Cookies on HFTP Bytes

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us give you the best possible user experience.
By using the site, you consent to the placement of these cookies. However, you can change your cookie settings at any time. Read our Privacy Notice to learn more.

I understand
  • Meet Minneapolis: Travel to the Twin Cities this Summer for HITEC 2019

    We all know that travel can be a real hassle. So, what about a trip makes it worth packing up your suitcase, saying goodbye to your family for the next few days, fighting the airport and staying in a.

  • New Global Directors Join the 2018-2019 HFTP Board

    The HFTP 2018-2019 Global Board of Directors was installed during the association's 2018 Annual Convention and introduces new directors Toni Bau, Carson Booth, CHTP and Mark Fancourt. These extensive director profiles give insight into the distinguished professions and personal goals of HFTP's newest association leaders.

  • A Series of Must-Read Articles on Cybersecurity Produced by the HFTP Research Centers

    Data security remains a pressing concern and top priority for the hospitality industry. The HFTP Research Centers are dedicated to producing findings that can significantly aid hospitality businesses in their efforts to protect their guests’ privacy and personal information against potential cyber threats and attacks.

  • HITEC Special: Does EU GDPR Affect U.S. Hospitality Companies?

    By Alvaro Hidalgo. The EU General Data Protection Regulation has set a path towards protecting personal data which many other countries will follow. In a global industry such as hospitality, it should be a primary objective to take the steps towards compliance.


The Guardian App Launches November 2018

Creating Revolutions · 1 November 2018
Last year, as the #MeToo movement made global headlines, the company was inspired and began looking at what technology was available for hotel employee security. They quickly realized that the predominant technology available was panic buttons. In the company's view, the technology was flawed, antiquated, and limited, so they created TND Employee Security, a revolutionary approach that works by fusing together cutting-edge technologies such as Artificial Intelligence (AI) and Near Field Communication (NFC).The technology was created for use in the hotel industry in order to help ensure the safety of housekeepers as they enter a hotel room. Upon entrance, a hotel housekeeper taps their smartphone to a paper-thin NFC chip on the outside of the door. This communicates to a secure server to begin a pre-defined timer, giving the housekeeper time to look throughout the room for any unwanted individuals. If the housekeeper does not tap the smartphone on a second strategically placed NFC chip within the room, then security is informed of the emergency as well as the name of the housekeeper and exact room they are in. The system's simplicity hides a complex set of multi-patented technologies that overcome the long list of limitations and flaws found in panic buttons.As the technology was introduced to the hotel industry, the company's Chief Marketing Officer, Rosemary Staltare, voiced that it could be used to protect all women, on routes they take every day. She discussed how parking lots and garages are often a dangerous place late at night when leaving the office or gym. According to the Bureau of Justice Statistics, between 2004 - 2008, over 400,000 violent criminal assaults happened in parking lots and garages. Those numbers inspired every member of Creating Revolutions to take action and create a FREE basic version of their hotel employee security technology. The Guardian app is focused on protecting women, however use by everyone is encouraged as everyone deserves a little extra protection.The technology is designed specifically for use in daily repeated routes such as leaving the office or leaving the gym. Here is an example of how The Guardian App would work for the public: As the user leaves their office (Point A), and without even needing to open the App, they simply tap their smartphone to an NFC chip they've positioned on their desk, office exit or locker. If they do not tap their smartphone to the second strategically placed NFC chip in their car, within a time they defined, then someone they trust is alerted. The alert is not a text message, but something much more powerful. A scientifically designed system that informs the user's trusted Guardian using three of the five human senses. Even if their Guardian doesn't have the app open or have placed their phone in silent mode, they will be powerfully alerted that the user is in distress.When something goes wrong, every minute counts. Having a technology that ensures someone you trust is alerted can make a world of difference and even save lives.Everyone involved in the creation of The Guardian App has done so on a pro-bono basis. Miami artist Monique Byrd, founder of Rosebyrd Designs, immediately jumped on board to create the logo and design. This is a true passion project -- even profits from the sale of NFC discs will go to women's charities in line with the #MeToo movement. The creators truly believe this technology could potentially save lives across the globe. The easy to use app has the power to create the safer feeling that so many people are struggling to find today. The Guardian app was created with mothers, sisters, wives, friends, and coworkers in mind. The buddy system isn't always feasible, and everyone could use a little extra protection. Every minute that no one knows you need help, is a minute too long.The Guardian by Creating Revolutions is completely FREE and available in the iPhone and Android app stores. NFC Tags can be ordered directly from the app. For more information and current updates, please email

