Avoiding a hotel data breach by adopting good data security practices

How a hotel data breach can be avoided

Data Security

Ann Sellar
November 14,2019
0 Comments

Any company, large or small is at risk from a data breach.

Those who deal with large amounts of personal data are at greater risk and as such must have robust data protection practices in place.
Once such sector is the hotel industry. Hotels capture highly sensitive information such as passport details, credit & debit cards as well as information such as home address and date of birth. This makes the industry an attractive target for hackers. The hotel industry has to work hard to prove to customers that their personal data is secure.

Example of a major hotel data breach

Global hotel Marriott have recently been fined for a significant data breach. The hotel is the third biggest hotel chain in the world and own over 5,000 hotels worldwide in 110 countries.

Marriott’s ICO fine was significant as the organisation was accused of not conducting due diligence and breaking privacy laws during the acquisition of Starwood Hotels. The purchase took place in 2016 but the breach was not reported until 2018. It compromised the personal data of 339 million, including data of around 7 million Brits. The organisation was fined almost £100 million.

Ensuring robust data protection processes

Whilst it may be primarily electronic data that needs to be encrypted and protected against hackers, within the hotel environment, especially amongst smaller hotels, there may still be a strong reliance on paper records. As such, a robust shredding process is essential to ensure that customer paper data is protected against a potential breach.

Securing Electronic Data

Hotels must also ensure their IT systems are protected to avoid electronic data being compromised. Today, many customers choose to book their stay online. Firewalls, encryption are essential, as are regular updates to IT security systems. Many data breaches happen without the company being aware. Hackers act overseas which can make the breach even harder to trace. As such, the industry needs to ensure they know where data is stored and how it is moved both inside and outside hotels.

Third Parties

Another instance where hotel data is at risk is from third parties. Travel agents and external booking systems are all data partners that could potentially expose data.

The importance of staff training

It is also vital that all staff are aware of how significant a data breach can be, both in terms of a hefty fine (up to 4% of turnover) and in terms of reputation. As human error is one of the major causes of a data breach, simply having a policy staff can follow, along with regular training is often enough to avoid a hotel data breach. Hotels also tend to have high staff turnover rates which means that new staff may untrained in how to handle data.

If you need help adopting robust data protection practices, then speak to the experts at The Shredding Alliance for advice.