If you’ve been reading past OpenKey articles, you know we’ve already touched on a few important areas concerning hotels and guest data:
- Make sure you have cybersecurity measures in place.
- Use guest data to improve hotel marketing and/or to personalize the guest experience.
- If you serve European guests, be sure to follow the new GDPR (General Data Protection Regulation) protocols beginning May 25th.
Since the collection, storage and use of hotel guest data is such a sensitive topic – yet, potentially, so incredibly beneficial to your business – we thought a summation was in order.
Are You Cybersecure?
Before you get serious about collecting guest (and potential guest) data, experts insist you have processes in place to ensure that data is collected, stored and used in a safe and secure manner. The hospitality industry is traditionally among the top five industries breached every year – likely because personal and payment information is such an important part of our business.
As a helpful resource for hoteliers, OpenKey (with the help of Armor, a cloud security and compliance company) has compiled a printable cybersecurity checklist – a great starting point for hotel operations and IT departments to ensure proper security measures are in place, from network vulnerability to Wi-Fi security to employee training.
Aside from hardware and software solutions, your employees are key to successful and secure data protection. Since the majority of data breaches are initiated by hotel staff, there are a number of important steps you need to consider:
- Train well and instill a culture of security from the top down.
- Assign one executive to be responsible for cybersecurity and make sure he or she has the necessary technical know-how.
- Reduce data theft and corruption by adding accountability.
- Limit access to vital hotel data to a select number of employees.
- Assign unique login credentials to each employee, mandate regular password changes and quickly deactivate credentials when employees leave.
Are You Following Legal Regulations & Standards?
Beginning May 25th of this year, the new data protocols established by the European Union relating to European companies and individuals go into effect. That means, if your hotels don’t meet these new standards, regardless of location, your hotels may be penalized up to 4% of the company’s annual global turnover, or more than $24 million USD (€20 million Euros).
In addition, every business that handles credit card information (including storing, processing and transmitting cardholder data) must be PCI compliant, meaning you need to host your data securely with a provider that meets the PCI DSS, the Payment Card Industry Data Security Standard. This standard covers 12 central security areas – the minimum level of security measures organizations must put into effect. Although PCI compliance involves an agreement with banks, and certain elements have been incorporated into state laws, the responsibility for breaches, and the possibility of significant financial penalties, ultimately falls upon the hotel.
As with PCI compliance, any business that fails to protect personally identifiable information (PII) – names, email addresses, dates of birth, phone numbers, etc. – risks a similar penalty, not to mention a big hit to its reputation.
Use Guest Data Wisely
The irresponsible collection, storage and use of hotel guest data can cost a hotel millions of dollars, thousands of guests and a life-long reputation problem. So, make sure you have the proper cybersecurity measures in place, train your employees well and follow all the latest regulations and standards, both in the United States and in Europe.
If you gather and use this data wisely, safely and legally, you give your hotel the opportunity to market more efficiently and effectively, build a better brand and provide an improved hotel guest experience.