Tag Archives: Guest Information

Hospitality Industry Technology Solutions: Hotels Increase Collection Of Guest Information With Social Media & Surveys To “Upgrade The Experience”

“…Like other luxury hotels, the Peninsula collects a cache of information about its customers, which is stored in a guest-preference database. Hotel Technology SolutionsBut it’s done with only one purpose: to upgrade the experience. It contains information about your favorite food, your preferred room and what side of the bed you sleep on…Experts will tell you it’s unfair to compare a hotel with a few hundred guests with a chain with tens of thousands. Maybe, maybe not. La Quinta Inn & Suites recently used a feedback-management platform to harvest information through social media and surveys to determine what guests thought of its breakfasts, which are included in the price of their stay…”

Airlines, car rental companies and hotels ought to spy on their customers more often. Collecting information about you to improve customer service — and only for that purpose — could return the American travel business to greatness.

That’s no coincidence, says Offer  Nissenbaum, managing director of the Peninsula Beverly Hills. “If you collect all the little details,” says Nissenbaum, “you can meet and exceed a guest’s expectations.”

Actually, figuring out which side of the bed you sleep on seems to be one of the hottest data points in the hotel business. The Ritz-Carlton, which also delivers  above-and-beyond service, notes your preferred side, says spokeswoman Allison Sitch. Why? Because that’s  where the staff will place a water bottle and other amenities, which means a lot when you roll out of bed in the morning.

The volume of data being collected by luxury hotel chains such as Ritz-Carlton or Peninsula might make an NSA agent blush. But the hotels gather it unapologetically, “as long as the data is being used to make the customer happy,” says Sitch.

The insights were sent directly to front-line employees and managers  for their feedback. La Quinta responded by adding signs and more prominently displaying the healthy foods they already offered, and customer approval rose.

For more:  http://www.usatoday.com/story/travel/2013/11/24/airline-car-rental-hotel-traveler-surveillance/3692017/

Leave a comment

Filed under Guest Issues, Management And Ownership, Risk Management, Technology

Hospitality Industry Cybercrime Risks: Criminal Hackers Target Hotels Lacking “Advanced Data Security Safeguards” On Local Credit Card Transactions; “Chip-And-Pin Cards” Coming Soon

“…criminal hackers gravitate to some hotels because, like retail stores and restaurants, hotels do many credit card transactions at a local level, where centralized and highly sophisticated data security safeguards may be lacking…Most hotels are locally owned, though managed by big Cyber Risk Insurance Graphichotel chain companies. For hotel owners, it is expensive to come into full compliance with the tough global data security criteria set by the credit card companies…That includes using complex passwords, being wary of public Wi-Fi, updating antivirus software — and checking credit card statements carefully…”

“…In the United States, credit cards use magnetic strips that are more vulnerable to hacking than the electronic chips embedded in credit cards in Europe and elsewhere. Such cards also require entry of a PIN…these so-called chip-and-PIN cards are headed our way, said Kathy Orner, vice president for information security at Carlson Rezidor, a worldwide hotel company that is among the industry leaders in data security…all of the major credit card issuers plan to start introducing these cards in the United States within two or three years…”

In its 2013 Global Security Report, Trustwave, a data security management firm, says that the top three industries targeted for data breach attacks in 2012, measured by the number of its investigations, were retailing (45 percent), food and beverage (24 percent) and hotels (9 percent). Three years ago, the hotel industry was at the top, but hotels have since made “significant strides” in improving credit card security measures, the report says.

Last year, for example, the Federal Trade Commission sued Wyndham Worldwide, the hotel chain, for what it said was inadequate safeguarding of credit card information that led to three data breaches at hotels in under two years, with “millions of dollars in fraud loss, and the export of hundreds of thousands of consumers’ payment card account information to an Internet domain address registered in Russia.”

The threat is constant, Mr. Roman said. “The best protection is vigilance, and that takes work,” he said.

For more:  http://www.nytimes.com/2013/09/03/business/data-security-begins-with-the-traveler.html

Leave a comment

Filed under Guest Issues, Insurance, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Hospitality Industry Data Security Risks: Hotels Are At Significant Risk Of “Large-Scale Hacking” Of Guest Personal Information, Including Information In Reservation Systems

“Data security is becoming an issue of significant importance in the hospitality industry…(because of) an increase in hacks and malware attacks, which frequently target hotel systems because they’re a rich source of cybercrime in hotelspersonal information… hackers aren’t just targeting data on hotel systems but also the information passed along to reservations systems…credit card theft is much easier — and more likely — through large-scale hacking…another reason hotel guests are vulnerable to having their personal information stolen: They’re easily distracted.”

Several days after Traci Fox visited a small independent resort in the Catskill Mountains, she received an unexpected call from a shoe store. Where did she want it to ship the $400 worth of pricey sneakers that she’d ordered?

