Cookies on HFTP Bytes

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us give you the best possible user experience.
By using the site, you consent to the placement of these cookies. However, you can change your cookie settings at any time. Read our Privacy Notice to learn more.

I understand
  • New Global Directors Join the 2018-2019 HFTP Board

    The HFTP 2018-2019 Global Board of Directors was installed during the association's 2018 Annual Convention and introduces new directors Toni Bau, Carson Booth, CHTP and Mark Fancourt. These extensive director profiles give insight into the distinguished professions and personal goals of HFTP's newest association leaders.

  • HITEC Special: Does EU GDPR Affect U.S. Hospitality Companies?

    By Alvaro Hidalgo. The EU General Data Protection Regulation has set a path towards protecting personal data which many other countries will follow. In a global industry such as hospitality, it should be a primary objective to take the steps towards compliance.

  • HFTP Report: Hospitality Data Security — Strategy for Data Protection and Regulation Compliance

    This guide from Hospitality Financial and Technology Professionals (HFTP(R)) covers safeguards that can be implemented in hospitality businesses today, tips on how to continuously improve security and data regulation compliance.

  • HFTP GDPR Guidelines: Privacy Policies for Hotels

    This document offers points to consider in the development of a hotel’s privacy policy. In view of the multiple organisational and legal structures under which hotels operate, as well as the complexity of the third party landscape that may be part of the complete guest experience, this document serves as a guideline only.

How to Win the Battle Between Privacy and Personalization

Hotel Online·13 December 2018
It’s hard to believe that 2018 is drawing to a close. It’s safe to say that few topics this year have been more relevant than the themes of both privacy and personalization. Hoteliers are swimming in opportunities to learn more about their current (and prospective) guests than ever before. But with that opportunity to swim also arrives the opportunity to sink. Many hoteliers find themselves stuck between the need to personalize their offering with user data and the need to tread carefully within new GDPR rules and regulations. If they don’t tap into guest data to curate a more personalized, unique experience, they may not appeal to guests — but if they don’t secure data the right way, they’re putting guest privacy (and their reputation) at risk.

How to Win the Battle Between Privacy and Personalization

Concilio Labs, Inc. ·13 December 2018
But the battle isn't as simple as sink or swim. Modern consumers decidedly connect with brands who understand (and cater to them) on a personal level, while privacy concerns are at the forefront of that same conversation. McAfee surveyed 6,400 people globally to learn more about how they handle and protect personal information. The survey revealed that one third of those surveyed did not think they could control how companies collect personal information. In a 2016 global study, unwanted marketing was cited as consumers' top concern about businesses using their personal data (59 percent), followed by their data being sold to third-parties (58 percent) and organizations having unsecure systems (55 percent). But in that same breath, the personalization guests crave today extends far beyond a hotel just knowing their name upon arrival or their ability to receive targeted and personalized marketing communications. Today, savvy consumers expect their preferences to be saved within systems and devices, their voice commands to be recognized by digital assistants, and their hotels to offer specialized upgrades, room preferences and personalized communications. The modern consumer is fueled by instant gratification and hyper-connectivity; these are all concepts that thrive on the availability of relevant user data to curate a unique experience.How can hotels (safely) tap into guest data in a way that benefits their guest and their travel experience, without neglecting privacy measures? Ultimately, how can hoteliers can win the battle between privacy and personalization? There is not a single, easy answer. As most (if not all) of you know, GDPR was brought into effect to strengthen and unify data protection for all individuals within the European Union (EU). Following the longstanding realization that privacy standards are often not sufficient to truly safeguard the personal data, GDPR was enforced to give power back to consumers. This legislation applies to all data about persons in the EU (both guests and employees) and demands that hotels keep clear records and documentation of what personal data they access, where it came from, how it is shared and the consumer-provided consent to obtain that data. Given that hotels operate with the use of online travel agencies (OTAs), PMS, CMS systems, mobile apps, social media and more, understanding how to navigate within the means set by GDPR is ever-important. However, the GDPR framework was not put in place to limit hotelier's ability to access guest data and utilize that information to curate an improved, personalized guest experience. Rather, it was created with the intent to ensure hoteliers are transparent with their guests as they collect, and best utilize, personal information. So, what's the trick here? Find a happy medium. Guest data isn't out of reach; it's simply protected. Rather than taking, storing, and sharing without permission, hotels are now required to earn the trust of their guests. Provide your guests with clear communications when looking to collect or store information, attach clarified incentive to the provision of that information, and give them good options. Keep track of who consented, when they consented, what they were told at the time, how they consented and if consent has been withdrawn for any reason.The work required to get in compliance is not insignificant, but these updates will also encourage more engagement from your prospective guests. After all, a recent Salesforce study found that 63% of millennial consumers are willing to share personal data for personalized offers or discounts, 61% of millennial consumers for personalized experiences and 58% for personalized recommendations. Consumers are willing to share with brands, as long as they're given adequate reason to and can trust that their personal information will be used to curate an enhanced experience. Establishing guest trust, rapport and winning customer service experiences may require a little more work on behalf of hoteliers, but the reward is worth the return. Instead of sinking against the data, you'll swim into blue waters of a personalized, engaged guest experience.

9 Resolutions Every Marketer Should Make for 2019

MDG Advertising ·12 December 2018
As we head into the new year it's time to make some resolutions.On top of personal commitments -- does eating healthier, getting physically fit, and saving more money sound familiar? -- what should marketers seek to improve professionally? Which approaches should you embrace to make your marketing efforts more efficient and effective?Here are nine resolutions we believe every marketer should consider making in 2019 to have a more productive and prosperous year:1. I will use social media to engage, not just to postOver the past few years, many brands have fallen into the habit of using social networks primarily as distribution platforms for content and advertising. While this is certainly an important role, it is not the only one. In the year ahead, brands should remember that social media is a powerful tool for interacting with audiences, not just for delivering offerings.Why is using social to engage so important? Because utilizing it as a service channel can lead to a big payoff: 71% of consumers who have had a good social media service experience with a brand say they are likely to recommend it to others.2. I will embrace voice-controlled assistantsDigital is undergoing a profound shift that marketers should pay close attention to in 2019. Thanks to the integration of platforms such as Alexa, Siri, and Google Assistant with smartphones and other devices, consumers are increasingly utilizing voice rather than typing to ask questions and issue commands.Some 58% of consumers say they have already used voice search to find a local business and it is predicted that half of all searches may be conducted via voice by 2020. This is important to brands because voice and typing spark different types of queries and are processed in different ways by digital platforms. That means it's necessary to employ targeted tactics to optimize your offerings for voice.3. I will respect consumers' privacy and protect their dataIn 2018, the European Union's General Data Protection Regulation (GDPR) gave consumers much more control over their digital privacy and imposed strict requirements on how businesses can collect and use data.This should not be dismissed as a one-off event or as the act of overzealous European regulators: GDPR is just the tip of the iceberg and it highlights the growing concerns consumers across the globe have about how brands use and protect personal information. Given that, ensure that you are diligent in the year ahead about respecting consumers' privacy and protecting their data.4. I will focus on quality, not quantity when it comes to contentHere's a sobering statistic: it's estimated that 5% of a brand's content generates 90% of engagement, on average.One takeaway from this is that quantity is not the solution to your problems: simply producing more and more pieces is not likely to attract more interest, boost interactions, or generate more revenue.Ultimately, focusing on quality is vital. If you concentrate on developing a few superb pieces rather than on many mediocre ones, your content investment will reap a much higher return.5. I will be transparent and honest with my audiencesWhat do people want from marketers on social media? Transparency.Some 81% of consumers say brands have a responsibility on social networks to be transparent and 86% say a lack of transparency makes them more likely to take their business to a competitor.As for what demonstrates transparency, it's relatively simple: consumers say they want brands to admit mistakes, provide honest answers to questions, be clear on pricing, and avoid withholding information.6. I will start with my mobile deviceIt's no secret to brands that mobile is ascendant. More than two-thirds of Americans now use a mobile device to access the Internet and more than half of US online traffic originates from smartphones and tablets.Despite this, when reviewing digital campaigns many marketers still default to using a computer. This desktop-first approach in a mobile-first age creates a disconnect between consumers and brands.So, what can be done? Try learning from what a very old-school organization, The New York Times, did to emphasize the importance of mobile. For a period of time, the publication blocked the desktop version of its site in its offices, thereby forcing its staff to make their phones or tablets primary rather than secondary.7. I will pay attention to the metrics that matterWhile measurement is always a good thing, many marketers continue to pay too much attention to vanity metrics and too little attention to actionable metrics.What's the difference? As HubSpot puts it: "Vanity metrics include data such as social media followers, page views, subscribers, and other flashy analytics that are satisfying on paper, but don't move the needle for your business goals. They offer positive reporting, but no context for future marketing decisions -- something actionable metrics can do."Often actionable metrics are more difficult than vanity metrics to collect and analyze, but the effort is worth it. Fundamentally, your marketing efforts will only become more effective if you truly know what is and isn't working and if you know which specific things need to be done in order to improve.8. I will maintain my brand voiceOften marketers will spend time developing their brand voice but then lose it when executing campaigns.This is understandable. With constant demands on time, and so many channels to engage on, it's a difficult challenge to concentrate on carrying your identity across everything you do.Our advice: do it anyway. Your brand is your defining attribute and must be part of everything you create. We've seen over and over again that whether it's through design cues or vocabulary, maintaining consistency in all facets of a brand can exponentially increase its recognizability.9. I will embrace the changeFinally, here's some food for thought: less than two decades ago Facebook and YouTube didn't exist, the iPhone hadn't been released, and print was the second-largest advertising channel.In other words, while things may seem relatively stable in the moment it's important to remember that we live in an age of rapid advancements. While emerging platforms and approaches may seem like just buzzwords today, they could soon be critical to marketers. For example, it's estimated that the augmented reality and virtual reality markets will surpass $94 billion by 2023.Of course, there's no way to predict exactly what will become big and what will fizzle. What we do know is that things won't stay the same. For marketers, then, the most important resolution may simply be to adopt a mindset. In the year ahead, don't become entrenched; instead, start to get excited for what's new and embrace the change.
commercial

