You do what you can to keep your guests physically safe in your hotel. Do you do as much to keep their data safe? Do you know what you’re legally required to do?

You might not. The hospitality industry is generally viewed as a soft target for data thieves. Just ask Hyatt.

Alan D. Meneghetti, former partner at Clyde & Co LLP and Locke Lorde LLP, and with a legal career that includes specialisation in data protection, privacy and IT, told HospitalityNet that “The data that hotels hold is particularly valuable and presents a prize target for thieves and fraudsters wishing to exploit vulnerabilities in a hotel's IT network.”

Meneghetti recommends hotels “know exactly what data they hold, how long they are holding it for, where they are holding it and what security measures they have in place to safeguard that data.” Constant auditing of data security to find upgrades or weak points is of course mandatory for hotels.

Many hotels are also required to follow data security laws, Meneghetti noted, adding that it’s the responsibility of the hotelier to know what laws apply and to ensure compliance.

Hotel Online offers a couple good suggestions for basic hotel guest data security measures:

1. Invest in Information Security. Hotel point of sales, property management systems, and the electronic key card programmers are usually connected to the hotel’s network, “making it easy for hackers to access confidential data.” Fixing this requires professional consultation (which at least costs less than a publicised data theft case would).
2. “Ensure that the payment card data and other information is segregated from the contact center.” When a guest calls to make a reservation, they should be able to enter credit card details on their phone to comply with the Payment Card Industry Data Security Standard (PCI) legal standards.