Guest Privacy - It's Your Business
Traditional Obligation of Hotels to Provide a Secure Environment
By Robert E. Braun Partner, Jeffer Mangels Butler & Mitchell, LLP | December 23, 2018
On a basic level, the hospitality business is simple – as is often said, it amounts to putting heads in beds. But finding the heads to put in the beds is a complex process and requires hotel companies to find out a great deal of information about their guests. Gathering and processing that information provides not only opportunities, but creates obligations, one of the most basic of which is ensuring the security of guests' personal information.
That obligation has become increasingly complex due both to the vulnerability of hotel companies to breach, and the enactment of laws and regulations, worldwide, that impose additional burdens on hotels – the EU's General Data Protection Regulation, California's Consumer Privacy Act, as well as industry developments have further heightened the concerns with guest privacy and security
This focus must be seen in the context of two key issues: first, that hotels collect large amounts of data from their guests, both directly and through third parties; and second, that the hospitality industry has a checkered track record in protecting personal information. Both these demand that the hospitality industry take a renewed focus on data security
Hotels and hotel companies collect tremendous amounts of information, directly and through others, including vendors, credit card companies, websites, use of wifi and other systems. The fact that hotels are increasing reliant on technology – and responsive to guest demands for increased connectivity – increases both the amount of information and the risk involved in collecting and processing information.
The increasing incorporation of technology into hotel operations can lead to more breaches. Hotels are seemingly in a race to become more innovative – consider the trend to allow guests to bypass the need to go to the front desk by using their mobile devices to select a room, check-in, receive texts when their room is ready, and even unlock the door to their room. Guests are encouraged to use mobile devices to customize their stay by requesting items, ordering room service, planning activities, or purchasing upgrades. Not only does this trend increase the likelihood of a breach by adding new access points to the system; these programs collect even more data, making a hotel breach more valuable.