2019 will be a year for IT to uphold international security compliance across all digital properties and tools

Beekeeper USA, Inc. ·12 December 2018
Increased Security and ConfidentialityAs the EU puts GDPR into effect this May, ensuring the security of your internal communications channels will be more than just a trend in 2019--it will be an absolute necessity. Adopting a private platform for internal messaging will help employees discreetly convey necessary information amongst themselves without unnecessarily involving guests. As nowadays these sensitive messages can take many mediums (email, direct message, video, image, etc.), adopting a platform that can support a variety of media formats will be important in the coming year.With a secure chat tool in place, any confidential company or HR information will remain protected. While corporations can establish confidential communication solutions within internal apps, they can also document employee activity and collaboration for posterity. For teams that work in customer service, this can prove invaluable as information is readily accessible yet discreet should employees require it.Smart RoomsWith more people using voice-activated devices in their homes, it's only natural to use these same devices to make rooms more "smart." In 2019, IT departments should anticipate the adoption of technologies that allow guests to control lights, temperature, and other features in a hotel room can be difficult to decipher.Adding a voice-activated device like a Google Home or Amazon Echo can eliminate the risk of a poor Yelp rating or a middle-of-the-night complaint to the front desk. The guest can control specific functions of the room, just like at home.According to The Wynn Las Vegas, over 4,700 of their rooms will be equipped with an Amazon Echo to help guests control things like lighting and temperature with ease. Don't be surprised if you start seeing rooms with "smart" beds that can determine whether or not a guest is asleep or awake and heat or light a room accordingly.BYOD (Bring Your Own Device) ProgramsWith the rise of mobile communication apps for the workplace comes the expectation that messages will be responded to in real time, or at the very least, in a timely manner. While it is up to your company to establish rules of engagement so that employees don't burn out or rack up overtime while dealing with off-the-clock internal communications, it's also important to make the digital workplace app as accessible to all employees as possible. For many, this means using whatever mobile phone is in their possession. In the coming year, it will be of critical importance to ensure that your digital workplace provider can function on a wide variety of devices.An Increase in AI PresenceDepending on who you talk to, artificial intelligence (AI) is either met with excitement or skepticism and worry. While there are many industries that will eventually be dominated by AI, the hospitality industry isn't likely to go full-automation in 2019, or ever for that matter.With that said, many businesses within the hospitality industry have begun to incorporate some friendly robots to help out with some of the house keeping and other tasks that don't require a lot of face-to-face interaction. AI will ultimately help the guest experience by improving the quality of any person-to-person exchanges.Automation is not meant to threaten a booming industry but rather keep it streamlined, error-free, and maintain high standards in what it does best; striving to make the customer experience as impeccable as possible. hbspt.forms.create({ portalId: "506469", formId: "4eae38d1-0b94-4a56-85de-987e7ce67638", css: "", sfdcCampaignId: "7010B000001hcgiQAA"});

Guest Privacy - It's Your Business

JMBM · 8 December 2018
That obligation has become increasingly complex due both to the vulnerability of hotel companies to breach, and the enactment of laws and regulations, worldwide, that impose additional burdens on hotels - the EU's General Data Protection Regulation, California's Consumer Privacy Act, as well as industry developments have further heightened the concerns with guest privacy and securityThis focus must be seen in the context of two key issues: first, that hotels collect large amounts of data from their guests, both directly and through third parties; and second, that the hospitality industry has a checkered track record in protecting personal information. Both these demand that the hospitality industry take a renewed focus on data securityData CollectionHotels and hotel companies collect tremendous amounts of information, directly and through others, including vendors, credit card companies, websites, use of wifi and other systems. The fact that hotels are increasing reliant on technology - and responsive to guest demands for increased connectivity - increases both the amount of information and the risk involved in collecting and processing information.The increasing incorporation of technology into hotel operations can lead to more breaches. Hotels are seemingly in a race to become more innovative - consider the trend to allow guests to bypass the need to go to the front desk by using their mobile devices to select a room, check-in, receive texts when their room is ready, and even unlock the door to their room. Guests are encouraged to use mobile devices to customize their stay by requesting items, ordering room service, planning activities, or purchasing upgrades. Not only does this trend increase the likelihood of a breach by adding new access points to the system; these programs collect even more data, making a hotel breach more valuable.Hotels are also pressured to expand Wi-Fi networks, share data with OTAs, and proliferate other interconnected systems, making the hospitality industry more vulnerable to a data breach. Each of these factors increases the number of parties that have access - authorized or otherwise - to hotel data, and increase the number of threats to the industry.Breach VulnerabilityTrustwave's 2018 Global Security Report reported that nearly 12% of the incidences investigated by Trustwave originated at hotels - the third largest share of data breaches, preceded only by retail and the food and beverage industries, which share many of the same vulnerabilities. The hospitality industry possesses a number of factors that make them attractive to hackers: large volumes of valuable information, multiple vectors for accessing information, large workforces and dependence on vendors, to name a few. There are, however, a number of trends that make hotels more vulnerable. However, there are other reasons that contribute the frequency of cyberattacks on hotels.One of the key issues facing the industry is the prevalence of outside vendors who provide key hotel functions. Almost every breach involving hotels that have been reported over the past several years generated not with core hotel functions - check-in and check-out, reservations, etc. -- but from companies engaged by hotels to provide services to the hotel. Virtually every major hotel chain has suffered a data breach through point of sale merchants - each of Hyatt, Marriott (and before its acquisition by Marriott, Starwood), InterContinental, Hard Rock, Four Seasons, Trump and Loews has reported at least one breach in the past two years, and many have reported multiple breaches.Third parties are a common source of breaches for many industries, but the hotel industry is particularly reliant on third parties for many functions. In addition to credit card processing, hotels look to third parties for reservation services, payroll, human resources, asset management, maintenance and improvements - many hotels have determined that third parties are better qualified to provide specialized services, and thus have access to hotel systems. Many hotel companies have not fully recognized the need to monitor vendors and require them to implement adequate secure standards.It is not surprising that hotel brands are particularly vulnerable. Brands often select vendors for multiple properties and often for an entire flag. Individual hotels may have little, if any say, in the vendor, the terms of engagement, and the impact of a breach. Moreover, even when a weakness is discovered, the cost of remediation may be untenable - a security breach involving key-operated door locks required the replacement of almost every door lock in the United States! At the same time, under the typical hotel management or franchise agreement, the hotel owner is required to bear the cost of a breach, whether in terms of direct costs (including notifying potential victims and the increased cost of cyber liability insurance) and the indirect cost of diminished trust in the hotel.The widespread dependence on third party vendors is a greater problem because hotel systems are widely interconnected. To follow up on the point of sale example, these vendors must tap into basic hotel systems in order to allow for room charges and financial reporting. Hotel operators want and need single point access to hotel operations, meaning that information from separate systems must be accessible and shared by a variety of systems. Even where direct access is limited, varying systems may share a single hotel network, and often a wireless network; the network itself has the potential of breach, which can impact all systems. Ultimately, hotels face the dilemma that the system as a whole is only as strong as its weakest link, and a single vulnerability may expose the entire system.A variety of other factors exacerbate the vulnerability of hotels:Multiple Systems. Hotels use a variety of different systems for operations, ranging from off-the-shelf, commercial programs to specialty programs. Each of these programs presents the potential for breach and, as noted above, a single weakness can create a weak system. Moreover, the transfer of information from one system to another is, in itself, a source of weakness.Legacy Systems. Along with the existence of multiple systems, many hotel systems are legacy systems that were never designed with security as a key element. Legacy systems are a particular weakness.Unclear Lines of Responsibility. As the hospitality industry has developed, there is rarely a unity of ownership and management; instead, most hotel properties are owned by one party, which has entered into a franchise agreement to operate under a particular brand, and managed by yet another company. While each of these entities shares responsibility for data security, it is often unclear who is ultimately responsible - it is the manager, who operates the hotel, the franchisor, who selects or approves systems, or the owner, who has financial responsibility for the venture? The lack of precise responsibility can lead to a vacuum in leadership.The Human Factor. Hotels rely on large numbers of employees, many of whom have access to hotel information systems. Most data breaches can be traced to individuals, whether acting maliciously, negligently or with complete innocence, and training hotel personnel is time-consuming and expensive. Added to this, many hotels have high turnover rates and uneven training in privacy and security, further complicating creating a culture that promotes security.What Should Hotel Companies Do?While creating a secure environment is a daunting task, hotel owners and operators can and should begin the process, and the most important thing owners can do is to take responsibility for the security of the properties they own. Rather than leaving the issue to franchisors and managers, all involved should take actions that will start the process of creating a data secure environment.Take Control. Cybersecurity cannot be relegated to a single party; owners, operators and brands all need to take an active role in reducing cyber risks. Even where one party might contractually assume responsibility for security, all parties must conduct their operations so as to promote security. If a franchisor establishes effective security guidelines, it does no good if the manager ignores those guidelines. Taking control means conducting a detailed risk analysis of your enterprise, and determine what risks must be avoided, what risks can be assumed, and what risks must be shifted to other, including insurers. With that analysis in hand, a company can make realistic business decisions that reduce cyber risk.Prepare for the Inevitable. It is often, and accurately, said that a data breach is a matter of "when," not "if." With that in mind, all parties should be prepared to react to a breach by having a well-constructed and tested incident response plan in place - reacting in the midst of an emergency is ineffective and counterproductive. Similarly, in light of the prevalence of ransomware, wiperware and other threats, firms need to have robust and effective backup programs that allow them to recover and protect their guests, employees and properties. Finally, preparing for the inevitable means identifying means of mitigating damages, which must include obtaining effective cyber insurance that addresses and covers the actual damages hotels face.Respond to Breaches. Much of the criticism of hotel companies has been not just to the perceived insecurity of their systems, but to delays in responding to breaches. The Hyatt and Hilton incidents noted above, as well as the FTC's action against Wyndham, are all based on failure to take the existence of breaches seriously. Hotels, like all companies, need to have in place and have tested effective incident response teams and plans, including identifying all internal and external sources (attorneys, security consultants and public relations, among others) who will respond to a breach.Create a Culture of Security. Probably the hardest task, but arguably the most important, is to create a top-to-bottom culture of cybersecurity. Every individual in the organization, and every affiliate and third-party vendor, must take the task of cybersecurity seriously, and take on the responsibility of creating a cyber secure environment.A New Legal LandscapeWhile the hospitality industry continues to grapple with data breaches and the vulnerability of existing systems, recent legal developments in Europe and in the United States will have require hotel companies to re-evaluate how they collect information, how they process it, and how to comply with varying and conflicting requirements.GDPRThe European Union adopted the General Data Protection Regulation (GDPR), which became effective on May 25, 2018. The GDPR is a watershed event that will impact every business that collects personal information, wherever located, and it is likely that no industry will be more impacted that the hospitality industry. Other companies can choose not to do business with EU citizens; some companies have determined that it is impossible to comply and have actually closed. That is not an option for hotels. Hotel companies need to understand the goals and requirements of the GDPR. The nature of hotels and the various data holding sources such as OTA bookings and PMS systems escalate the regulation for travel and hospitality industries.The consequences for non-compliance can be extreme: The maximum fine that can be imposed for serious infringements of GDPR is the greater of EUR20 million or four percent of an undertaking's worldwide turnover for the preceding financial year. There is only limited experience in enforcement actions under GDPR, and those experiences have been inconsistent. No one knows yet how European regulators will apply GDPR it to firms based outside the EU, but there are already public interest groups that are targeting multinational companies, and it seems likely that there will be some fallout.GDPR is based on general principles, which allow leeway - and confusion - for companies. The rules of the road are likely to become clearer as the regulation is implemented, but for now, each company must make hard decisions. GDPR requires that an organization both comply with its principles and document compliance. It is more than just adopting a new privacy policy; it requires concrete actions, and recording those actions.And GDPR is not the end of the story. The EU is actively pursuing the adoption of an "ePrivacy Regulation." The e-Privacy Regulation will, in many respects, go beyond GDPR and create additional challenges for companies that have contacts in the European Union.CaCPAThe California Consumer Privacy Act of 2018 (CaCPA) addresses many of the concerns and requirements of GDPR. Companies that take prompt action to comply with the California Act and the GDPR will likely gain a substantial advantage over competitors who wait. While CaCPA has already been amended, and while there are a variety of attacks CaCPA that create uncertainty, businesses need to consider immediate steps to avoid the significant penalties for non-compliance. Businesses must be in full compliance on the effective date of January 1, 2020. It will not be adequate to start compliance efforts on that date.Addressing both the GDPR and CaCPA requires new policies and procedures. Hotel companies need to take initial steps to ensure compliance by creating a standardized approach for handling consumer requests for personal information; develop procedures for responding to consumer requests and data collection and processing tracking procedures to understand what data is collected, where it resides, how it is maintained, and who is responsible for it. Importantly, hotels will need to analyze the legal basis for collecting and processing personal information - businesses will need to explain their legal rationale for exemptions to the consumer's right to have their information deleted.Finally, each hotel company must review its public-facing website disclosures, including adding a description of consumers' rights under the Act, listing the categories of data collected and a conspicuous link titled "Do Not Sell My Personal Information."The hospitality industry is facing both continuing challenges protecting the personal data of guests, as well as grappling with a new legal landscape. Companies need to recognize that while the trials are great, success will create trust in the industry's most important commodity - its guests. A comprehensive approach can give companies the chance not only to confront these issues, but create brand value in doing so.Reprinted from the Hotel Business Review with permission from http://www.hotelexecutive.com/

