Cookies on HFTP Bytes

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us give you the best possible user experience.
By using the site, you consent to the placement of these cookies. However, you can change your cookie settings at any time. Read our Privacy Notice to learn more.

I understand
  • Meet Minneapolis: Travel to the Twin Cities this Summer for HITEC 2019

    We all know that travel can be a real hassle. So, what about a trip makes it worth packing up your suitcase, saying goodbye to your family for the next few days, fighting the airport and staying in a.

  • New Global Directors Join the 2018-2019 HFTP Board

    The HFTP 2018-2019 Global Board of Directors was installed during the association's 2018 Annual Convention and introduces new directors Toni Bau, Carson Booth, CHTP and Mark Fancourt. These extensive director profiles give insight into the distinguished professions and personal goals of HFTP's newest association leaders.

  • A Series of Must-Read Articles on Cybersecurity Produced by the HFTP Research Centers

    Data security remains a pressing concern and top priority for the hospitality industry. The HFTP Research Centers are dedicated to producing findings that can significantly aid hospitality businesses in their efforts to protect their guests’ privacy and personal information against potential cyber threats and attacks.

  • HITEC Special: Does EU GDPR Affect U.S. Hospitality Companies?

    By Alvaro Hidalgo. The EU General Data Protection Regulation has set a path towards protecting personal data which many other countries will follow. In a global industry such as hospitality, it should be a primary objective to take the steps towards compliance.

Sabre breach 'a wake-up call', ITB hears

travelweekly.co.uk ·11 March 2019
Travel industry leaders have insisted consumers can have "confidence in how their data is stored" despite growing concern about cyber security and after Google was fined EUR50 million under Europe's General Data Protection Regulation (GDPR).However, Sabre Hospitality Solutions president Clinton Anderson said the data breach revealed at the travel technology company in 2017 was "a day of awakening".Sabre's SynXis hotel reservations system suffered a breach in 2016-17 which saw unauthorised access to credit card details, including card security codes.Speaking at German travel trade show ITB in Berlin, Anderson said: "We had a data breach 24 months ago. It was a day of awakening for us."

Four takeaways for CMOs from Mobile World Congress 2019

clickz.com· 7 March 2019
Nearly 110,000 people attended last week's huge event in Barcelona. 5G prototypes, D2C tech brands, and GDPR were just a few of the main takeaways.

The lowdown from Travel Technology Europe 2019

mycloud HOSPITALITY· 4 March 2019
Read on to get the latest on outbound Chinese travel, Expedia's take on Artificial Intelligence and what the industry has learned post-GDPR.

GDPR: Where Are We Now?

mycloud HOSPITALITY· 3 March 2019
On this episode of The Business of Travel, we take a look at GDPR – the General Data Protection Regulation that went into effect in the EU on May 25, 2018: The legislation has a goal of strengthening the collection, transfer and protection of data of EU citizens.

GDPRapp Solves GDPR Risk Exposure for Hospitality

Hotel F&B· 1 February 2019
dramds.com ltd., a British technology company, said it offers same-day deployments and immediate GDPR compliance with its GDPRapp. GDPRapp is a new solution of mobile apps that work on all mobile phones, tablets, laptops, and desktops. Deployment across a corporate network can take as little as three (3) hours depending only on whether the customer has a bespoke list of risk and controls.

Marriott Breach Shows Importance of Digital Security

skift Inc. · 6 December 2018
The Starwood hack wasn't the first data breach at a major hotel chain, and it won't be the last. As the meetings and events sector becomes increasingly digitalized, so too does the risk increase when it comes to cybersecurity.The reveal last week of a long-lasting security breach inside Marriott's Starwood Hotels & Resorts should act as a reminder of what is important in the post-GDPR world we all live in.Check out our coverage below on the impact of the breach on Marriott and Starwood hotels, and what it means for the greater travel industry.For meetings and events, expect even stronger vetting of technology partners and venues in the near future. A series of lawsuits over the next few years is going to help set a precedent for how giant corporations respond to data breaches going forward.

The Cybersecurity 202: Senators call for data breach penalties, tougher privacy laws after Marriott hack

washingtonpost.com · 4 December 2018
A slew of Democratic senators are calling for tougher privacy laws -- and even steep fines for companies that fail to protect their customers' data from data breaches -- in the wake of Marriott's admission that hackers compromised the personal information of up to 500 million of its customers."We must set clear customer data protection standards for all companies -- whether they're hotel chains, online retailers, or big tech -- and severe penalties for those who fall short," Sen. Richard Blumenthal (Conn.) tweeted.Sens. Mark Warner (Va.) and Ed Markey (Mass.) also pressed for tougher data security laws, and said Congress needs to set limits on how much customer data U.S. companies are allowed to store. Sen. Ron Wyden (Ore.) went even further -- he said senior executives who ignore customer data privacy should face jail time.After potentially one of the largest breaches of consumer data in history, lawmakers appear ready to take a page out of Europe's playbook to ensure it does not happen again: Their calls for aggressive penalties for companies that have poor data security are reminiscent of the General Data Protection Regulation that went into effect in the European Union earlier this year. The GDPR requires companies to adhere to a highly specific set of security requirements -- and contains fines up to 4 percent of a company's annual revenue for violations. It is unclear, however, how such legislation would fare in a split Congress that appears poised for gridlock.

