Hotel chains face a triple threat when it comes to security, and here's why.

8 October 2019

Advances in information exchanges, technology, and globalization are turning data into one of the most important assets for hoteliers but regulators across the world have never been more alert to this reality.

The hospitality industry and hotel chains around the world face a triple threat of greater scrutiny from the public and regulators, stringent data protection regulation and increasing threats like data breaches. It has never been more important to ensure that hotels are prepared, protected and compliant.

One of the most recent data breaches in the hotel industry was Choice Hotels after 700,000 customer records were compromised in August 2019. Choice Hotels said the breach was a result of a third-party vendor who copied the impacted data from Choice Hotels environment without authorization and moved it to its server.

There is no doubt that the European Union's General Data Protection Regulation (GDPR) sets the highest standard in data protection in the world today. Not only by way of its substantive requirements but also because of its extraterritorial outreach which requires any hotel chain with European customers to comply with its demanding provisions.

But, lawmakers on every continent are rapidly catching up and comprehensive data protection regimes are cropping up across the Americas (California, Brazil) and Asia (Singapore, Thailand). This fast pace of regulation penetration worldwide, which most often includes a duty to notify data breaches, adds further complexity to the precarious cocktail of a business's legal obligations and international operations.

Globally, regulations now require that hoteliers review their approach to direct marketing, their contractual position with suppliers, their intra-group and cross-border exchanges of data, their notices to customers and the security of IT their systems.

This call to action is underpinned by regulators who now have the power to impose fines proportionate to corporate group turnover that may mean millions if not even billions of euros, pounds or dollars in fines. In addition to the immediate financial impact, fines for privacy issues often eat away at consumer trust and overall brand reputation that can have a devastating effect on the share price.

Regardless of where your business is located, it’s vital to find a data advisor who can advise how to collect, manage and share information in compliance with the ever-expanding body of international rules and regulations on data protection.

This document (and any information accessed through links in this document) is provided for information purposes only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from any action as a result of the contents of this document.


Related experience

As a full-service law firm, we are able to provide advice and information about a wide range of other issues. Here are some related areas.

Join the club

We have lots more news and information that you'll find informative and useful. Let us know what you're interested in and we'll keep you up to date on the issues that matter to you.