Marriott Breach Shows Importance of Digital Security

skift Inc. · 6 December 2018
The Starwood hack wasn't the first data breach at a major hotel chain, and it won't be the last. As the meetings and events sector becomes increasingly digitalized, so too does the risk increase when it comes to cybersecurity.The reveal last week of a long-lasting security breach inside Marriott's Starwood Hotels & Resorts should act as a reminder of what is important in the post-GDPR world we all live in.Check out our coverage below on the impact of the breach on Marriott and Starwood hotels, and what it means for the greater travel industry.For meetings and events, expect even stronger vetting of technology partners and venues in the near future. A series of lawsuits over the next few years is going to help set a precedent for how giant corporations respond to data breaches going forward.

The Gist on GDPR

Hospitality Technology Magazine· 6 December 2018
General Data Protection Regulation (GDPR) unifies the data protection rules across Europe, strengthening the rights of EU residents by emphasizing transparency and accountability.

I feel sorry for Marriott...

Pertlink Limited · 4 December 2018
THAT'S AWFUL - but in all honesty, it was an accident waiting to happen.All of the major robberies, and with this I include hacks who embark on unapproved removal of an asset - successful or failed, have focused on BIG targets - whether it be the US elections, Beyonce's jewels, banks, Brinks trucks, the Royal Mail train in 1963, UBER, Hyatt, Target, Home Depot, Cathay Pacific, Dunkin Donuts, USPS, DELL, EMC, Yahoo, or an Apple Store. These are all high-profile targets which have been like honeypots to these felons. Marriott, which now includes Starwood, has grown so huge, it inadvertently put itself firmly and squarely in their sights and became a sitting target. It was really just a matter of time before the inevitable happened - and they would be hit.Sadly, but not surprisingly, we live in a world which is also unfortunately populated by people with malicious intent who either do this for kicks or are commercially driven based on the potential value of the data which can be sold or exchanged for crypto on the dark web. One may even be tempted to classify this event as an act of cyberterrorism or espionage. And let's not forget the lawyers - the wolves at the door [aka Ambulance chasers], just waiting to lay stake to a class action claim. It's a sad reality - and so I feel sorry for Marriott.As a Consultant to the industry, [and in full transparency, I have done work for Marriott so I have had a close perspective on how they operate], I know for a fact that this hotel group and so many other companies go to great lengths and expense to exercise duty of care and use their best endeavors to protect the data given to them for safekeeping so they can provide the best services to their clients. They constantly implement and update hardware defenses, employ tokenization and various encryption protocols for PCI DSS compliance as well as perform extensive vetting of software and hardware vendors, hosting/cloud providers and employees who handle the data. And while we are on the subject of vetting perspective vendors, look at the recent hoo-hah surrounding Huawei and the position some governments took in regards using them for their 5G data networks.Some of the data collected by hotels are for Government compliance, and some for marketing purposes - but the overarching reason is to provide great personalized service. The heavy burden of keeping that data safe is only compounded by government legislation imposed in certain countries and jurisdictions, which add yet another layer to the firewall - one of those being the recent GDPR [General Data Protection Regulation] introduced in Europe on 25th May 2018. I'm very sure more jurisdictions will follow to include the Cybersecurity laws of China, and who knows what Brexit may bring if they install physical borders for the movement of people, then it's almost foreseeable, data flow controls will follow.But the inevitable reality is that there will be individuals, corporations, some possibly state-sponsored, lurking in the dark with evil intent. Do you really stand a chance against them and their specialized tools? As fast as the security device companies find a new way to secure or encrypt data - someone cracks it with some kind of wizardry or an even bigger hammer. We've seen many instances where companies such as Apple have released a new version of a software, only to have it cracked the next day - and so the process of closing that breach has to happen with panic-stricken Elves working overtime. Don't kid yourselves, this is a full-time problem internally and externally - akin to shoring dikes when flooding occurs. Once you sandbag part of the wall, another crack appears and so on.For the last forty years, hotels have, albeit gradually, embraced technology to help process, control and digest the enormous amounts of personal and transactional data that passes through its walls with one major element being Central Reservations [CRES] often with GDS connections. Some of these systems have been around for a very long time and could probably do with an upgrade - maybe utilizing Blockchain. When people make bookings - we use that data to allocate accommodation, provide various services, and associated logistics. The technology came with a promise to make things better - it was to enhance manpower, provide faster and more accurate access to data, and let's not forget, deliver personal service - every Hoteliers dream, by matching the guest's expectation. However, when you collect something valuable like terabytes, petabytes or even zettabytes of personal data about people - that's such an attractive honeypot.I am hopeful that the data forensics team will comb throughany crumbs or fingerprints that may have been left behind -and do whatever it takes to seek out and bring the infiltrators to justice.One has to ask oneself - Is there a solution? Well, I for one, don't have an answer for this - I suspect though it will get worse before it gets better, and that's a sad fact also. The more data we expose, be it to places like Hotels or on Social Media, the more likely it will be targeted and used for dastardly purposes and so I repeat myself when I say, "I feel sorry for Marriott" and I can feel other hoteliers thinking - "there but for the grace of God, go I".But as is often the case, we need a disaster to happen before things get fixed and so hopefully, this will be a loud enough wake-up call for technology suppliers, governments and industry bodies to find a solution. And to these entities - I throw down my gauntlet 4th December 2018

