How Safe Is Your Personal Data at Your Favorite Hotel?

April 17, 2018 | rjmcgarvey | Consumer affairs, InfoSec, Travel

 

By Robert McGarvey

 

All of us are atwitter about perceived loss of privacy when it comes to the acres of our thoughts, photos, outbursts that we have posted to Facebook and which, apparently, could be harvested by third party buyers.  

But just maybe business travelers have a much bigger worry that should consume them: the safety of their personal data that is in the hands of the hotels where we sleep.

“Bigger?” Yes, definitely.

And that is not to minimize the size of the Facebook mess.  If you want to see how to check what data Facebook has on you – just about everything you’ve done since you signed up – and with whom it has shared much of it – just about anything with a checkbook – read Brian Chen’s NYTimes piece on this.  It’s quite easy to check and, in my case, I got my file from Facebook literally a few minutes after requesting it.  I’m not a terribly prolific Facebooker – your mileage may vary. Did I see anything that made me sick? Nope, but I have always been prudent about what I posted to Facebook, mainly because I understood that the business model of the free Internet services is to harvest user data and sell it to marketers and fellow travelers.  That is baked in. I am not sure there is a way around it. (Read my 2000 interview in MIT’s Technology Review with Google’s founders.)

Back to your hotel worry. Hotel lawyer Jim Butler wrote this: “Protecting guests’ information (and employees’ information) from hackers is one of the biggest business challenges faced by hotel owners today. ”

Hotel breaches have been epidemic in recent years.  Here are many accounts.  

Traditionally the focus have been on theft by hackers of information involving credit and debit cards used at hotels – and bars, restaurants and gift shops have been notoriously porous, so have loyalty programs – but what if the bigger concern is, well, your private info?

You check into the hotel.  You watch four hours of porn (maybe there’s a Stormy Daniels festival?). Drain the minibar’s Scotch.  Get in a loud, verbal argument with security over the volume of your TV. Maybe you go full gonzo and you use the in-room phone call up a local escort service for a little company.

Okay, that’s not you, nor me, but I have known business travelers who have done pretty much all of the above.

Here’s the rub: a good hotelier gets good by noting and collecting guest preferences.  I have a friend who told me he swore by Four Seasons because he personally dotes on very soft pillows, hates wool anything, and doesn’t like a bed covered with decorative pillows. Apparently Four Seasons noted his interests because as he traveled from city to city whatever Four Seasons he checked into knew his preferences and of course if he were forced into, say, a Ritz Carlton, they didn’t. And he grumbled accordingly.

Just how safe is that kind of data?  Could clever hackers find it?

All that kind of data is what data scientists call big data. And big data has emerged as a key to delivering us the personalized services we want without us having to ask.

Understand: credit card data falls under specific federal guidelines. It has to be handled with deliberate care.

That’s not necessarily so regarding guest preference data – big data – and a lot of it is not encrypted, not put under a meaningful lock and key.

Front Desk anywhere, in a blog post, noted: “For too long, the hotel sector has been viewed as a soft target by hackers seeking to steal guest data. While some hoteliers take guest data security seriously, there are still too many operators using inadequate technology and processes to fully protect data.”

Some hotel groups in fact promise to do a good job protecting your data. Here’s the Accor policy : “Confidentiality and security: We will ensure reasonable technical and organizational measures are in place to protect your personal data against alteration or accidental or unlawful loss, or unauthorized use, disclosure or access.”

Word of caution: ask at the hotels where you stay what the policies regarding guest preference data storage.  Be clear: we are not talking about credit cards. We’re talking about bedding and the many other little things that when they are done our way make a hotel stay much more comfortable.

The EU, incidentally, has a get tough attitude about data privacy.  Many companies that do business in Europe say they have brought those policies here.  And maybe some actually have.

If you have doubts about your data, ask and keep asking.

Personally, I want hotels where I stay often to remember me and to provide my preferences unasked. That’s what great hoteliers have always done and today’s big data tools make it easier to collect and share the random bits of information that shape who we are as a hotel guest.

I am all for that, when the data are shared within the hotels where I frequently bunk.

I just don’t want hackers to know what kind of pillows I like. 

Would you?

 

Leave a Reply

Your email address will not be published. Required fields are marked *