Tech Talk

Recent posts

People today expect to be connected always and everywhere; sometimes it’s hard to believe that there was a world before smartphones and Wi-Fi. In the time since Wi-Fi became ubiquitous in hotels, apartments, and public spaces, it has fueled the evolution of connectivity in a lot of ways. Just like Maslow’s hierarchy of needs, the most basic needs start at the bottom, and you can’t get to the next level without a strong foundation. 

By now, everyone is aware that hotel giant Marriott International announced on Friday a massive data breach that goes back more than four years and may have affected up to 500 million customers worldwide. 

After two years of preparation, the FlyZoo Hotel — a futuristic property that uses interactive technologies to do everything from greet guests to deliver room service — is ready for business. 

Mobile technology is fast becoming central to the entire travel experience. Consumers are increasingly using their smartphones to research trips, book accommodation, check in at the airport, and access their hotel room. But one of the next big roles mobile has to play in the travel process is mobile payment. The idea of an entirely cashless society might still seem some way off, but mobile payment is gaining popularity. As it becomes more widely used, its fast and frictionless nature will bring benefits before, during and after a trip. 

Digital marketing, also known as internet marketing, plays a significant role to boost hotel website traffic and online bookings. Recently, many big announcements were made in the digital industry, for example when Facebook introduced a new video format for marketers, or when Google announced a board core algorithm. If you are a new hotelier and want to stay ahead in the industry, then you should know what’s going on in the hotel digital marketing industry. 
 



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

There Is No Safe Harbor In This Perfect Storm

10/13/2015

On October 6, 2015, the European courts ruled that the 15-year-old Safe Harbor Act is immediately invalid, citing it clearly violates privacy rights. This has a direct impact on how hotels operate overseas or, for readers without hotels in Europe, how they treat information about guests who live in Europe and travel to your hotel. Whether you know about Safe Harbor or not, you should understand why this is so important. 

Hotel groups based in the United States all transfer guest data from a guest who resides Europe and books online or at the call center taking this data overseas and into the hotel group’s CRS and the property’s PMS which typically are hosted in the U.S. Many hoteliers know the EU’s stiff and complex rules on data protection have for years made it illegal to transfer personal details to any country that does not meet the bloc’s privacy standards. 

In fact, the EU views the U.S. as UNSAFE and in all fairness has viewed it that way for years, long before Snowden or the Target/Home Depot/Wyndham/Neiman Marcus/OPM/insert breach name here.

Why?

Simple: there is no U.S. federal legislation on data protection or privacy in general. Hospitality does not fall under the framework of legislation the way the healthcare industry does (i.e., HIPPA) thus privacy laws have created few if any obstacles for North American hospitality companies over the years. Many hoteliers reading this may not even be aware they are violating laws because the city or state their company is incorporated in does not address the issue, yet they are housing guests from places that do, including Massachusetts and Canada as well as Europe and Asia.

Until last week, our industry had a great “workaround.”  Under “Safe Harbor” Rules, U.S. firms were allowed to transfer personal data of European citizens back to the U.S. provided they “followed one set of rules on how data they store and collect within the European Union is protected.”  Safe Harbor’s rules governed what companies can do with information they gather, about the kinds of personal data garnered from users’ posts on social media, when searching the Web, when buying items online (including travel) and other activities. In other words, given the U.S. does not have broad reaching federal privacy laws to comply with, American firms received a pass as long as they depended on the framework of Safe Harbor as the basis for handling data of guests from the European community. 

The stunning and recent invalidation of the workaround has huge implications for the hotel industry. Some larger American-based hotel groups have gone very public with their promise to follow EU data privacy rules by signing up to self-certify under Safe Harbor; whereby they committed to apply the same stringent privacy laws that European companies are following. With the Safe Harbor rules in place since 2000 effectively done away with, each country in the European Union could potentially set its’ own privacy rules and regulations, creating a difficult situation for U.S. hotel groups who welcome guests from all the EU member countries.

CRM, ecommerce and outsourcing as well as the wonderful world of cloud-based service technology now combine to make a perfect environment for increased revenues, but in reality, this convergence makes for the perfect storm.

That fusion of the aforementioned technologies and our love affair with data mining means the massive data sharing we do is what we want to do, and often what we need to do, and in fact what are doing ALL THE TIME is now a problem. Hotels could be breaking the law (no, really they are) every time they transfer guest data if the guest is European. Even if they stay in a hotel you own in Europe, if the data is then sent to the United States for the loyalty program or post departure stay survey emailer, it is illegal! 

While the immediate concerns have IT and legal teams scrambling, it’s important to recognize that this is not just an IT and legal issue. The executive team needs to take ownership and use a top-down approach to help prepare the company for the future. To stay ahead of the curve as data sovereignty evolves, consider adding a chief privacy officer and a chief information security officer to the executive team. They are not one in the same and are vital to the survival of your firm. Addressing the issues of data privacy and data protection will require specialized knowledge and full-time attention to handle future regulations that will inevitably be put in place across the globe as other regions follow the EU’s lead.

Many may know that without Safe Harbor, alternatives for protection at the moment include EU model contract clauses and binding corporate rules (BCRs), although the latter involve a sometimes lengthy approval process by European regulators. Many businesses, anticipating the legal issues with Safe Harbor, have already been using model clauses as a method for carrying out international data transfers. Ask your counsel.

At a minimum, begin to make an assessment of other options. Look at data flows. Assess scale and sensitivity of information that needs to be shared.

Look at existing contracts with cloud vendors – they might already include the use of model clauses. If they do not, try to find one that does, or modify your existing agreements. As part of your assessment, call your data privacy lawyer to make sure you have covered every angle. Stay tuned for more as the dust settles.
About The Author
Marion Roger
VP Business Development
Hospitality E Resources


Marion Roger, vice president of Hospitality E Resources (HER Consulting), is a specialist in the hospitality supply chain landscape who is currently leading an industry initiative to support guest data security and has developed a hotel-focused training curriculum on PII protection. With a speciality focus on electronic reservation systems, payment technology protection and data security, Marion is a regular on the speaker circuit and contributor to Hospitality Upgrade on these key topics.

 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code