The Cybersecurity 202: Senators call for data breach penalties, tougher privacy laws after Marriott hack

· 4 December 2018
A slew of Democratic senators are calling for tougher privacy laws -- and even steep fines for companies that fail to protect their customers' data from data breaches -- in the wake of Marriott's admission that hackers compromised the personal information of up to 500 million of its customers."We must set clear customer data protection standards for all companies -- whether they're hotel chains, online retailers, or big tech -- and severe penalties for those who fall short," Sen. Richard Blumenthal (Conn.) tweeted.Sens. Mark Warner (Va.) and Ed Markey (Mass.) also pressed for tougher data security laws, and said Congress needs to set limits on how much customer data U.S. companies are allowed to store. Sen. Ron Wyden (Ore.) went even further -- he said senior executives who ignore customer data privacy should face jail time.After potentially one of the largest breaches of consumer data in history, lawmakers appear ready to take a page out of Europe's playbook to ensure it does not happen again: Their calls for aggressive penalties for companies that have poor data security are reminiscent of the General Data Protection Regulation that went into effect in the European Union earlier this year. The GDPR requires companies to adhere to a highly specific set of security requirements -- and contains fines up to 4 percent of a company's annual revenue for violations. It is unclear, however, how such legislation would fare in a split Congress that appears poised for gridlock.
commercial

Direct Bookings on Autopilot: the new A.I. that knows what hotel guests want

Hotelchamp · 4 December 2018
Amsterdam - December 4 2018 - Hotelchamp today introduced 'Autopilot' - new technology set to revolutionise how hotels think about their online guest experience."Today's hotel websites provide the same static experience for every visitor, which is bizarre given how different guests and their preferences are," says Kristian Valk, CEO of Hotelchamp.Hotelchamp is set to change that with the introduction of Autopilot, an artificial intelligence engine trained to recognise and personalise the experience of every visitor to a hotel's website.Hotels already spend huge amounts of time and money on guest personalisation - from email campaigns and communication, to advertising and loyalty programs. But most if not all these efforts are funnelled to static, one-size-fits-all websites."Personalisation is already the standard that guests have come to expect from hotels. The challenge has always been how to deliver that on a website in a scalable and meaningful way," says Valk."The truth is, only A.I. can deliver a truly adaptive website experience tailored to every single website visitor. One that brings the right information, interaction or offer, to the right person, and at the right time."Hotelchamp's Autopilot is not a chatbot or 'digital concierge' - it customises static hotel websites using a range of marketing techniques and tools. With a seamless integration, the result is a living, responsive and personalised experience, guiding guests through the entire direct booking process depending on their characteristics and needs.Hotelchamp's data science team developed Autopilot using years of data and millions of A/B test impressions on what exactly convinces guests to book direct. Autopilot applies this knowledge against a range of factors; including real-time data from a hotel's website, GDPR-compliant visitor insights and behaviour, and best practices from amongst Hotelchamp's thousands of hotels.Whilst this may sound complicated, all the hotelier needs to do to activate Autopilot is literally flick a single switch."We developed Autopilot to make it easy, not just for hoteliers, but also for guests to see the best information on the website. Autopilot makes direct bookings smarter - not harder," says Valk."We believe that with this type of technology now available to the hotel industry, hoteliers can bridge the gap between the online experience and the personal service hotels are famous for - a website that knows what guests are looking for, even before they do."About AutopilotUsing an A.I. engine to identify customer segments and audiences, Hotelchamp Autopilot can automatically serve the best information for each guest.Autopilot has been trained using insights from the Hotelchamp data science team and millions of A/B test impressions. Using this knowledge and live insights from the hotel's website, Autopilot recognises and personalises the website experience in real-time to convince visitors to book direct.All Hotelchamp tools can now be controlled by Autopilot, meaning the system will only deploy the right tools at the right time to the right audience. This process happens in real-time and is entirely personalised to each individual website visitor and moment in the booking phase.Autopilot bridges the gap between the digital journey and the personal service hotels are famous for - a website that knows what guests are looking for, even before they do.

Marriott sued hours after announcing data breach

zdnet.com · 3 December 2018
Hours after announcing a data breach on Friday, two Oregon men sued international hotel chain Marriott for exposing their data. Their lawsuit was followed hours later by another one filed in the state of Maryland. Both lawsuits are seeking class-action status. While plaintiffs in the Maryland lawsuit didn't specify the amount of damages they were seeking from Marriott, the plaintiffs in the Oregon lawsuit want $12.5 billion in costs and losses.This should equate to $25 for each of the 500 million users who had their personal data stolen from Marriott's servers in the breach announced last week, on Friday.The two Oregon plaintiffs told a local newspaper, that they view the $25 as a minimum value for the time users will spend canceling credit cards due to the Marriott hack.The Maryland lawsuit was filed by Baltimore law firm Murphy, Falcon & Murphy, according to a press release.

Data Security in Hospitality: Risks and Best Practices

EHL · 3 December 2018
Information security is a pivotal aspect of many industries, not least the hospitality industry due to the nature of the data collected by companies operating within hospitality. Hotels, motels, resorts, and rented apartment complexes all gather and electronically store a range of sensitive personal guest data, such as names, phone numbers, addresses, and credit card details.From the perspective of cybercriminals, hospitality appears to offer an ideal target vector for conducting crimes such as identity theft and credit card fraud due to the existence of multiple databases and devices containing both Payment Card Information (PCI) and Personally Identifiable Information (PII).This article focuses on five of the biggest data security concerns in the hospitality industry and highlights some best practices for protecting hospitality data.Data Security Concerns in HospitalityComplex Ownership StructuresRestaurants, hotels, and other companies in the hospitality sector often have complex ownership structures in which theres a franchisor, an individual owner or group of owners, and a management company that acts as the operator. Each of these groups may use different computer systems to store information, and the information can also frequently move across those systems.A case in point was the Wyndham Worldwide breaches of 2008 and 2010. Hackers gained access to the systems of an individual operating company through easily guessed passwords, and the attack easily proliferated through the entire corporate network, with the result that 619,000 customers had their information compromised.Reliance on Paying By CardThe nature of the hospitality industry is such that it is extremely reliant on cards as a form of payment. Restaurants and hotels alike often require credit card details for reservations, and final payment is also frequently made by the same card.Cybercriminals use this reliance on cards to infect point-of-sale (POS) systems with malware that steals credit and debit card information by scraping the data. In fact, it was reported in 2017 that out of 21 of the most high-profile hotel company data breaches that have occurred since 2010, 20 of them were a result of malware affecting POS systems.Because this malware can often proliferate or move between POS systems run by the same operator, multiple individual and groups of hotels can be afflicted by these types of attacks, and they can go unnoticed for months.High Staff TurnoverA vital part of protecting data is training staff to securely gather and store personal information. Well-trained staff also know how to recognize social engineering attempts and they understand an organizations compliance requirements. The risk is that the hospitality industry involves lots of seasonal work in which people might move on after only a few months, or they might be transferred. In the U.K., for example, the job turnover rate in hospitality is as high as 90 percent.The high level of turnover and high degree of staff movement between different locations makes it a real challenge to maintain teams of well-trained staff. All it takes is one person who isnt familiar with the importance of data security for a cybercriminal to exploit a hospitality companys systems and gain access to sensitive data. ComplianceData security risks in the hospitality industry extend far beyond the reputation hit that a hotel can take if guests data is compromised. Industry and political regulators are becoming stricter in governing how organizations process and store personal data.The GDPR regulation was introduced by the EU in May 2018 as a landmark legislation that aims to return control over personal information to individuals while simultaneously enforcing stricter rules for organizations in protecting such information during any period in which they possess it.While GDPR protects individual data within the EU and EEA, its ramifications have rippled through industries globally, and organizations are realizing the need to put greater compliance measures in place.PCI DSS is another important global regulation that protects credit card data, and fines for non-compliance begin at $500,000 per incident. The risk here is not just to data security but to the future survivability of hospitality companies, many of which would not be able to absorb the substantial losses resulting from non-compliance fines. Insider ThreatsThis type of data risk is more subtle and it involves employees selling data to third parties without the knowledge of the organization that employs them. Such insider threats typically occur to data on customer preferences and behavior, which hospitality companies can collect at multiple touchpoints, from interactions with their website, to form data on booking systems, to review data.This data could be potentially lucrative when it ends up in the hands of those who know how to use it to gain a competitive advantage.Best Practices for Data Security in HospitalityBest practices for companies in the hospitality sector to protect data include:Always encrypt payment card information.Operate a continuous training program in cybersecurity to maintain a well-trained workforce.Always adhere to relevant regulations, such as PCI DSS.Use cybersecurity measures such as firewalls, network monitoring, anti-malware, and traffic filtering to protect against common threats.Conduct tests against your organizations cybersecurity defenses in which you mirror the behavior of an actual hacker.Know where your data is and enforce the principle of least privileges to limit access to sensitive information.Wrap UpWith a full understanding of the main data security risks and some best practices for mitigating those risks, organizations in the hospitality sector are better placed to implement a comprehensive information security strategy that entails the necessary procedures, processes, and people to improve cybersecurity.

