The Aftermath of the Pandemic and the Ethical Implications of Data Deletion and Sanitization

An exclusive Hospitality Upgrade article series on securing customer and employee data - Part 2

As the hotel industry is navigating through the remaining months of the pandemic and enduring truly agonizing decisions regarding the fate of some properties, if a property suddenly closes or changes ownership, what becomes of the data? Who protects the customers and employees from the disclosure of data? Ethically, you do.

In the first article in this series we discussed creating a Data Deletion and Sanitization Policy and defined the process, as well as we discussed the states of availability for data.

The physical location of the data stored on digital systems we use to run the property have are often unclear. An icon on the desktop might take you to an internal system residing on a server, a single hosted application running on in a cloud or co-located private server hosting a specific application. On properties that lack file servers, off site hosting of files through commercial or private collaboration software are now widely used due to low cost and high availability. Now a majority of these types of systems are powering the COVID-19 workplace.

While the accessibility to these system from off property is both a blessing and a curse, the format on which data stored has some distinct advantages which we will discuss a bit later. However, from a location point of view each system needs evaluation to determine where the data resides, either on property or off. Inclusion of the findings in the Data Deletion and Sanitization Policy will form a clearer process for dealing with individual needs as well as system wide when the time comes.

Cloud backup systems are an essential part of the business continuity plan. They provide protection in case the physical asset is no longer available or is unusable due to malware. The hybrid nature comes into play when you consider the primary instance of the data is on the server located in the property system room and secondary instance is offsite in the cloud. Likewise, individual users that rely on solutions such as Google Drive or OneDrive have access locally on the laptop or desktop and cloud access to the data via a web application.

Consideration of these solutions should also be included in the policy. As long as the account payment is current, the information will be available for use. Most cloud services provide robust encryption services both in transit (from the server to the cloud) and at rest (waiting to be used) so direct back door hacking is not practical or a significant source or compromise. However, the end user, or users may still have active passwords and login credentials. This provides direct access to critical data for former employees.

That will bring us the final topic for this installment, protection. Rather than going into an in-depth discussion about various encryption methods, it would be better discussing encryption on whole. Encryption is the process of scrambling data leaving digital information unreadable without the appropriate “key” being applied to decrypt the message. There are several methods of encryption resulting in greater security levels. The trade off in security is that it does slow down the computing process based on the algorithm and strength.

The good news is that virtually all-current cloud-based applications use strong encryption during the processing, transmission and storage cycles. What would seem like the most likely candidate for a compromise might not be. The risk would not necessarily be in some unknown hacker stealing the data but rather an internal threat such as a former employee still active in the account.

Completely encrypted storage devices seem like the panacea for security. Strict system configuration standard and a centralized control are crucial to larger organizations with copious amount of sensitive data. Keep in mind that many operating systems require a user to enable hard drive encryption. Policies and procedures should define and limit user’s ability to tamper or disable safety features. Central administration of those features need tight controls as the business plan permits.

You would think that encrypting the entire database of your customer information is practically a no brainer. Not so, for technical reasons full encryption degrades the ability to query or search for data.  Nearly every digital function we perform today would be painfully slow. Most current programming methods permit encryption of only specific columns of information such as the credit card number, while leaving common information like a last name available for rapid search. A bit of a trade off, but worth it.

There is a method to encrypt paper, cryptography goes back hundreds of years. But, you need to utilize an encryption method before you print the paper so, not much help here.

Hopefully, this article series laid groundwork for some thought. You might be by thinking, “How prepared are we to protect our customers and ourselves when we no longer own the data?” The next article will answer a question instead “What can we do to minimize our risk if the unthinkable were to happen?” We will discuss different strategies for dealing with risk.  We will evaluate the differences between Data Deletion and Sanitization; and how to determine what mix is best for your policy.

Most of our policies focus on keeping the business running by keeping the data safe and available. Sadly, a policy must also be in place when the opposite needs to happen as well.
Please join us next week for part 3 of Where Data Goes to Die.

Click here to read part 1 of Where Data Goes to Die.