Data Privacy Issues -Where is our data going?
18th November 2022
Is Data Protection good enough in the Hospitality Industry?
The hospitality, food and beverage, accommodation, transport, and entertainment industries are all areas and companies that have the need to obtain vital information from their customers. These are all stored electronically mainly in hotels, apartments, and restaurants taking guests’ personal data, security, name, number, email address, card details, and more. Collecting data from customers can help businesses to personalise the guests’ experiences and create the perfect unique inclinations to have the best services they can achieve. This sector is more likely to be an ideal target for cybercriminals looking to carry out credit card fraud and identity theft crimes.
Hotels and restaurants often have a complex ownership/stakeholder structure of a management company that runs the business, a separate owner or group of owners, and a franchisor. These complex ownership structures could result in breaches. For example, the Wyndham Worldwide breaches occurred in 2008 and 2010, and the perpetrators gained access to the entire corporate network of the organisation through an individual operating company. Here are some examples of it going wrong…
Where is it going wrong..
Hilton Data Breach
BBC News reported in 2017, Hilton Hotel had been fined $700,000 for misconducted data breaches taking place in 2014 and 2015. The first breach was founded in February 2015 and the second was uncovered in July 2015. The hotel decided to disclose information about these transgressions later that year in November 2015. It has been investigated that Hilton had taken a long time to let their customers know about the breaches and the hotel did not have sufficient security measures in place.
In 2018, the GDPR regulation was introduced by the EU as an important legislation. Their goal is to increase the control of personal information by enhancing different and new regulations for the industry.
Expedia Data Breach
Expedia Group communicated that approximately 880,000 payment cards had been affected by a security transgression that likely could have revealed their customers’ personal information to online hackers.
The travel agent website insisted an investigation would be carried out, uncovering a potential hacker ceasing the personal information of customers who made a booking on their website between 1st January 2016 and December 22nd 2017.
Which one would you click??
Which one did you click??
People often click the green one as it’s the easy option but sometimes not always the right option…
Privacy hasn’t been around for so long, today’s generations are the early adopters of the idea, especially when it comes to data privacy. Websites collect personal information by making a record of your computer’s ID and your Internet Protocol (IP) address. These are unique to your computer and can be traced back to you!
How does it affect the hospitality sector?
Studies show that only 1% of people read the terms and conditions, leaving most of the population unaware. Hotels can access a lot of personal information such as manual data capture upon check-in or check-out, data capture during the booking process, data capture via email marketing, and more. Perhaps one of the least expected forms of data collection is that they can see what a client is up to while connected to the Wi-Fi.
Taking into consideration this idea of how consent works, iPhone for example, when an update is issued, the user has the following options either to agree, download or email the terms and conditions.
This poses the question, how can I really consent? If I don’t have the option to disagree?
For example PayPal a company used the app to move money around, its terms and conditions are over 62 thousand words long, longer than Hamlet! This is quite common. Since 2002 Europeans have had to legally consent to all cookies.
People have gotten so used to agreeing and proceeding that even the chairman of the FTC one of the world’s largest data privacy consultants firms Jon Leibowitz states “we all agree that consumers don’t read privacy policies”.
5 Top Tips to help you!
- Employees training
- Keep the devices and systems up-to-date
- Back up data regularly
- Communicate immediately with customers
- Restrict access to personal information