Fox believes that her hotel may have compromised her credit card information. At least one government agency shares her concerns. Last summer, the Federal Trade Commission sued Wyndham Hotels, alleging that the company had failed to protect its customers’ personal information. As a result, the FTC claims, hundreds of thousands of credit card numbers fell into the wrong hands, leading to millions of dollars in fraud-related losses. Wyndham denies any wrongdoing and is fighting the suit.

The problem may run deeper than the theft of credit card numbers, however.

The personally identifiable information in your guest profile, such as your home address, your license plate number and your date of birth, which is attached to your reservation, can end up in the hands of a third party that offers little or no warranties about how it will protect your data. “These kinds of areas are more worrisome than some huge Visa bill,” says hotel consultant Marion Roger. “Once your identity has been cloned, you can easily spend years and hundreds of thousands in legal and other fees.”

For more:  http://www.washingtonpost.com/lifestyle/travel/the-navigator-when-you-check-in-your-private-information-may-be-checked-out/2013/03/28/07cb90ca-9599-11e2-bc8a-934ce979aa74_story.html

Leave a comment

Filed under Crime, Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Hospitality Industry Information Security Risks: Hotels, Restaurants And Retailers Accounted For 78% Of “Data Breaches By Cyber-Criminals” In 2012; “Weak Or Guessable Passwords” Is Most Common Vulnerability

“…Almost one-third of all victims had critical systems administered by a third party…Attackers had no trouble exploiting that weakness, with vulnerable remote-access systems accounting for the method of entry in 47 cybercrime in hotelspercent of the cases…in most cases, users – not software vulnerabilities – were to blame. Almost 90 percent of systems had weak or easily guessable passwords, with “Password1″ continuing to be the most common, according to Trustwave’s report…”

An analysis of breach data for 2012 found that retailers and the hospitality industry continued to command the most interest from cyber-criminals, accounting for 78 percent of the breaches documented by security services firm Trustwave.

The businesses are typically easy targets, having outsourced the administration of important servers and business data to firms that focus more on keeping the systems functioning than on security, says Christopher Pogue, director of digital forensics and incident response for Trustwave’s SpiderLabs.

“An integrator may have 1,000 customers and may do remote administration for all of them using, not 1,000 passwords, but maybe two or three,” Pogue said. “That leaves a vulnerability that can be exploited by attackers.”

For more:  http://www.techweekeurope.co.uk/news/retailer-hotel-crime-107589

Leave a comment

Filed under Crime, Liability, Maintenance, Management And Ownership, Privacy, Risk Management, Technology, Theft

Hospitality Industry Legal Risks: Hotel “Mobile Applications” Must “Post Privacy Policy” Allowing Guests To “Access And/Or Request Changes To Personal Information”

“…In the case of an online service, “conspicuously posting” a privacy policy requires that the policy be “reasonably accessible…for consumers of the online service…the consumer (must be able) to access or request mobile technologychanges to personal information, (and) the operator of the site will notify consumers of changes, and the effective date of the policy..”

Hotel companies are actively entering the mobile application space as a means of gaining market share and solidifying guest relations. In addition to online travel agents like HotelsbyMe.com, a number of brands including Omni, Choice and Starwood have developed mobile applications. However, as mobile applications gain popularity, hotel companies should consider how privacy and security laws will impact how they can use those applications.

For companies with operations in California, that issue was highlighted on December 6, 2012, when the California Attorney General filed a lawsuit against Delta Airlines for failing to include a privacy policy with a smartphone application. The lawsuit, the first of its kind, alleges that Delta violated California law requiring online services to “conspicuously post its privacy policy” by failing to include such a policy with its “Fly Delta” mobile application.

The California online privacy law

In 2004, California enacted the California Online Privacy Protection Act (“CalOPPA”). This law requires operators of websites and online services to “conspicuously post” privacy policies about the personal information that is collected, how the consumer can access or request changes to personal information, how the operator of the site will notify consumers of changes, and the effective date of the policy.

In the case of an online service, “conspicuously posting” a privacy policy requires that the policy be “reasonably accessible…for consumers of the online service.”

CalOPPA does not define an “online service” or mention “mobile” or “smartphone” applications, likely due to the fact that in 2004, smartphones and mobile applications were just being developed. However, the California Attorney General considers any service available over the internet or that connects to the internet, including mobile apps, to be an “online service.”
For more:  http://www.hotelnewsresource.com/article68597Hotel_Lawyer_on_How_New_Privacy_Law_Enforcement_May_Affect_Your_Mobile_Apps_Used_in_Marketing_.html

Leave a comment

Filed under Guest Issues, Liability, Management And Ownership, Privacy, Risk Management

Hospitality Industry Legal Risks: “Data Breach Class-Action Lawsuits” Are Increasing As Judges Widen View To Include “Future Damages”; Average Settlements Of $2500 Per Plaintiff

“…Until a couple of years ago, courts would routinely dismiss lawsuits stemming from data breaches, such as the latest in South Carolina, unless the victims could show specific damages. Judges have since widened their view and are awarding class-action status to lawsuits that can show actual damages or a real possibility of future damages…”

The payout for companies on the losing side of a class-action suit can be substantial. A recent survey of data breach litigation found the average settlement award of $2,500 per plaintiff, with mean attorney fees reaching $1.2 million, according to a study by Temple University Beasley School of Law.

