Data Privacy Issues -Where is our data going?
18th November 2022
Is Data Protection good enough in the Hospitality Industry?
The hospitality, food and beverage, accommodation, transport, and entertainment industries are all areas and companies that have the need to obtain vital information from their customers. These are all stored electronically mainly in hotels, apartments, and restaurants taking guests’ personal data, security, name, number, email address, card details, and more. Collecting data from customers can help businesses to personalise the guests’ experiences and create the perfect unique inclinations to have the best services they can achieve. This sector is more likely to be an ideal target for cybercriminals looking to carry out credit card fraud and identity theft crimes.
Hotels and restaurants often have a complex ownership/stakeholder structure of a management company that runs the business, a separate owner or group of owners, and a franchisor. These complex ownership structures could result in breaches. For example, the Wyndham Worldwide breaches occurred in 2008 and 2010, and the perpetrators gained access to the entire corporate network of the organisation through an individual operating company. Here are some examples of it going wrong…
Where is it going wrong..
Hilton Data Breach
BBC News reported in 2017, Hilton Hotel had been fined $700,000 for misconducted data breaches taking place in 2014 and 2015. The first breach was founded in February 2015 and the second was uncovered in July 2015. The hotel decided to disclose information about these transgressions later that year in November 2015. It has been investigated that Hilton had taken a long time to let their customers know about the breaches and the hotel did not have sufficient security measures in place.
In 2018, the GDPR regulation was introduced by the EU as an important legislation. Their goal is to increase the control of personal information by enhancing different and new regulations for the industry.
Expedia Data Breach
Expedia Group communicated that approximately 880,000 payment cards had been affected by a security transgression that likely could have revealed their customers’ personal information to online hackers.
The travel agent website insisted an investigation would be carried out, uncovering a potential hacker ceasing the personal information of customers who made a booking on their website between 1st January 2016 and December 22nd 2017.
Which one would you click??
Which one did you click??
People often click the green one as it’s the easy option but sometimes not always the right option…
Privacy hasn’t been around for so long, today’s generations are the early adopters of the idea, especially when it comes to data privacy. Websites collect personal information by making a record of your computer’s ID and your Internet Protocol (IP) address. These are unique to your computer and can be traced back to you!
How does it affect the hospitality sector?
Studies show that only 1% of people read the terms and conditions, leaving most of the population unaware. Hotels can access a lot of personal information such as manual data capture upon check-in or check-out, data capture during the booking process, data capture via email marketing, and more. Perhaps one of the least expected forms of data collection is that they can see what a client is up to while connected to the Wi-Fi.
Taking into consideration this idea of how consent works, iPhone for example, when an update is issued, the user has the following options either to agree, download or email the terms and conditions.
This poses the question, how can I really consent? If I don’t have the option to disagree?
For example PayPal a company used the app to move money around, its terms and conditions are over 62 thousand words long, longer than Hamlet! This is quite common. Since 2002 Europeans have had to legally consent to all cookies.
People have gotten so used to agreeing and proceeding that even the chairman of the FTC one of the world’s largest data privacy consultants firms Jon Leibowitz states “we all agree that consumers don’t read privacy policies”.
5 Top Tips to help you!
- Employees training
- Keep the devices and systems up-to-date
- Back up data regularly
- Communicate immediately with customers
- Restrict access to personal information
A really interesting blog article. I mindlessly press the agree button without thinking what data I’m giving away. I will now think twice about pressing the agree button when entering a site. As consumers is there anything else we can do to protect our data?
Thank you for your comment, Ellie!
With regard to what you could do to protect your data as a consumer, we would suggest that you make sure that the website you are on is reliable and do not give your personal information away so easily.
I have really enjoyed reading your blog and feel more informed about data privacy issues and I have definitely reconsidered how I share and give my own personal data away.
I am really interested to see what types of training you think would be useful for staff in this industry.
We are pleased to hear that you enjoyed our blog. We appreciate your comment! There are many training options for staff in the hospitality industry to learn about data privacy: Staff training software, online courses, and data security training that teach employees best practices that can protect their guests’ data from breaches and theft.
Really interesting read! Although I still think i would just agree to the T&Cs without reading them, it’s just too long to read through! Could you suggest software to help keep us safe from data leaks?
Thank you for your comment and question! I could not agree more with what you mentioned about the T&Cs.
UpGuard is one of the useful software that offers complete data leak prevention and detection capabilities through specialised data leak detection techniques and continuous attack surface monitoring.
Very insightful, would now be more mindful on how I use my data.
Thank you, Abby! Yes, it is extremely important for all of us to be careful where is our data going.
Very interesting and shamefully not something that I have given enough thought to. However I do think some of that is due to not having the option to disagree when entering a site, you are almost forced to agree. This is definitely food for thought going forward.
Hi Michelle, thank you for your comment! We agree that we are not having the option to choose to disagree with the T&Cs. Yes, it is a huge challenge for the future to be considered and improved.
Great blog, makes you sit up and think what you’ve agreed to when routinely clicking ‘I consent’. I can honestly say I have never read a complete T&Cs and often think they are purposefully long so as to put off people reading them.
Thank you, Jim! Yeah exactly, they have worked quite hard to put you off, for example, the off putting colours, small fonts, the use of unusual and hard to understand vocabulary.
It’s all done to keep us hoping that they are fundamentally good.
This is a really interesting blog to read that explores a critical contemporary issue! It’s made me rethink what data I should be giving out when agreeing to terms and conditions. I did not realise that these big data breaches are occurring in hospitality brands such as Hilton Hotel! This is definitely an important issue which hospitality businesses need to consider more closely.
Hi Molly, thank you for your comment! It is great to hear that our blog made you reconsider what data you should be giving away when agreeing with the T&Cs. Yes, there are a lot of serious data breaches in the hotel industry and it is very important for them to have effective software and training for the employees!
This is an interesting read, it really makes you think how quick we press that green button without reading further. You would not think these larger hospitality venues would be allowed to get away with this. Thank you for educating us. I will ensure I read the T&C’s in future.
Thank you, Carla! There are web sights dedicated to reading T&C. Perhaps instead of reading the full T&C, you can find out what exactly affects you in half the time.
I believe that most of what is said in terms and conditions are filler to hide some of the more valuable points.
Some browsers like Brave automatically disable cookies, and different search engines do different things with your data. Duck duck go is one of the best.