Marriott's Starwood Data Breach Joins a Decade-Long List of Hotel Data Exposures

skift Inc. · 3 December 2018
Several years ago, the hotel industry fought U.S. federal watchdog efforts to fine chains for negligent data protection practices, arguing that hotels had things under control. Hmm. A rash of hotel security incidents since then undercuts the claims of hotels, which need to take a more bank-like approach to data protection.When Marriott International revealed a massive security breach at Starwood-branded properties, it joined an unfortunate long line of guest data breaches by hoteliers.The scope of the breach at the worlds largest hotel group is more spectacular than any other in travel to date. Marriott said the breach affected hundreds of millions of customers who stayed at Starwood-branded properties between 2014 and September 10.POTENTIAL RECORD FINESThe breach may also expose parent company, Marriott, to record fines because, unlike most past breaches, some of the activity appeared to happen after Europe put into place General Data Protection Regulation (GDPR) in May 2018 that boosts fines for violations of some types of data security.Exact fine estimates are impossible to gauge, but experts said the prospective range would be potentially higher than the spectrum used by European Union and U.S. officials in the past. European officials have the discretion to fine companies up to 4 percent of annual revenue in the year preceding a data protection incident.Other investigations are in the offing. On Friday, the New York attorney generals office said it would open an investigation into the breach.That office has had success in pursuing prosecutions before. In 2017, Hilton Worldwide agreed to pay a $700,000 fine to the state of New York after data security failures exposed more than 350,000 credit card numbers in two breaches in 2015.

Hotel CRM Reality Check

Vikram Singh ·29 November 2018
On January 20, 2017, I booked a hotel in Seville, Spain. That is also the day that Melia Hotels & Resorts got my email address. The rest, as they say, is history.For those of you who are not familiar with EU-based hotel companies: Melia Hotels International is a Spanish hotel chain also known by its former name of Sol Melia. They have 374 hotels in 40 countries on four continents. They are not a big household name in the US, but they got some attention back in 2010 when they sold their "Tryp" brand to Wyndham Hotels. I made several groovy jokes back then about Wyndham "Trypping," which thankfully nobody remembers. Moving on.So why am I taking you all the way back to 2017? Since my initial interaction with Melia Hotels, I have received 2-3 emails from them every month. After deleting some of the earlier ones, I was almost ready to "Unsubscribe." Then I had an epiphany: how about I stay on the list and see how this multi-billion dollar hotel company handles its Customer Relationship Management (CRM), and in particular its email marketing campaigns.What started almost two years ago is now ready to be shared.Buzzwords, They Keep on BuzzingThere have been over a dozen articles (plus a couple of white papers) telling us how software is transforming the hotel CRM landscape. There is more talk about how "personalization" is changing everything. However, my two-year collection of emails from a well-established hotel brand sheds a very different light on how things are in the real world.There are over a dozen CRM vendors who will sell you their software....I don't think this is a software issue. The biggest CRM challenge for hotels is hiring the right people. Lack of talent is a much bigger threat to the hotel industry than our world-renowned outdated technology.Let's Take a Trip Down Memory LaneA couple of things to keep in mind as we take this journey together:Melia Hotels is just an example I am using for this post. I am not singling them out as an outlier. Before you high five your marketing team, please know that there are 5-8 other hotel brands (big box and independently owned) who have sent me a similar pattern of emails.I have not included every email ever sent to me. Some were deleted while I logged a quarter million miles of flying last year.This year I published the Ultimate Guide To Hotel Email Marketing. If you think you may need help, read my guide to start sending better emails.I stayed at the Gran Melia Colon Hotel in Seville in April 2017. After the usual follow-up emails about my stay and 2-3 emails about leaving them a review with TripAdvisor (which I never do), a barrage of discount emails started hitting my inbox. In June 2017, I started to document some of them.Let's roll.June 2017The first email I saved offered 45% off their hotel in London, Wow, quite a deal, right? Pay attention to the "45% off," as it will make a comeback...again and again...like Jason Voorhees.July 2017In July, the discount dropped...but not for long.August 2017August opened strong with deals to Milan...40% off!Dropped by 5% mid August. Dang, should have dropped everything and gone to Milan from Hawaii 4 days ago! It's not that far, is it?Three days later, the offer is limited to only one hotel! I still have not been south of Seville. Maybe I should quit what I'm doing and head to the Southern shores? But what about the North/Atlantic part of Spain? I want to go there too. Will I get 35% off ever again? What about the 45% deal? Is it ever happening for me again?September 2017Dear diary, the 40% deal is back!! Wait a minute...it's for booking next summer!? What if I don't get time off? Unless I am working in Europe, there is no guarantee of a summer break. In the US, there is no guarantee of ANY break. 40% off is too good to pass up, but I don't know where I will be in the summer of 2018.Are you kidding me? 22%!? Guys, I do not get out of bed for less than 40%. You have done 40% for me before. Why are you giving me only 22% off now? Are you guys mad at me for not booking last time?October 2017Sweet relief! The 40% deal is back! But wait...I need to go urban this autumn? I can't go urban this autumn! I only go "urban" in the winters!November 2017OMG! I cannot believe this! 50% off! How is this happening? How are they going to make any money? But wait...the email mentioned "This is only the beginning." What does that even mean? More 50% off emails, or will I be getting even bigger discounts!? This is getting out of hand, but I really cannot travel right now so...I shall pass on this miracle. Alas, it might never happen again in my lifetime.It's another miracle! But this miracle actually ends on Sunday! Black Friday is not just about brawls at the local Walmart anymore. It is now about deep discounts. Sounds like I will never pay retail again for my hotel room...thank you! I feel like I am living in the golden age of hotel discounting. How neat is that!OMG! Three miracles in one month! This is all that's playing in my mind right now: "We are not worthy!" I guess Cyber Monday is no longer about buying bulk paper towels. You can now get 50% off for booking a room you otherwise would have gotten at full rate. There is a lesson in here somewhere.December 201722% off is for the birds! 40-50% off and then we can talk. "Season of love and laughter." Please. If you really cared, you would offer a better deal. From 50% to all the way down to 22%...now I am sad.Are you kidding me? 20% off. Let me put on some sad music to go with this deal.Oh, look who's back! 45% is nice...but what's with the lady trying to drown the kid? Love the "say goodbye to winter" tagline. If only it was so simple. Besides, I like winter in Hawaii!30%? No thanks. "Am I well travelled?" Does logging over a million miles in the air count?January 2018LOL! "Head to London in February" = Someone who has never been to London in February. Hard pass.Oh look, the underwater lady and kid are back! 45% off to book for summer. Again, no idea where I will be, but thanks for asking.February 2018"Jet off to somewhere soon." Guys, 40% off is great. But remember, we don't do time off in US. Hope the lady has sunscreen on.45% off is good. But..."Goodbye Monday Blues"? I love Mondays! What's wrong with Monday?The underwater lady is back! I really hope that kid is all right.So glad I did not book 4 days ago @45% off! 50% discounts are back! "Book now or regret it later." Wait, are you threatening me?"There is no better place." Apparently that place is also secret enough to not be above the fold in the email design. Life is full of surprises, I guess.March 2018Nothing inspires confidence in a new hotel like a 30% off deal on Day One.In the era of "fake news," your tagline % better match the actual offer.Four days in...where? I would love to hop there in 2.5 hours. When I checked into the hotel, they copied my ID, passport, credit card. Sir, I am not 2.5 hours from anything!April 2018Oh look! It's the return of 45% off Summer.Three days later: 20%? No, thank you. Hey, what's the mysterious black stuff on the beach outlining Best Offers? (Cue in X-Files theme.)Beach lady makes a comeback! This time on 100% green grass. Did she like her beach vacation? We will never know."Short Haul" in body copy of email sent to the other end of the world. LOL."Reservar Ahora." English email, Spanish call to action. Can't lose?"Mid Season Sale"...but that lady is floating in the water. Will she catch a cold? Also, 30-35%...I'm more of a 45% and above kind of guy.May 2018Back to 45%, now we're talking.Four days later, down to 40%.Beach won this round.Back to 45% 6 days later.20%...how about not.It's GDPR season! Also, is she opening or closing the curtain on my privacy?40%...hey, it's better than the 20% off from last week.GDPR curtain lady returns! Also, check out my points balance!20%... nope.June 2018Cool kid with shades giving 45% off.Oh no, I lost 5% discount in 2 days! This one says it will hold for 10 days only! What if I am stuck in 20% discount land after that?Last chance? Are you sure? I will never get a discount again? Oh no!Oh c'mon! I thought 40% was valid for 10 days ONLY! Here you are seven days later giving me 45% off! I thought we were friends.Going urban? Sure, like Urban Outfitters? Oh hello, 45% off. Nice to see you again."Unforgettable memories...with 40% off" is a hilarious snippet. But wait...there's more. "Tell Me More With 40% Off" is a hilarious call to action! How do they do it?Nothing will warm the heart of a hotel ownership group like having their management brand kick off a new opening with 35% off.Cool kid with shades giving 45% off is back!July must be about comebacks. Urban lady feels like a friend now.July offers...but for October. Let me stop everything and figure out this email. Also, only 25% off?10% deal? Do you even know who I am? I have not gone below 20% with you! Also, 50% off in the copy of the email. What game are we playing here?I am still mad about the 10% email. But ok, glad to see we are back to 45%.45% off...keep em' coming, baby!Searching for paradise? Dude, I live in Hawaii. Have you even checked my profile/analytics? Oh, never mind.Wishing on a star that the next email will be 45% off.Yes! My wish came true. 45% off email is back.I get sun here in Hawaii. In Spain, I soak up some of the world's best food. Didn't I do so many food-focused things in Seville? Do you remember anything about me?Escape from what? I am not trapped anywhere. Do you think I am? Why?35%. Meh.35%. Meh.Did someone mix up their Instagram motivational quote with their call to action? Also, they spelled unforgettable wrong. Also, 35%. Meh.45%, yeah! Wait, who is she looking at?"Exclusive Offers Just For You." LOL!Last one. Check out my amazing point balance.CRM Is Not An Acronym for Email MarketingSomewhere along the way, hotel CRM has evolved into just sending emails to guests. The typical five-step email cycle breaks down as follows:Booking confirmation emailReminder emailCheck-out emailRequest to review the property on TripAdvisor (2-3 emails)Discount emails for the remainder of your lifeBreak the cycle. You have too much information about your guest for you not to care about segmenting. Break down your lists by geography, interests, age, and then stay in touch for more than just discounts. Hotels all over the world have scanned or photocopied my passport and driver's license. That level of personal information is only available to the TSA (Department of Homeland Security) and border control agencies worldwide. And yes, a small hotel in Kyoto. Think about it.Three Step Plan for Improving Your Hotel's CRMStep 1: Designate CRM ownership. Select a person to lead your CRM efforts and strategy. Your customer database is something you need to own and maintain over time. Your database should not be passed around like a basketball, available to any department that wants to take a "shot" at making the basket.It is not about software, it is about who is keeping an eye on things. Any customer contacts should get a final stamp of approval from a central person who is keeping an eye on CRM database quality and ongoing business analytics.Step 2: Check yourself before you wreck yourself. Two parties have traditionally misused the hotel email database.Sales and marketing. Avoid sending a promo about something that not everyone would be interested in (eg, local restaurant/bar promos that get blasted out to everyone in your database, including guests who never used it and live over 3000 miles away).Revenue management. You guys are great, but please stop using your email database like an ATM machine. Every time the revenue numbers slack off a bit, you can't just pull the lever on an "exciting 45% off" email and wait for the reservations to trickle in. Oh, this also answers another question I get a lot. "Why are our campaigns not performing like they did last year?"Step 3: Segment or go home. Your hotel customer database is not going to stay fit and fine forever. It is not Hisako Manda. In addition to performing ongoing maintenance, you also need segmentation. One big list should make way for smaller segmented lists. Examples include:Geographic locationClicks (0, 1, or more?)Frequency of use (checked in more than once?)RepliesConclusionSomewhere along the way, hotel CRM became synonymous with email marketing. This is really unfortunate because, unlike other industries, hotels sit on a mountain of personal data. Generic outreach chips away at any hope of building a relationship with your guests. There is a ton of speculation in the marketplace about who truly "owns" your guest. The truth is that nobody owns your guest, but you sure can make an effort to reach out and be their friend. Remember, nobody makes friends and builds relationships just by offering discounts. You have to share value to see your revenue numbers grow.
commercial

