Tech Talk

Recent posts

IoT is Coming, Jon Snow…
Posted: 05/21/2019

Hospitality is prime for the coming advent of the various devices that make up the Internet of Things. Estimates show the industry now represents 17.5 million rooms worldwide and savvy guests are demanding more personalization and an overall improved guest experience along their connected travel journey and belief is that IoT can bring this to reality. 

The forces driving local search rankings are constantly changing. But recent studies suggest that in 2019, four key factors make up the local search algorithm. 
 
The most significant factor is Google My Business (GMB). If you’re not on it, get on it now.

The robotic revolution in the hospitality industry might seem to have taken a step back. This January, the famously quirky Henn-Na Hotel in Japan fired half of its 243 robot staff. The robotic workforce reportedly irritated guests and frequently broke down.

Think about the moment when you first enter your hotel room. Look around: Does the room tell you anything unique about the hotel where you are staying? Or is it all beige walls and double beds with white covers, and you have to walk back outside and look at the sign on the hotel’s facade to even remember where you are?

Hotel guests commonly bring multiple devices with them during their stay. However, many hotel environments don’t provide easy access to charging outlets. This situation can lead to a guest feeling more than inconvenienced. A recent survey found almost 90 percent of people "felt panic" when their phone battery dropped to 20 percent or below.



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

There Is No Safe Harbor In This Perfect Storm

10/13/2015

On October 6, 2015, the European courts ruled that the 15-year-old Safe Harbor Act is immediately invalid, citing it clearly violates privacy rights. This has a direct impact on how hotels operate overseas or, for readers without hotels in Europe, how they treat information about guests who live in Europe and travel to your hotel. Whether you know about Safe Harbor or not, you should understand why this is so important. 

Hotel groups based in the United States all transfer guest data from a guest who resides Europe and books online or at the call center taking this data overseas and into the hotel group’s CRS and the property’s PMS which typically are hosted in the U.S. Many hoteliers know the EU’s stiff and complex rules on data protection have for years made it illegal to transfer personal details to any country that does not meet the bloc’s privacy standards. 

In fact, the EU views the U.S. as UNSAFE and in all fairness has viewed it that way for years, long before Snowden or the Target/Home Depot/Wyndham/Neiman Marcus/OPM/insert breach name here.

Why?

Simple: there is no U.S. federal legislation on data protection or privacy in general. Hospitality does not fall under the framework of legislation the way the healthcare industry does (i.e., HIPPA) thus privacy laws have created few if any obstacles for North American hospitality companies over the years. Many hoteliers reading this may not even be aware they are violating laws because the city or state their company is incorporated in does not address the issue, yet they are housing guests from places that do, including Massachusetts and Canada as well as Europe and Asia.

Until last week, our industry had a great “workaround.”  Under “Safe Harbor” Rules, U.S. firms were allowed to transfer personal data of European citizens back to the U.S. provided they “followed one set of rules on how data they store and collect within the European Union is protected.”  Safe Harbor’s rules governed what companies can do with information they gather, about the kinds of personal data garnered from users’ posts on social media, when searching the Web, when buying items online (including travel) and other activities. In other words, given the U.S. does not have broad reaching federal privacy laws to comply with, American firms received a pass as long as they depended on the framework of Safe Harbor as the basis for handling data of guests from the European community. 

The stunning and recent invalidation of the workaround has huge implications for the hotel industry. Some larger American-based hotel groups have gone very public with their promise to follow EU data privacy rules by signing up to self-certify under Safe Harbor; whereby they committed to apply the same stringent privacy laws that European companies are following. With the Safe Harbor rules in place since 2000 effectively done away with, each country in the European Union could potentially set its’ own privacy rules and regulations, creating a difficult situation for U.S. hotel groups who welcome guests from all the EU member countries.

CRM, ecommerce and outsourcing as well as the wonderful world of cloud-based service technology now combine to make a perfect environment for increased revenues, but in reality, this convergence makes for the perfect storm.

That fusion of the aforementioned technologies and our love affair with data mining means the massive data sharing we do is what we want to do, and often what we need to do, and in fact what are doing ALL THE TIME is now a problem. Hotels could be breaking the law (no, really they are) every time they transfer guest data if the guest is European. Even if they stay in a hotel you own in Europe, if the data is then sent to the United States for the loyalty program or post departure stay survey emailer, it is illegal! 

While the immediate concerns have IT and legal teams scrambling, it’s important to recognize that this is not just an IT and legal issue. The executive team needs to take ownership and use a top-down approach to help prepare the company for the future. To stay ahead of the curve as data sovereignty evolves, consider adding a chief privacy officer and a chief information security officer to the executive team. They are not one in the same and are vital to the survival of your firm. Addressing the issues of data privacy and data protection will require specialized knowledge and full-time attention to handle future regulations that will inevitably be put in place across the globe as other regions follow the EU’s lead.

Many may know that without Safe Harbor, alternatives for protection at the moment include EU model contract clauses and binding corporate rules (BCRs), although the latter involve a sometimes lengthy approval process by European regulators. Many businesses, anticipating the legal issues with Safe Harbor, have already been using model clauses as a method for carrying out international data transfers. Ask your counsel.

At a minimum, begin to make an assessment of other options. Look at data flows. Assess scale and sensitivity of information that needs to be shared.

Look at existing contracts with cloud vendors – they might already include the use of model clauses. If they do not, try to find one that does, or modify your existing agreements. As part of your assessment, call your data privacy lawyer to make sure you have covered every angle. Stay tuned for more as the dust settles.
About The Author
Marion Roger
VP Business Development
Hospitality E Resources


Marion Roger, vice president of Hospitality E Resources (HER Consulting), is a specialist in the hospitality supply chain landscape who is currently leading an industry initiative to support guest data security and has developed a hotel-focused training curriculum on PII protection. With a speciality focus on electronic reservation systems, payment technology protection and data security, Marion is a regular on the speaker circuit and contributor to Hospitality Upgrade on these key topics.

 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code