How federal courts define the damages people suffer from data breaches is broadening dramatically, leaving unprepared companies at greater risk of big payouts in class-action lawsuits, lawyers from a prominent law firm say.

Jeffrey Vagle, a lawyer with Pepper Hamilton, described as a “sea change” judges’ thinking. “Courts are starting to pick up on the fact that the data that can get out there can cause serious harm, maybe not immediately, but sometime in the near future,” Vagle said.

Examples include a case in which a laptop containing unencrypted personal data of Starbucks employees was stolen. While there was no evidence that the data was misused, the Ninth Circuit Court ruled in 2010 that the risk alone was enough to warrant a lawsuit, Vagle and colleague Sharon Klein said in a Client Alert published on the law firm’s website.

Data breaches have become a fairly common occurrence among companies of all sizes. Last year, 174 million data records were loss in 855 separate incidents, according to a recent report from Verizon. A 2011 Ponemon Institute survey of 583 IT and IT security professionals in the U.S. found that 90 percent of the organizations they represented had suffered at least one data breach.

To lessen potential damages, Pepper Hamilton recommends beefing up technical and physical security wherever possible. While no technology is 100% hacker proof, courts tend to compare what a company has in place to what is considered best practices for businesses of the same size and in the same industry. Taking all reasonable steps to prevent data theft can lessen damages.

Also, information shouldn’t be linked to individuals, unless absolutely necessary, and a notification policy needs to be in place, so people affected by data breaches are warned as quickly as possible.

A bill pending in Congress would set a national standard for data breach notification, replacing the variety of state laws that exist today. Introduced in June, the Data Security and Breach Notification Act would also set maximum damages and define what is considered a breach.

Irrespective of the bill’s fate, companies need to establish clear policies and procedures for handling data breaches when they occur. Klein recommends a dry run to ensure that everyone understands the steps that need to be taken.

“Many companies still believe that it only happens to the other guy,” Klein said. “And because of that, [they] have not done the blocking and tackling and preventative work upfront.”

For more:  http://m.csoonline.com/article/720128/courts-widening-view-of-data-breach-damages-lawyers-say?goback=.gde_922967_member_180838402

Leave a comment

Filed under Claims, Crime, Guest Issues, Insurance, Liability, Management And Ownership, Risk Management, Theft

Hospitality Industry Information Security Risks: Report Shows “Computer Password Theft” Has Increased Dramatically As Users Fail To Make Complex Passwords; Cybercrime Now Totals $110 Billion Annually

“…Only about half of computer users make complex passwords for themselves…In the first six months of 2012 alone, hackers stole over 30 million passwords on hacks of just three online services: eHarmony, Zappos and lawyer-friendly LinkedIn. Another recent survey, unconnected to the Norton survey, concurrently found that password theft is up 300 percent in 2012…”

The 2012 Norton Cybercrime Report is now out and it points to an incomprehensible laziness on the part of American computer users when it comes to using passwords.

According to this report, nearly three-quarters of adults have been the victim of a cybercrime (averaging a little under $300 per incident), totaling over 70 million people. The worldwide annual total of cybercrime is estimated at $110 billion.

That is coupled with two other problems: people use the same password for multiple functions, and people use passwords that are, in and of themselves, too simple.

The Norton survey was conducted with 13,000 adults in 24 countries. It found that nearly half of those responding do not use a password that combines phrases, letters, numbers, capitalized letters, lower case letters and symbols, which create complex passwords that are far more difficult to hack than passwords that do not have those things.

The survey showed that nearly a third of all respondents have been notified by an email service, social network, or bank to change their passwords. The bank figure—13 percent––is particularly alarming, implying that nearly one in eight people have had their bank account passwords compromised.

Seventeen percent of people store passwords to other accounts inside another password-protected account. Once one password is stolen, the keys to those other accounts are included.

More? A report out the last week of September found that one in 10 people had “1-2-3-4” as their four digit password. My guess is that a substantial number also have “1-1-1-1” and “0-0-0-0” as well.

For more:  http://www.akronlegalnews.com/editorial/5202

Leave a comment

Filed under Crime, Guest Issues, Insurance, Maintenance, Management And Ownership, Risk Management