Tamourine's 5th Annual Hotel Marketing Thanksgiving List

Tambourine ·20 November 2018
God bless America.It's also the time of year when we survey hundreds of clients, colleagues and industry experts what they are feeling good about.Based on the results, here are five things hoteliers are feeling thankful for this Thanksgiving:1. The continued strong economy and surging KPIsHotel marketers have plenty of reasons to be thankful this year that the U.S. economy remains strong, as does overall hotel industry performance, which continues to hover at or near record levels. (See chart below: experts at CBRE forecast ADR and RevPAR growth exceeding 2.5% for 2019.) For one, the hotel industry's currently robust metrics are helping to make most hospitality marketers look like geniuses-- whether deserved or not--by fueling major gains across numerous key marketing KPIs. The present economic strength also creates a thriving job market, both within the hotel industry and in the larger workforce. This helps keep hotels staffed, brings business travelers through the door and gives leisure travelers more of the disposable income they need to take vacations. It also fosters strong group business, since companies are more willing to spend on corporate events and SMERF groups are typically more active.As we've stated many times before, this is absolutely crucial, since even marketing geniuses can only do so much with a sub-par property.2. Their growing comfort with all things digitalThere may have been a deep learning curve at first, but hotel marketers are getting increasingly comfortable wielding the same digital weapons OTAs have used in recent years to hack off a big chunk of the bookings market. That's changing now that marketers are adapting to this new competitive landscape, and as more millennial/digital-native employees enter the workforce.There are now hotel marketers everywhere working to employ more efficient digital marketing and SEO, create streamlined booking experiences, harness CRM and RMS systems, and build better guest personalization, among other innovative pursuits.Although many of the traditional, old-school hotel marketing basics still apply, the new tech-driven weapons being employed were a desperately needed upgrade in order to remain competitive with the major third-party channels. Hotel marketers are no longer bringing a knife to the proverbial gunfight.3. The rise of social advertisingUsing the advertising capabilities of social media platforms is proving to be a great means of offsetting the rising costs of Google AdWords PPC campaigns, while offering expanded audience targeting capabilities. Now that's something to truly be thankful for.More and more serious hotel marketers are embracing these media channels, and for good reason: 30% of Gen Z (18- and 19-year-olds) and 42% of millennials (20- to 36-year-olds) believe social media is the most relevant channel for ads, according to Adobe's State of Digital Advertising 2018 report. Respondents over the age of 37 still find TV ads are more relevant, according to the report, but they rank social media second. Clearly, that's a lot of eyeballs that can be garnered through social, and for a relatively inexpensive price when compared with PPC and traditional mass media. But the benefits of social advertising don't stop there for hotel marketers.It's also great for creating promotions intended to specifically boost business during "low periods," like those inevitable times when seasonality or the unexpected cancellation of a large group suddenly impacts occupancy projections. Smart hotel marketers are finding great success during these times by working Facebook and Instagram ads in tandem, with clear, timely, specific and hyper-focused pitches that utilize lots of eye-catching graphics and video. The more unique customer groups one can target with these specialized messages, the better.4. The cornucopia of available guest dataHere in the era of "big data," hotel marketers are drawing upon more knowledge than ever about guests to craft segmented campaigns and improve the guest service experience, cultivating this vital customer intel from a wide range of sources, including their hotel's PMS, CRM, POS, RMS, social listening and more.This burgeoning flood of information is leading to unprecedented consumer insights.With so much valuable data now in hand, marketers can better understand who their best guests are, by closely looking at who is spending the most, when they spend it and where on property these revenues are generated. Campaigns can now be better customized to attract these big-ticket guests.Hotel marketers can also monitor guest sentiment through methods such as social listening and on-property guest/relationship management software, which can reveal underlying product or service problems at the hotel and/or opportunities where guests can be delighted with great customer service. From there the hotel staff can analyze these findings, perform the necessary research and devise plans that address areas of improvement in the future.5. The non-impact of GDPR (so far) in the U.S.The European Union's 2018 General Data Protection Regulation (GDPR) took effect on May 25, mandating that companies receive customer consent before storing, processing or using personal data from all EU citizens, while also providing a means for those citizens to remove their data from databases. Among U.S. businesses this was particularly noteworthy for hotels, which often serve international guests.The new GDPR regulation has sent hotel marketers scrambling in recent months to ensure compliance, but six months later it's proving to be less of a factor here in the U.S. than was originally feared. The immediate result was a flood of permission-seeking emails and cookie requests sent to users by respective sites, which have likely all been read, clicked and deleted by now. Otherwise, there have been relatively few (if any) relevant lawsuits here in the States involving hotels.

