Hotel Guest Data Privacy Vulnerability (Research Paper Sample)

Hotel Guest Data Privacy Vulnerability
Name
Institution
Date
Hotel Guest Data Privacy Vulnerability
Introduction
Most hotels, especially those which accommodate customers are strongly liable for keeping the customer’s private lives or information as it should be; strictly private. Nonetheless, do these hotels truly do that or is it just a strategy to attract customers? Hotels deal with a wide range of services and issues that affect customers including the management of information and other operational issues. Thus, the growing use of credit cards and even the high demand for Wi-Fi in the hotel rooms have led to an increase in threats by identity thieves. This shows that the liability for such guests is on a steady rise and hotels need to improve their attempts to protect the identities of their guests. In the past, keeping guest information safe was a rather straightforward process, and the most innovative process was the provision of in-room service to ensure the safety of the guests’ valuables. Back at the time, this approach of providing guest security and privacy made a lot of sense as it was just aimed at providing security for guest possessions (The JMBM Global Hospitality Group, 2012).
Nonetheless, the industry today realizes that there is more to security than just wallets, watches and vehicles. The most valuable information that hotels have to safeguard today is the identity of the guests. This is because when a guest’s life is in danger, it is far more serious than the loss of some valuables. Even still, the use of credit cards, Wi-Fi and other options available for guest use in hotels still poses some insecurity in the identity or the lives of the guests. Hotels still remain the most sought targets for both financial and identity theft because of a number of reasons. First of all, most hotels transact their businesses through credit cards and information on these credit cards are kept on file, meaning that they can be accessed at any time of the day when the guests are in their hotel rooms (Network Box UK LTD., 2012). The possibility of recording credit card information can happen at any time when the guests use their cards, for example, with each night’s charge, spa charges, bar charges, and room service, among others. Thus, each charge or transaction provides a new opportunity for identity thieves to access the information of guests in a hotel. Such identity thieves use sophisticated computer hacking systems, and also other malicious software without the knowledge of the guests or the hotel management.
These threats facing the identities and even possessions of guests in hotels call for hotels to take extra attention and caution to ensure the safety of their guests. First of all, hotels should note that the ability to get internet connections is an integral part of the lives of most individuals’ daily lives. This is the reason behind the rapid increase in need or demand for Wi-Fi connections in hotel rooms. This high demand for Wi-Fi connections leaves most hotels with no option than to offer wireless internet connections, a service that is unsecured in most instances (Brewer, Kim, Schrier, & Farrish, 2008). Unsecured internet connections are just as dangerous as leaving the hotel room doors open or leaving files with the guests’ information open for all people to see. Hackers can easily get access to guest information, including their financial information sensitive e-mails and business records. In connection to this, most hotels do not have much to say about such cases of identity thefts because they are not compelled to offer internet security since it is not part of the services that most hotels offer.
In addition to this, all hotels have employees, some with a high employee population, and most of these employees have access to guest information through their credit cards. Despite the intense training or supervision that employees of a hotel receive they still pose a high risk to the identities and security of guests in a hotel. Most low-level employees have access to key guest information in a hotel, and a high turnover of employees in a hotel makes the situation even worse as it is difficult to trace the employees. Over the recent past, most security researchers in hotels have reported a wave of attacks against the hospitality industry. The Cybersecurity Consultant Trustwave established that out of all its investigations carried out in 2010, 38% involved victims in hotels and resorts of cyber intrusions. Hotels represented a disproportionate percentage of security breaches, but these were still high (The JMBM Global Hospitality Group, 2012). This is because hotels seek for as much personal information about their guests as possible just to maintain a traceable track of the guests’ in case the hotels need to get to them (Lollis, 2011).
Most hotels, however, try and establish ways of ensuring employee safety despite all the threats that exist from identity thieves. This is because hotels do realize that guest privacy is part of the guests’ expectations; thus they design and implement a hotel guest privacy policy. This privacy policy for guests in a hotel constitutes the core principles which apply in all the departments of a hotel. In most hotels guests have to read the privacy policy carefully before they offer any of their personal information to the hotel. Any information that the guests submit to the hotels that identify them personally whether directly or indirectly, for example, their phone numbers or names, falls under this privacy policy. Thus, by accepting the hotels’ terms and conditions, guests express their consent for the hotels’ guest privacy and policy. Hotels may then use this information for their own purposes, or if required they may use this information in matters related to the law. Most hotels also take appropriate organization and technical measures according to the provisions of law to protect guests against unlawful destruction or alteration, accidental loss or unauthorized access or disclosure (Accor Hotels, 2011).
Moreover, most hotels continue to ensure the privacy of guest information even long after they are gone from the hotels just in case identity thieves may attack at a later date. Most hotels do realize that information stored in their systems can be hacked or compromised if they do not pay attention, to the provision of data security. Such information is kept safe mostly because past customers may still return to the hotels at a later date and thus, the hotels have to maintain customer loyalty. Thus, the customer database, which holds all the information about the customer including name, e-mail, telephone numbers and financial information, is locked and barred from any access until the customer goes back to the hotel again. Such loyalty programs offered by hotels present a reliable way, to ensure the privacy of guests and keep on attracting more and more guests as they have trust in the privacy systems of such hotels. This system covers all guests, even those who may be at risk of using their credit cards to pay for services. The Wyndham incident must have been the ultimate wake up call for most hotels in its 2012 lawsuit filed by the U.S. Federal Trade Commission.
The Wyndham Case
In June 2012, the Wyndham Hotels faced a lawsuit from the U.S. Federal Commission for its misrepresentation of security measures to prevent intrusions by identity thieves or computer hackers. The FTC, in a press release, claimed that the Wyndham Hotel had subjected its guests to theft risks, as well as, a deceptive and unfair, lack or protection to the customers’ data leading to a series of breaches in the hotel. This breach of information and computer hacking also affected three other subsidiaries of the hotel. The lawsuit included three attacks on the chain of hotels form 2008, which led to a compromise of 500,000 credit card numbers, and another 50,000 and 69,000 credit cards in other different locations. This implies that Wyndham did not take the basic, well-known security measures to ensure the privacy and security of its customers. FTC had noted the fact that Wyndham did not ask for complex p...