Hotels Think They Are GDPR Compliant, But The Truth Is There Are No Universal Compliance Standards

Creating Revolutions ·23 May 2018
MIAMI, May 22, 2018 /PRNewswire/ -- The European Union's General Data Protection Regulation (GDPR) comes into effect globally on May 25, introducing dramatically stronger rules on data privacy. The EU hopes to achieve a fundamental change in the way companies think about data - its central idea is "privacy by default." But these new regulations are the broadest ever implemented by the EU, because they are not limited to just EU member nations. In fact, GDPR is worldwide, meaning every country must follow these new rules, or be fined up to 4% of a company's global annual revenue.Many industries will be looking for ways to become compliant with these new laws, but they will soon discover that there are no universal compliance standards, according to the EU's own website, under the section controversial topics. The hotel industry will be the most vulnerable.A Miami, Florida based company, Creating Revolutions, has built a groundbreaking solution to solve such a complex problem. Their multi-patented technology, uniquely solves the lack of universal compliance standards for GDPR by not attacking the liability problem, but instead removing the liability completely.Creating Revolution's communication technology allows smart guest to employee communication in a hotel. Unlike text messaging or SMS, private information is not used by design, while incredibly still maintaining full personalization for the guest. Rather than having to work within the scope of GDPR restrictions, Creating Revolutions does not use any private information, therefore offering zero liability to GDPR.The hotel industry is the most vulnerable because, compared to any other industry it's very focused, with only a few companies controlling the overwhelming majority of the market. This means the EU can go after fewer players, and get the biggest bang for their buck. These penalties are set to be the largest in history, at between 2% - 4% of a company's global annual revenue. Additionally, the hotel industry has more assets within the EU, compared to any other industry, making it much easier to collect those massive fines.Hotels are also specifically designed to attract foreigners, many of which are EU citizens. Unlike the retail or restaurant industry, when a guest checks in to a hotel, they are expected to give up personal information such as a driver's license, credit card, or even their passport. An EU citizen going into a restaurant in the US wouldn't give the hostess their passport, just the same as they wouldn't go to a retail store and hand over their credit card prior to shopping. Due to the majority of hotels requiring guests to give their credit card at check in, it is impossible to keep their personal information to themselves."Are You GDPR Ready have been some of the scariest words that have come across my computer screen. We are actively looking for innovative solution providers like Creating Revolutions, that can remove GDPR liabilities from our hotels," states Marc Lawrence, owner of The Anglers Hotel, a Kimpton Property.Hotel loyalty tools, websites, and guest communication services such as text messaging or SMS will be the most vulnerable to GDPR. Even if a third party is used, the hotel is still liable for any issues of compliance, as stated formally by the GDPR.Creating Revolution's technology, not only gives a hotel access to guest communication, but also offers the most advanced and immersive communication technology available to hotels today. While there is no universal standard for compliance of GDPR, using Creating Revolutions, hotels have a way of protecting themselves from what is considered the most broad and costly regulations in history.Hotels need to be proactive and think out of the box when implementing any technology that could open up highly expensive liabilities regarding privacy laws in the near future, and that's where pioneers like Creating Revolutions are the answer.
Article by Einar Rosenberg

