The details coming out of the Equifax data breach show some shameful mistakes the hotel industry should learn from, especially as new technology comes out that would collect more data about guests.
Forgive me if I sound like a broken record lately, but we’ve all seen two important and somewhat related developments recently, and I think there are some lessons that shouldn’t be ignored by the hotel industry.
I hope the data breaches at Equifax made every hotel CEO, president, COO, etc., run over to their IT department to make sure their companies don’t have the same vulnerabilities Equifax had. It appears a software package the company used had a known flaw in it. When the software developer released a patch in March to fix it, Equifax hadn’t applied the patch by May, which is when the company was hacked for what turned out to be the second time in a matter of months. The company recently revealed it was hit with an earlier attack in March.
The reason the March data breach sounds new is because the company only notified its own customers, not the rest of the people whose information the company gathered and stockpiled. Strange how they can collect and store our data, but we don’t count as their customers even though it’s our own personal credit information that makes them money. If the people who pay for Equifax’s service count as their customers because they pay for the company’s service, what does that make everyone else who doesn’t pay for the service but still provides the information (regardless of consent) that makes the company money?
To sum it up, the two combined data breaches on Equifax affected more than 100 million people, and they didn’t even tell the majority of people affected during the first one. There are also allegations of insider trading as several company executives sold their Equifax stock before the breaches were announced.
Hoteliers, everything that Equifax has done—don’t do that. Protect all of your guests’ and employees’ personal information as much as you possibly can. The saying about data breaches is “it’s not a matter of if but when” likely still holds true, but, while you never want a data breach at your company, you certainly don’t want one because you didn’t act quickly enough to remedy a flaw. If one does occur, follow every law applicable in notifying your guests. Managing and repairing a data breach is undoubtedly a problem for hotel companies, but remember that your guests likely don’t have the same resources, expert attorneys and insurance policies to help guide them and try to make them whole once more.
The other development that could have lessons for the hotel industry is the new facial recognition feature on the iPhone X. This is the first phone with the technology, but given the popularity of the devices and the sales pitch from Apple, this might be the phone that makes facial recognition more mainstream.
I’ve written briefly before about facial recognition in the hotel industry and why I think it’s creepy. I’m not alone. Do a search for the technology and the word “creepy” and you’ll see a bunch of results. Every fear over facial recognition technology might not play out. Maybe none of them will, but that’s impossible to say right now.
I’m not saying you shouldn’t use it, but you should be careful about how and when you use it, should you go that route.
What can you do with it? How will it benefit your company and your properties? Will it make you more money? Will it make your hotels safer? Will it make your guests safer? What are you going to do with all of the data you collect through it? How will it be stored? Is this data something a hacker would want? Is this something you’d be willing to push back on if a police department wanted this type of data without a warrant?
Guests stay at your properties because they trust you. They trust you enough to sleep in your rooms, to leave their valuables unattended and to give you their personal information. Make sure you do everything you can to be worthy of their trust.
What do you think about these two developments? Can you believe the insanity that is the two Equifax breaches? Will you use your face to unlock an iPhone? Leave a comment below or reach me at firstname.lastname@example.org and @HNN_Bryan.
The opinions expressed in this blog do not necessarily reflect the opinions of Hotel News Now or its parent company, STR and its affiliated companies. Bloggers published on this site are given the freedom to express views that may be controversial, but our goal is to provoke thought and constructive discussion within our reader community. Please feel free to comment or contact an editor with any questions or concerns.