Data insecurity
As hAcker AttAcks increAse , hoteliers must tokenize And go beyond Pci comPliAnce .
by AdAm Kirby , cOnTribuTing EdiTOr
People often think of data security as protecting financial information , and while that is certainly a primary consideration , the concern should be much broader .
Many states and countries ascribe personally identifiable information — known to the security community as PII — with legal protection comparable to that of credit card data . What constitutes PII is almost limitless , from home addresses and emails to seemingly innocuous information like a person ’ s favorite sports team or what spa treatments she has purchased ; the muddled definition of exactly what PII encompasses is part of what makes protecting personal data such a complicated task .
“ The challenge for hotels is that they really like information ,” says Bob Braun , a Los Angeles attorney who specializes in information security law for the hospitality industry . “ They ’ re collecting all kinds of information — home address , birthday , workplace information — that is very , very valuable to certain individuals who shouldn ’ t be able to get it .”
As hoteliers continue to expand niche marketing efforts and customer relationship management initiatives , they make their caches of PII data that much more attractive to criminals . Charles Carrington , a Deloitte & Touche information security consultant focused on the hospitality sector , says hoteliers need to look more skeptically at their hotels ’ PII collection practices . “ Hotels are treating it as a compliance issue , rather than standing back and saying , ‘ What is the risk of gathering all this data ?’” Carrington says .
Hoteliers need not abandon CRM
46 HOTELS March 2014 www . hotelsmag . com