Better Safe than Sony'd

Order a reprint of this story
Close (X)

ORDER A REPRINT

To reprint an article or any part of an article from Hospitality Upgrade please email geneva@hospitalityupgrade.com. Fee is $250 per reprint. One-time reprint. Fee may be waived under certain circumstances.

SEND EMAIL

March 01, 2015
Data Privacy
Marion Roger

To protect, to detect and to be prepared.

Everyone makes New Year’s resolutions and getting healthy and fit probably topped many a list. On a corporate level we want to increase revenues and grow profits; but this year a new one appeared: a daily cyber-workout. 


This is not about how to lose weight online. This is about “keyboard crunches.”  There is a small innocent enough button labeled delete on the top corner of your keyboard and I’ve been giving it a real workout lately, pressing it hard and often. Moving relentlessly backward over what now seems like a million emails from 2014 I am filing, fretting, fussing and furiously killing off as many words as I birthed.

A good cyber-workout trainer asks key questions like “Do we need to keep this for any business or legal reason?  Were you clear or is this open to misinterpretation?” No matter how I reply, or who does it, the cyber-workout routine looks the same:  Delete … delete … delete!

This isn’t because I suddenly woke up as an efficient, very busy executive trying to get out from under the sluggishness caused by my over-loaded inbox. Rather, it was born from the collective reaction to a line I delivered in a recent data protection seminar: “Better safe than Sony’d!”

Given Amy Pascal’s ultimate demise (the Sony co-chair resigned early February as fallout of the breach) there may be a few C-suite readers of this article whose idea of what being “Sony’d” means is not the same as the one I intended. Nonetheless, no matter what your interpretation of the term “Being Sony’d,” is, one thing is certain: we can no longer play ostrich.
  
We all vicariously gaped at the way those temperamental titans typed and smugly thought “they got what they deserved.” But Sony reflects a tipping point for our society as well as our economy.  If you thought the story was about the adolescent nastiness their hacked email systems exposed (oooh, Angelina Jolie!) or that Pascal was forced out by her racist persona, you are missing the point: The real story is the degree of vulnerability to exposure the hack underscored and the ultimate absence of privacy.
 
As always, many are lined up ready to assign blame to Sony for their systematic failure in adopting a security culture, but that is tantamount to saying a rape victim “asked for it” by wearing a sexy outfit. “A crime is a crime,” said Attorney James Baker (former White House counsel) now General Counsel for the FBI. He made this point at a town hall session on data protection hosted by the Online Trust Alliance in early February.

Many of us think OTA means Online Travel Agent. Others think of the Open Travel Alliance. You read it here first: the latest iteration of OTA translates to the Online Trust Alliance. OTA is one of many entities that participated in Data Protection Day 2015, an international event held during the last the week of January to raise awareness and promote data privacy education. They have taken a leadership role hosting numerous town hall meetings around the country to help businesses enhance their data protection and be prepared for a data breach incident.
 
Amazingly there were fewer than 60 of us sitting intimately with Commissioner Julie Brill from the FTC, Travis LeBlanc, Chief Enforcement Officer at the FCC and Baker of the FBI during the Washington, D.C., OTA event. Sony was the story.  Many believed the walls of Hollywood’s studies are impenetrable. Peter Bart, the veteran production executive and former editor in chief of Variety, is even quoted in Vanity Fair on the subject. “We live in a time when there are amazingly few leaks,” he said of the new Hollywood, “where studios are fortresses run by multinational corporations, whose information is tightly controlled.”

Baker responded affirmatively to a question one attendee posed: Do hacked companies fear going to the authorities just as a rape victim often fears reporting the crime. Reporting it means you are subsequently examined and viewed as having somehow caused the crime or invited it.  

We can feel like Bill Murray in the movie Groundhog Day. We keep waking up with the same nasty nightmare, yet act the same way again today. Are we to blame for this human weakness if and when we are breached? I inevitably counted how often we had shopped at Target or Home Depot before the headlines hit, yet went about charging purchases at the big box stores again.

Were you one of those who blamed Jennifer Lawrence for the fact that a lot of Jennifer Lawrence was flashed to more people than she ever fancied? Even if you weren’t, did you close your iCloud account?

And, despite my laser focus on data protection and privacy, our family happily (foolishly?) watched the Sony debut of The Interview on demand Christmas Eve in the safety of our den with bowls of homemade popcorn. It all seemed innocent – our two teenagers wanted to watch a funny movie they hadn’t seen yet and I didn’t want to worry about parking or paying exorbitant prices for disgustingly salty chemically buttered popcorn. At only $5.99 for the pleasure of staying home and avoiding all that sodium, my husband pulled the trigger.

