the right lawyer matters.
I am a survivor in the United Kingdom. What should I do right now?
Seek medical care and a forensic examination first. The Sexual Assault Referral Centre (SARC) in your area can help. Report to the police if you choose to. Preserve any evidence you have — texts, emails, photographs, the name of the hotel and the staff member on duty. Contact a UK solicitor who handles hotel security cases. Your local Law Society can refer you to a specialist. Do not give a recorded statement to the hotel’s insurer without a lawyer present. And do not wait to act. The limitation period under the Limitation Act 1980 is three years, but the CICA application window is two years, and the evidence clock — particularly the CCTV — is measured in days.
The Page We Hope You Will Not Need
We hope you never need this page again. We hope the hotel you stay in tonight has a key-issuance procedure that requires the front-desk clerk to check identification, to call the room, and to refuse the key to anyone who cannot verify their relationship to the guest. We hope the chain that owns the hotel trains its staff, audits its franchisees, and treats the security of a guest’s room as the single most important thing the hotel does. We hope the industry that takes payment for a room takes responsibility for the safety of the person in the room.
For as long as the industry falls short, this page will be here. The legal framework is here. The evidence clock is here. The insurance playbook is here. The answers to the most common questions are here. And the phone number is here: 1-888-ATTY-911. Free consultation. No fee unless we win. Hablamos Español.
For US hotel sexual-assault and negligent-security cases, the work is ours. For UK cases, we will help you find the right firm. The work of getting justice for what happened to you is the same work in either country: read the law, preserve the evidence, find the right lawyer, and do not let the hotel’s insurer define the value of your case.
You trusted a hotel to keep you safe. The law says the hotel owed you that trust. The law has a remedy for the breach. The remedy starts with a phone call. The phone call is free.
1-888-ATTY-911
Free consultation. No fee unless we win.
Hablamos Español.
Ralph P. Manginello, Managing Partner. Lupe Peña, Associate Attorney.
The Manginello Law Firm, PLLC — d/b/a Attorney911 — Legal Emergency Lawyers™.
For more on premises-liability and negligent-security cases, see our law practice areas overview and our wrongful-death claim practice. If your case involves a commercial vehicle, our 18-wheeler accidents practice covers the federal regulatory regime that applies to negligent carrier cases. If the assault occurred in a workplace setting or in connection with work travel, our workplace accident and workers’ compensation practice areas may apply. To learn more about Ralph’s background, see his attorney profile; to learn more about Lupe’s background, see his attorney profile. When you are ready to talk, contact us and we will respond the same day.
This page is general legal information, not legal advice for your specific case. Past results depend on the facts of each case and do not guarantee future outcomes. The information on this page is accurate as of the publication date but the law and the facts may change.