By Danielle Schalk
Ensuring the security of guests’ data is just as integral to the guest relationship as the information that can be gleaned from it.
As David Clifton, senior vice-president of Oracle Retail and Hospitality Technology, puts it, “Guests entrust hospitality brands with their data every time they engage with different brands and their various properties. This makes it crucial for those brands to make every effort to identify risks and keep that valuable data secure.”
This involves both managing and mitigating access to personal information, as well as protecting against malicious intent.
“Key questions hotel brands should ask themselves include whether their staff know how best to handle data and understand the need to limit the sharing of both guest and business data,” says Clifton. “It’s not only having comprehensive privacy policies that clearly outline how guest data is collected, used, stored and shared, but also ensuring it’s clearly enforced and staff are properly trained to understand how to follow those policies.”
“I always look at our employees as the first line of defense,” agrees Grant McKegney, director of Technology for Vancouver-based Coast Hotels Ltd. He also points to the principle of least privilege (PoLP) as key to protecting privacy and personal information. “People only get access to the data that they need to access,” he explains. “We control the number of accounts and who has access to [the data] from our head office and from the vendors [we work with] as much as possible.”
These days, effective data management is a necessity in order to make use of the complex web of information and access points hospitality operations are engaging with.
“It can be very complicated for hospitality brands to have a full view of their data journey, such as where their data is stored, how and where it’s transmitted and how the operations of the hotel impact the use of that data,” Clifton explains. “Attack surfaces can be extremely large because hotels deploy a lot of technology on premises, as well as in data centres and/or the cloud. The more vendors and more connections hotels have, the more the ‘attack surface’ area of data increases. This makes it more difficult to know where the data is going and confirm that access is fully secured to that data.”
And, the importance of safeguarding the information collected only continues to grow as the hotel industry continues to leverage and grow its use of data. “Data is like the icing on the cake these days. It’s crucial in every aspect of hotel operations and head-office operations — from guest satisfaction to revenue management,” says McKegney. “The uses of it are endless and our opportunities to gather [are expanding.] We’re always looking at other ways to keep that operational data and customer data coming in.”
However, this plethora of data can become unwieldy, because data is only as valuable as an operator’s ability to glean useful/actionable information from it.
As McKegney explains, to make use of all this data requires a process of “aggregating and consolidating data from various sources — reservations, loyalty programs, our online feedback channels, guests sentiment — and making sure that we can merge that data into a usable tier that allows us to make more and better informed decisions.”
Since too much redundant or superfluous data only serves to get in the way of this goal, he notes: “We’re always looking at ways to prune irrelevant things or old data — metrics that may change or may not be important anymore. We’re making sure we maintain the integrity of the most reliable and contextual set of data that we can get from our customers and the operations.”
But, more than practicality, when it comes to managing the amount and kind of guest data operators collect, McKegney notes, “It’s also a balance between personalizing guest experience and the need to protect the data that we’re getting.”
Similarly, it’s also vital to weigh the operator’s desire for information and the customer’s desire for personal privacy. And, in order to strike the correct balance, McKegney shares that the Coast Hotels team looks to guest feedback through online channels, as well as the communications team’s use of ReviewPro Guest Intelligence and other tools. “Taking the exact temperature of the guests after they stayed with us, or before, is very helpful in understanding that balance,” he says.
While excellence in efficient and secure management of information remains a moving target in this data-driven age, some things remain clear. “A good security patching cycle for systems should never stop. Technology should constantly be kept up to date in order to properly mitigate vulnerabilities,” says Clifton. “Implementing comprehensive data-security measures when managing guest data not only protects sensitive information, but also demonstrates the hotel brand’s commitment to safeguarding guest privacy, as well as enhancing their overall reputation and customer loyalty.”