Texting guests is about to be a HUGE legal liability that can cost a hotel 4% of its annual revenue

Creating Revolutions · 3 May 2018
Every GM knows the equation for implementing new hotel services. Benefit must be greater than the cost. In 2017, the most popular new craze for hotels was text messaging guests. The cost was low and the benefits were high. But in 2018, that cost is going to sky rocket, thanks to the GDPR or General Data Protection Regulation. If your hotel hasn't heard of the GDPR yet, you better learn fast, because it's going to change how nearly every hotel around the world does business. At its core, the GDPR is the strongest consumer privacy and protection laws in history. Though the GDPR was created by the EU, it's not limited to Europe, its Global. And starting this May, the GDPR goes active. So why will the GDPR affect guest text messaging services in hotels? Because the GDPR has 4 requirements that text messaging just can't accomplish, leaving a legal liability with penalties of up to 4% a hotel company's entire annual revenue.These 4 liabilities include: 1. Usage Explanation 2. Lack of Security 3. Privacy by Design 4. No 3rd Party Protection Barrier Usage Explanation The GDRP requires that a hotel give Usage Explanation in "Non-Legalese". For an industry used to giving guests long legal documents that blanket protect every possible liability from alien attacks to the kitchen sink, those days are gone. How can a hotel cover themselves when they cannot use legal language to protect themselves from legal liability? The GDPR also requires a hotel to easily and clearly explain what they will do with the guests information, how will they use it, by whom, where and more. That is a herculean, considering today's hotels use complex algorithms and artificial intelligence to process a guest's information. How can you easily explain such complexities to the average guest? Add in explanations about how the guest can easily opting in and out easily, and the average 140 character text message your guest is used to, will now be as long as a 19th century Russian novel. Lack of Security The GDPR also has security requirements. Not good news for something like text messaging, which never had any real security and never will. The first text message was sent in 1992, back when dialup modems ruled the world. Since then, the technology has barely changed from that first SMS. What's worse is that SMS is an integral part of Signaling System No.7. More commonly known as SS7, it is a critical part of the architecture that basically all mobile phone systems are built on. The reason SS7 means trouble for SMS is because in 2017, access to the SS7 network started being offered by hackers on the dark web for just $500. With as little information as a phone number, you could now not only eavesdrop on text messages but manipulate or even block messages. The SS7 vulnerability can even track a person without the need of using a virus or malware. Text Messaging has no encryption and its infrastructure is a closed loop system that has no identity confirmation, so anyone can access it today and no one would even know it. But it's not the mere possibility of text message hacking that is the problem. The problem translates into real dollars lost for hotels. Imagine someone creating random messages to your staff, sending them in all directions of your hotel property, based on false requests. Or requesting expensive services or products that get delivered to a guest who hasn't asked for it. And imagine a guest receiving a message they thought was from the hotel, with a link that says billing invoice, which ends up installing a virus into that guest's phone. These days, it doesn't take some sophisticated hacker to screw with your business. Just about anyone can buy hacker software or hacking services, which can steal from your hotel or create chaos. The most popular ransomware today, is easily available to anyone for as little as $20. How secure are you feeling about the security of text messages now? Privacy by Design A more interesting requirement of the GDPR has to do with requiring a system to include privacy by design. Here is how the GDPR explains it: "Privacy by design as a concept has existed for years now, but it is only just becoming part of a legal requirement with the GDPR. At its core, privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition." Not one text messaging service used today, has an original design that includes privacy as a core element of the design. And adding privacy now to their existing system is not allowed. The only choice a service provider would have is to build their whole system from scratch, and even then, it still wouldn't meet the security liabilities inherent in text messaging. By the way, the SS7 vulnerability was shown publicly in 2014, so any companies that try to state their original design was based on the privacy liabilities of the time, better make sure their original design is older than 5 years ago. No 3rd Party Protection Barrier The fourth liability has been a key protection for most companies today. If they use a third party service and the third party gets hacked, the client company