5 Things Marketers Should Give Thanks For

MDG Advertising ·15 November 2018
'Tis the season to reflect and express gratitude.So, what should marketers be thankful for this year? Which evolutions, tactics, and trends impacted the field positively in 2018?There are countless options to choose from, but these five in particular stand out for both the scale of their influence this year and for their potential to continue to affect marketing for years to come.1. The GDPR Data RegulationAt first glance, Europe's General Data Protection Regulation (GDPR) seems like something marketers should lament, rather than be thankful for. This sweeping legislation, which went into effect in May, gave consumers much more control over their own data and required businesses to disclose their data collection practices as well as ask for explicit consent to utilize information. Although the regulation was enacted by the EU, it impacted firms of all sizes across the globe.Why was this good for marketers? Because for years data had been collected, used, and stored sloppily: too many firms had embraced the power of data without accepting the necessary responsibility. This was leading to ever-increasing distrust and anger from consumers.Essentially, GDPR forced businesses to take much needed steps that had been avoided for far too long. While this brought some short-term pain, it made the long-term future of data-based marketing much more secure.2. Voice Search and Natural Language ProcessingWhile search engine marketing and search engine optimization have been powerful tools for businesses, there has also been a largely unacknowledged flaw: the way search platforms are used and they way operate has not matched real-life behavior. Specifically, the keyword-based approach to search hasn't been a good fit with how people naturally use language.Two trends are changing this. First, thanks to the popularity of tools such as Siri and Google Assistant on smartphones and devices enabled with Alexa-like helpers, consumers are increasingly using voice to search instead of typing. Second, search engines like Google are utilizing approaches such as natural language processing (NLP) to better understand how humans communicate. Essentially, people are searching more conversationally and search systems are simultaneously getting better at deciphering conversational language.For marketers, this combination means that trying to anticipate stilted consumer queries is becoming increasingly less important. The major benefit of this is that efforts can be focused on targeting what people truly want -- not the keywords they happen to use in a search engine.3. Account-Based MarketingWhile new technologies usually get most of the buzz, sometimes changes in approaches can be just as transformational to marketing.One prime example is account-based marketing (ABM). This framework, which transitioned from a buzzword to a mainstream strategy this year, is used to market to firms or even individuals with specific messaging, rather than lumping them into segments. While this may not sound revolutionary, its impact is: some 97% of marketers say ABM has a higher ROI than any other marketing initiative.Why is ABM such a big deal? Because it's an example of an approach maturing at the same time as the tools needed to execute it properly. Thanks to sophisticated marketing platforms, marketers and salespeople can now to highly tailor messaging, advertising, and content at scale. This means each target is delivered the most effective materials, resulting in higher engagement and revenue.4. InstagramWhat if there was a social network that was based on the visual content types audiences love (images, videos, ephemeral posts), that was adored by valuable audiences, that wasn't tainted by scandal, and that had highly-effective advertising capabilities?There is: Instagram.The platform now has more than 1 billion active monthly users, is catching up to Snapchat in popularity with young consumers, and has avoided the controversies surrounding parent company Facebook while still utilizing its incredibly powerful advertising engine.Basically, this was the year that Instagram became the Goldilocks network: just big enough, just popular enough, just trendy enough, and just sophisticated enough. In a time when audiences are increasingly wary of big social platforms, it has become a much-needed haven for marketers.5. MillennialsFinally, this year marketers should be thankful for a demographic that has been much maligned: Millennials.For years, businesses have been struggling to understand this group, which is expected to overtake Boomers as the largest age cohort in the United States in 2019. Unfortunately, much of the coverage has been alarming: supposedly these younger consumers want firms to be hip and political by diving into cutting-edge technologies and controversial causes.The data, however, paints a different picture. As with all other groups, Millennials' top concerns with products/services are cost and quality. Beyond that, this group doesn't necessarily want companies to take stands: just 15% say they pay attention to brands' political and ethical positions. Rather, what they care about are authenticy (97% value), trustworthiness (77%), loyalty (74%), and responsibility (73%).Fundamentally, Millennials are simply pushing brands to ditch artifice and focus on providing authentic messaging, high-quality service, and good value. That's a positive shift that both consumers and marketers should be thankful for.

In the wake of GDPR, what's next for data privacy?

Hotel Online·15 November 2018
In a marketer survey by SAP, 42% did not believe GDPR applied to them and 26% said they did not collect the type of data protected under the regulation. What should marketers know about strategies for data privacy?

New Global Directors Join the 2018-2019 HFTP Board

8 November 2018
The HFTP 2018-2019 Global Board of Directors was installed during the association's 2018 Annual Convention and introduces new directors Toni Bau, Carson Booth, CHTP and Mark Fancourt. These extensive director profiles give insight into the distinguished professions and personal goals of HFTP's newest association leaders. By Briana Gilmore

HFTP 2018-2019 Global Executive Committee and Board of Directors Begin Term

HFTP · 5 November 2018
The 2018-2019 Global Executive Committee and Board of Directors for Hospitality Financial and Technology Professionals (HFTP) have officially begun their term at the start of this month. The association leaders represent a wide variety of segments within the hospitality industry, including: clubs, consulting, hotels, finance, technology and more. The HFTP Global Board volunteers its time and professional expertise to help guide and progress the association to the forefront of the industry as it carries out its strategic plan.The HFTP Global Board is the primary decision-making body of the association. Under its Board's vision, HFTP is able to expand its international reach and address the needs of the hospitality industry at large. The Board ensures the continuity of the association by planning for the future, establishing and reviewing major policies and programs that support the mission of the association, and by ensuring that the association is fiscally sound."The HFTP Global Board looks at the association's big picture strategic goals, and makes sure its current programs and initiatives align with these," said HFTP Global President Scot Campbell, CHTP. "It is an active time for HFTP as it expands its presence internationally and develops and updates industry resources. The Board pursues each of these initiatives only after determining whether they do serve to provide a source of hospitality finance and technology knowledge - HFTP's strategic goal."HFTP 2018-2019 Global Executive Committee members:President: Scot Campbell, CHTP, CTO, North American Concerts - LiveNationVice President: Michael Levie, CHTP, COO, citizenM HotelsTreasurer: Mark Pate Sr., CHAE, CHTP, MBA, Assistant Controller and IT Director, Highpointe Hotel CorporationSecretary: Neil Foster, CHTP, MBA, IT Consultant, Tech-Tonic Hospitality ServicesImmediate Past President: President: Timothy G. Nauss, CHAE, CFO, Macau Studio CityExecutive Advisor: Stephanie Anderson, CHAE, CPA, CGMA, CFO, River Bend Golf & Country ClubHFTP 2018-2019 Global Board of Directors:Director Toni Bau, Director of Finance, Portola Hotel and Spa Read her new director profile.Director Carson Booth, CHTP, CEO, SnapShot GmbH Read his new director profile.Director Cindy Braak, SVP Finance Business Partner, Marriott InternationalDirector Jill Burnett, CHAE, CPA, Controller, Medalist Golf ClubDirector Mark Fancourt, Co-Founder, Testbed.Vegas & TRAVHOTECH * Read his new director profile.Director Md Amirul Islam, CHAE, Assistant Manager of Income Audit, Marriott Autograph CollectionDirector Martha Mazzitelli, CAM, CHAE+, CHTP+, CFO, Bay Colony Shared ServicesDirector Nick Price, CEO, NetSys Technology LimitedDirector Laurie Rozeski, CHAE, MBA, CFO, Wildcat Run Golf & Country ClubDirector Justin Taillon, MBA, PHD, Professor and Department Head, Highline CollegeDirector Derek Wood, Managing Director, Derek Wood Associates LTDEx Officio Frank I. Wolfe, CEO, HFTPUpcoming this year, HFTP will continue to produce three Hospitality Industry Technology Exposition and Conferences (HITEC). The largest is in Minneapolis, Minnesota USA on June 17-20, 2019; plus HITEC Dubai on December 5-6, 2018 and HITEC Europe in Mallorca, Palma, Spain on April 9-11, 2019. Other HFTP conferences include: Club Summit on March 11-12, 2019 in Nashville, Tennessee USA; Club and Hotel Controllers Conference on June 17-19, 2019 in Minneapolis, Minnesota USA; and the Annual Convention on October 23-25, 2019 in Orlando, Florida USA. The association will continue to promote its newsworthy, resourceful web series: HITEC Bytes, HFTP Club Bytes, HFTP Finance Bytes, HFTP F&B Bytes, HFTP GDPR Bytes and HFTP News - as well as its hospitality-specific search engine, PineappleSearch.com.For more information on HFTP leadership and leadership opportunities, contact HFTP Executive Services Administrator Millicent Gustafson at millicent.gustafson@hftp.org or +1 (512) 220-6449.

Radisson Hotel Hack Shows Vulnerability Of Hospitality Industry

· 1 November 2018
Radisson Hotel Group has confirmed a data breach that exposed the personal details of "small percentage" of its Radisson Reward member's scheme.The hotel identified the breach on 1 October 2018. In a statement, the hotel group said that the data breach "did not compromise any credit card or password information".Information accessed by hackers was restricted to the names, addresses, country of residence and email addresses. In "some cases" company name, phone number, Radisson Rewards member number and frequent flyer numbers were also compromised.The hotel chain said that it "identified" the hack on 1 October, which occurred on 11 September. However, they did not inform Radisson Rewards members until the 30 October.It is unclear if they informed the UK's data watchdog, the Information Commissioner's Office. Under Europe's General Data Protection Regulation (GDPR), an organisation has 72 hours to inform the relevant data protection body.Rusty Carter, VP of product management at cybersecurity company Arxan Technologies, said that not all companies are taking note of GDPR.

What's Haunting Hotel Marketers This Halloween?