Yet as the kids dozed off with visions of sugarplums I lay awake all night worried that Kim (Dear Leader not Kardashian) now knew we’d watched it (traceable thanks to my IP address, YouTube™ and Gmail account). I tossed and turned wondering if we were being hacked by the North Korean cyber-team as punishment.
 
As one expert posited, the data breach Kim’s regime in North Korea apparently orchestrated is less revelation than confirmation. We can no longer pretend that what’s meant to be seen or known by only one other individual won’t find its way to hundreds, thousands, even millions. That sort of privacy is a quaint relic and also a harsh reality.

“Nothing you say or buy in any form mediated through digital technology – absolutely nothing at all – is guaranteed to stay private,” wrote Farhad Manjoo, the technology columnist for The Times. He issued a caution to anyone who “uses a digital device to say anything to anyone, ever. Don’t do it. Don’t email, don’t text, don’t update, don’t send photos.” He might as well have added, “Don’t live in 2015.”  Self-expression and sharing aren’t easily abandoned, especially given today’s social media madness and big data boom.

Some readers make the typically complacent statement: I have nothing to hide. Go ahead. Look at everything. Only terrorists will be worried. But we should all be worried. Most of us have something to hide, something we prefer to keep private for personal and maybe even creative reasons; we need to protect the ability to share personal information at our discretion and that right is called privacy.

Why is this impossible? Simply because the original conduits for the kind of communicating we do – smoke signals, carrier pigeons, landlines, snail mail – no longer do the trick. This means we don’t have real choice anymore. Marc Rotenberg, the executive director of the Electronic Privacy Information Center said, “It’s not like picking up the newspaper and realizing ice cream has too many calories and you can start eating fat free frozen yogurt from now on. It is too late!”  My mom nailed it when she said, "You can’t get your virginity back."

Think about it. All those fun questionnaires so many of us take on Facebook are gleaning bits of data about you.  One helps you figure out ‘your real age.’ Another helps identify which famous Hollywood star you resemble – I’m Sofia Loren for any inquiring minds! 

But, it’s not all that obvious. What about the incredible travel and personal data that Uber now has about us that the government has formally viewed as a violation of privacy?  And our favorite: Just exactly what did you do in a hotel room or on property, thanks to the data-mining CRM gurus at “insert hotel brand name here.”

Rotenberg shared a remarkable survey that had just been published by the Pew Research Center, which found that overwhelming majorities of Americans seriously questioned the confidentiality and security of their social-media activity, their online chats, their texts – and yet pressed on with all of these.

When will we get it?  Are we doomed to relive the horrors over and over, or will we finally figure out something has to change as Bill Murray did in Groundhog Day?  At least Hollywood has a new wariness of electronic communication. “Everybody’s scrubbing down, checking for compromising emails,” said one veteran producer. They are doing the cyber-workout (Delete, delete, delete).
 
As we roll into Q2 of 2015, the key lesson to take away is that consumers have learned what Hollywood learned. It isn’t to beware of totalitarian states. It’s to beware, period. If it isn’t a foreign nemesis monitoring and meddling, then it’s potentially a data mining blackbelt examining more than just your online buying patterns, or an employer trawling for signs of disloyalty or indolence; an acquaintance turned enemy, a random hacker with an amorphous grudge – or for Snowden – the federal government.

While this spooky realization prompts better behavior in certain circumstances that call for it and is only a minor inconvenience in other instances, make no mistake: Privacy, while a right, is gone. Those moments and nooks in life when you are secretly your messiest, stupidest, most heedless self? They’re quickly disappearing if not already gone. This dawning realization by consumers translates into lack of trust. And a lack of trust means a loss of revenue (just ask Target).

We must take a holistic view and embrace security if we want customers to embrace us. This is not the role of IT or the security group within an organization. It must be the role of every employee and every executive. We must put in systems and operational practices to help prevent and detect breaches. We must contain them and most important we must be prepared for a breach.
 
Science fiction raised the spectre decades ago and at long last it has come true, but with a twist. Computers and technology don’t have minds of their own. They just have really, really big mouths. And we have given them the ability to talk.

Marion Roger, VP Hospitality Evolution Resources, is a specialist in the hospitality supply chain landscape who is currently leading an industry initiative to support guest data security and has developed a hotel-focused training curriculum on PII protection.

©2015 Hospitality Upgrade
This work may not be reprinted, redistributed or repurposed without written consent.
For permission requests, call 678.802.5302 or email info@hospitalityupgrade.com.



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.