is not liable. The GDPR will not accept that excuse. In fact, the 3rd party providers won't accept that excuse either. Take a look at what Twilio is telling their clients. Twilio is hands down the most popular text messaging infrastructure service today, used by 1000's of Apps and web service providers. In fact, Twilio has a 59.85% market share in the US. So what does Twilio have to say to their clients, as to how well protected they are against GDPR? "Your responsibilities under GDPR will depend on the nature of your business and your personal data processing activities. Nonetheless, broadly speaking, GDPR requires that personal data be:1. Processed lawfully, fairly and in a transparent manner 2. Collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes 3. Adequate, relevant, and limited to what is necessary for achieving those purposes 4. Accurate and kept up to date 5. Stored no longer than necessary to achieve the purposes for which it was collected, and 6. Properly secured against accidental loss, destruction or damage. What's the definition of "personal data" under the GDPR? Personal data means data that relates to an identified or identifiable natural person (aka "data subject"). An identifiable data subject is someone who can be identified, directly or indirectly, such as by reference to an identifier like a name, an ID number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Importantly, this is a very broad definition and can encompass data like IP addresses of a user's personal device, their device ID, or their phone number. It does not matter that the identifier could change (e.g., that the user could change their phone number or device ID). What matters is that the information can be used to "pick that user out of the crowd" even if you don't know who that user is. It is also important to note that the definition of personal data is not tied to concerns about identity theft the way that definitions of personally identifying information (PII) are under many US data breach laws. So, even if it seems like there would be little privacy harm if someone got ahold of your users' IP addresses that does not mean that those IP addresses are not personal data. It just means that this data may not require the same level of data protection as more sensitive personal data like your users' credit card numbers." So what does this all mean for companies who used to feel a barrier of protection, via a middle man? Sounds like those middle men are telling you, "Good Luck with That". In conclusion, text messaging is a convenient technology to use, and key to its use includes the most important identifiers about a guest, their phone number, which is running on the most essential informational device in your guest's life. Does any hotel really want to risk liability on a decades old technology with no real security? Especially with the GDPR and other legislations being released, as well as multiple class action lawsuits, and thanks to Facebook, the strongest consumer sentiment in favor of privacy ever, all occurring NOW? Two supplemental points to consider: 1. What business in the US today has the highest concentration of tourists? Answer, hotels, hence why they are the most susceptible to these new privacy laws. Think about it for a second. Both retail and restaurant are not likely to get a foreign tourist to sign up for anything or to keep any personal details about them. This is completely the opposite of a hotel which usually asks many pieces of information which they store include the person's name, credit card information for later charging, etc. For foreigners they often requests their passport as well. So hotels are the most likely to be affected by the GDPR. 2. Why are text messages and chat the highest vulnerability for hotels? Answer, it's the most important and relevant single identifier of a person. Data, especially coming from multiple sources is useless if you don't have a single consistent identifier to connect all that data together. Now think about this for a minute. There are 1000's of John Smiths out there, so names won't work as a key identifier. And practically everyone has more than one email address. As for addresses, people move. But the mobile phone number is the only consistency no matter what. With numbers portability, it's now easy to carry your mobile number to a different carrier. And with nearly half of all households now mobile only, even when a person moves, they keep their phone number. Even if it's a different area code, or they change jobs or anything, they always take their phone number. Now this isn't just for text messaging but also for the most popular form of chat used today by Europeans, which is WhatsApp. WhatsApp doesn't use a username but rather a phone number as the key identifier


Thank you for subscribing. Your email address has been added to our mailing list.
To subscribe to the GDPR Bytes Newsletter please enter your contact details below.
An error occured, please check your input and try again.
I do want to receive the GDPR Bytes email newsletter.
By submitting this form, you have read and agreed to the Privacy Notice of HFTP.
You may unsubscribe to these emails at any time.