Tambourine ·31 October 2018
Continuing our annual Halloween tradition, we've asked hotel marketers nationwide, across all chain scales and property sizes, what they're most spooked about right now. In past years, the list has included:* Unrealistic goals set by ownership* Product deterioration* The cost of guest acquisition* Shaky job securityMany of those were on the minds of the folks we spoke to this year, however, here are five particularly frightening problems keeping hotel marketers up at night right now:1. Brand Proliferation/DifferentiationMany hotel marketers (and owners) view the industry's numerous and ever-growing assortment of brands as an increasingly frightening issue, especially considering that many of those brands are owned by a handful of massive conglomerates. For some marketers, as more brands enter each competitive marketplace, it becomes proportionally more difficult to convey the identity of their own brand to consumers and build lasting brand loyalty... Further commoditizing hotels in the eyes of consumers.There are hundreds of hotel brands currently operating, according to STR's latest global chain scale list. And as was reported in Skift, at least 30 of those brands are owned by Marriott, AccorHotels owns 25 (not including luxury rental purveyor Onefinestay), 20 are owned by Wyndham and Hilton and InterContinental Hotels Group each have 14. The list keeps growing too, as companies add more brands, without removing older brands that may no longer have the same appeal, partly due to the long-term nature of many brand agreements.One solution, according to experts, is to view each property as a brand unto itself, and focus on communicating the unique qualities, location and selling points of that hotel. This way, the hotel stands out on its own merit when searched by travelers, who may be more loyal to a third-party aggregator like TripAdvisor, as well as their own specific wants and needs, than anyone traditional hotel brand.2. Recruiting Digital TalentStaff turnover among job-hopping millennials can limit your hotel marketing successThe hotel industry stands to benefit from high-quality digital marketing even more than many other businesses, yet hoteliers frequently struggle to hire and retain skilled digital marketing professionals. It's partly due to the overwhelming competition for digital talent by multiple industries, the difficulty of marketing competitively against the OTAs and specific issues and perceptions within the hospitality business itself.When trying to attract candidates who might also be considering options ranging from joining Silicon Valley giants to creating hip new startups, hotel marketers often need to combat the (unfair) assumption that hotel marketing is a stagnant, slow-to-change profession. There are also issues with compensation--the hotel industry sometimes lags behind--as well as a lack of candidates who possess both the required digital skills and the experience demanded by owners and their hotel management firms.In addition to these hiring difficulties, you also need to be sure your digital team deeply understands the hotel experience and booking process. Look for hires who have substantial personal travel experience, understand the travel purchasing funnel and have the knowledge and skills to turn that funnel into tangible digital action.3. Integration WoesEven though it's a problem long bemoaned by hoteliers, the continued lack of integration between the numerous and growing list of software applications and vendors used by hotels remains a major nightmare for hotel marketers. Far too many hotels are still operating with a disparate hodge-podge of systems (PMS, CRS, POS, CRM, website, etc.) that each performs their given role, but may not communicate properly with one another.More seamless integration would enhance both the effectiveness of these systems and their reporting abilities, while eliminating some of the job frustration caused by the disparity. Reducing the amount of vendors utilized at each hotel will also boost accountability for each vendor, while saving the time that would typically be spent coordinating and communicating among all the various vendors.This is why it's best to partner with vendors who can potentially satisfy multiple needs under the same relationship and do it well. By paring down your vendor list, you'll be surprised at just how many fewer nightmares you'll experience.4. Vetting Social Media 'Influencers'The rise of hotel social media "influencers"--users who claim sway over a vast legion of social media followers, particularly on Instagram--has resulted in a sustained flood of requests for comp stays at hotels by numerous self-dubbed influencers, some of whom are flat-out scammers. As a result, the process of vetting these requests and determining their potential has become a growing problem for many hotels.Some marketers are now utilizing a standardized process where influencers complete a form when submitting their request. Management can then look deeper into validation metrics, like user engagement on that influencer's posts, which can help determine whether the influencer has real followers, or has purchased them. Once vetted, hoteliers can decide whether the influencer's audience is aligned with the hotel's customer base, and if the influencer's posts can bring pertinent value to the hotel.Hotels and resorts are being bombarded by social media influencers seeking free travel... creating another challenge for already beleaguered hotel marketing decision-makersIf your hotel does partner with social influencers, be sure to communicate in advance what the expectation will be for a return on your accommodations (i.e. the specific amount of posts or content that the influencer will deliver). You also want to be sure the posts will spotlight the features that are the most important selling points for the property.5. Big Data/data securityHotel marketers are increasingly called upon to harness data in the quest to enhance one-to-one consumer marketing, anticipating each potential guest's wants and needs, including the specific times of the year for those needs, amid a customer relationship that will hopefully last a lifetime."Big data" is also great for identifying peak and off-peak times, lucrative customer segments and a host of other analytical applications. However the realities of cultivating and maintaining that data--including keeping it safe--have become more perilous and onerous over time.Over the last decade, the hotel industry has tallied a lengthy list of data breaches, many of which were quite substantial, impacting even the largest hotel companies. Hotel IT staff do all they can to lock down systems and try to prevent future breaches, but the reality is hackers will continue their efforts, making the concept of "security" a constantly moving target.Further complicating the situation is the European Union's 2018 General Data Protection Regulation (GDPR), which took effect on May 25, mandating that companies receive customer consent before storing, processing or using personal data from all EU citizens, while also providing a means for those citizens to remove their data from databases. For hotels, GDPR compliance is a great excuse to change all data-related processes, regardless of guest nationality; in the future, hotel marketers will be increasingly juggling big data and these heightened privacy and security fears.

3 tips for managing travel data breaches

eyefortravel.com·Requires Registration ·30 October 2018
Since GDPR and the UK Data Protection Act 2018 came into effect in May there have been some high-profile airline data breaches. Data and cyber-security expert Keith Dewey shares some recent lessons.

GDPR Redefines Industry Privacy Practices on a Global Scale

mycloud HOSPITALITY·22 October 2018
Since taking effect in May, the EU’s General Data Protection Regulation (GDPR) has altered data management practices throughout the meetings industry, not just in Europe, according to 2019 Global Meetings and Events Forecast report.

APIs, AI, getting hyper-personal and the human touch

eyefortravel.com·Requires Registration ·22 October 2018
Whether you are focused on data, technology, marketing or RM the message from Day 2 of EyeforTravel North America was that you need to understand the ‘why’.

Risking GDPR Penalties By Not Wiping The Memory From Old It Equipment

hoteldesigns.net ·19 October 2018
Despite GDPR legislation having come into effect over four months ago, the majority of UK hospitality businesses are now risking penalties by failing to adhere to some of the rules.According to a survey of 1,002 UK workers in full or part-time employment, carried out by Probrand.co.uk, a large proportion (45%) of businesses in the hospitality industry failed to wipe the data from IT equipment they disposed of in the two months following GDPR.This news is perhaps less surprising given the research also found that 97% of hospitality businesses surveyed did not have an official process or protocol for disposing of obsolete IT equipment. What's more, 97% of hospitality workers admit they wouldn't even know who to approach within their company in order to correctly dispose of old or unusable equipment.Worryingly, according to the data, hospitality businesses are one of the industries most likely not to wipe existing data off old IT equipment.
commercial

Hapi Achieves Oracle Validated Integration with Oracle Hospitality OPERA

HAPI · 2 October 2018
Miami - October 2, 2018 - Hapi, a Gold level member of Oracle PartnerNetwork (OPN), today announced that it has achieved Oracle Validated Integration with A disruptive new data streaming, integration and enrichment platform designed to solve the hotel industry's rapidly expanding data management challenges, Hapi's comprehensive platform aggregates data that is collected by disparate hotel systems and acts as a central hub for these hospitality data streams. The data is converted into a standardized data format and can be merged to create insights for more actionable data.To achieve Oracle Validated Integration, Oracle partners are required to meet a stringent set of requirements that are based on the needs and priorities of the customers. Through the new integration, both hoteliers and solution providers can access a set of simple APIs and connectors that allow them to innovate and deploy solutions faster and more efficiently."Oracle collects and stores a wealth of knowledge about hotel guests within Oracle Hospitality OPERA, and there are incredible opportunities to unleash new customer value by exposing this data with two-way Hapi connectors," said Luis Segredo, Hapi CEO. "Hotel companies, as well as solution providers, can develop and deploy innovations, creating new customer value in a fraction of the time.""The Hapi platform is scalable to help hotel groups of any size take control of their data," added Nikolai Balba, Hapi CTO. "It also improves confidence with GDPR compliance of downstream systems.""Achieving Oracle Validated Integration gives our customers confidence that the integration between Hapi and functionally sound and performs as tested," said David Hicks, vice president, Worldwide ISV, OEM and Java Business Development, Oracle. "For solutions deployed on-premises, in the cloud, or both, Oracle Validated Integration applies a rigorous technical review and test process that helps to reduce deployment risk and improves the user experience of the partner's integrated offering."Developed by a team led by hotel technology innovators Luis Segredo and Nikolai Balba, the Hapi data streaming platform is based on the most advanced and robust technologies available, including Apache Kafka, the same proven technology that runs some of the world's largest social media and security-conscious business services, such as LinkedIn, PayPal, Cisco and many others. To this proven foundation, multiple layers of encryption, authentication and governance are added to ensure maximum data security and efficiency."Working with the Oracle team to move the industry forward has been an incredible experience," continued Segredo. "Their willingness to partner with a young company and their desire to accelerate the pace of innovation in the industry is really refreshing."

Newletter

Thank you for subscribing. Your email address has been added to our mailing list.
Close
To subscribe to the GDPR Bytes Newsletter please enter your contact details below.
An error occured, please check your input and try again.
I do want to receive the GDPR Bytes email newsletter.
By submitting this form, you have read and agreed to the Privacy Notice of HFTP.
You may unsubscribe to these emails at any time.
CancelSubscribe