Cybersecurity: Proactive Practices to Reduce Risk
By Jack Hobaugh Shareholder, Brownstein Hyatt Farber Schreck | December 2023
This article was co-authored by Luke Glisan, Shareholder, Brownstein Hyatt Farber Schreck , and Christine Samsel, Shareholder, Brownstein Hyatt Farber Schreck
With every reservation and every check-in, hotels collect consumers' personal information.
Data may be collected at multiple points, including a hotel's website and app.
The data is not only useful in ensuring a smooth and pleasant stay for guests, but also for marketing and loyalty programs that keep customers coming back.
Over time, the amount of data collected by a single hotel is significant, and the amount of data collected by a hotel chain can be enormous. This article discusses cybersecurity measures that hotels can put in place to protect data, as well as policies and cybersecurity training designed to keep information security an ongoing priority for hotel staff.
The Basics of Data Protection
The industry standard for protecting personal information is the implementation and maintenance of appropriate physical, administrative and technical security measures to protect the confidentiality, integrity and availability of the personal information. Such reasonable security measures can be outsourced or handled by an internal team of cybersecurity professionals. Good data hygiene also requires solid policies and procedures applicable to employees and contractors as part of an information security management system (ISMS), along with at least annual training on those policies and procedures.