Marriott sued hours after announcing data breach

zdnet.com · 3 December 2018
Hours after announcing a data breach on Friday, two Oregon men sued international hotel chain Marriott for exposing their data. Their lawsuit was followed hours later by another one filed in the state of Maryland. Both lawsuits are seeking class-action status. While plaintiffs in the Maryland lawsuit didn't specify the amount of damages they were seeking from Marriott, the plaintiffs in the Oregon lawsuit want $12.5 billion in costs and losses.This should equate to $25 for each of the 500 million users who had their personal data stolen from Marriott's servers in the breach announced last week, on Friday.The two Oregon plaintiffs told a local newspaper, that they view the $25 as a minimum value for the time users will spend canceling credit cards due to the Marriott hack.The Maryland lawsuit was filed by Baltimore law firm Murphy, Falcon & Murphy, according to a press release.

Marriott's Starwood Data Breach Joins a Decade-Long List of Hotel Data Exposures

skift Inc. · 3 December 2018
Several years ago, the hotel industry fought U.S. federal watchdog efforts to fine chains for negligent data protection practices, arguing that hotels had things under control. Hmm. A rash of hotel security incidents since then undercuts the claims of hotels, which need to take a more bank-like approach to data protection.When Marriott International revealed a massive security breach at Starwood-branded properties, it joined an unfortunate long line of guest data breaches by hoteliers.The scope of the breach at the worlds largest hotel group is more spectacular than any other in travel to date. Marriott said the breach affected hundreds of millions of customers who stayed at Starwood-branded properties between 2014 and September 10.POTENTIAL RECORD FINESThe breach may also expose parent company, Marriott, to record fines because, unlike most past breaches, some of the activity appeared to happen after Europe put into place General Data Protection Regulation (GDPR) in May 2018 that boosts fines for violations of some types of data security.Exact fine estimates are impossible to gauge, but experts said the prospective range would be potentially higher than the spectrum used by European Union and U.S. officials in the past. European officials have the discretion to fine companies up to 4 percent of annual revenue in the year preceding a data protection incident.Other investigations are in the offing. On Friday, the New York attorney generals office said it would open an investigation into the breach.That office has had success in pursuing prosecutions before. In 2017, Hilton Worldwide agreed to pay a $700,000 fine to the state of New York after data security failures exposed more than 350,000 credit card numbers in two breaches in 2015.

In the wake of GDPR, what's next for data privacy?

Hotel Online·15 November 2018
In a marketer survey by SAP, 42% did not believe GDPR applied to them and 26% said they did not collect the type of data protected under the regulation. What should marketers know about strategies for data privacy?

Radisson Hotel Hack Shows Vulnerability Of Hospitality Industry

· 1 November 2018
Radisson Hotel Group has confirmed a data breach that exposed the personal details of "small percentage" of its Radisson Reward member's scheme.The hotel identified the breach on 1 October 2018. In a statement, the hotel group said that the data breach "did not compromise any credit card or password information".Information accessed by hackers was restricted to the names, addresses, country of residence and email addresses. In "some cases" company name, phone number, Radisson Rewards member number and frequent flyer numbers were also compromised.The hotel chain said that it "identified" the hack on 1 October, which occurred on 11 September. However, they did not inform Radisson Rewards members until the 30 October.It is unclear if they informed the UK's data watchdog, the Information Commissioner's Office. Under Europe's General Data Protection Regulation (GDPR), an organisation has 72 hours to inform the relevant data protection body.Rusty Carter, VP of product management at cybersecurity company Arxan Technologies, said that not all companies are taking note of GDPR.

Risking GDPR Penalties By Not Wiping The Memory From Old It Equipment

hoteldesigns.net ·19 October 2018
Despite GDPR legislation having come into effect over four months ago, the majority of UK hospitality businesses are now risking penalties by failing to adhere to some of the rules.According to a survey of 1,002 UK workers in full or part-time employment, carried out by Probrand.co.uk, a large proportion (45%) of businesses in the hospitality industry failed to wipe the data from IT equipment they disposed of in the two months following GDPR.This news is perhaps less surprising given the research also found that 97% of hospitality businesses surveyed did not have an official process or protocol for disposing of obsolete IT equipment. What's more, 97% of hospitality workers admit they wouldn't even know who to approach within their company in order to correctly dispose of old or unusable equipment.Worryingly, according to the data, hospitality businesses are one of the industries most likely not to wipe existing data off old IT equipment.

Wave of data-security regulations coming to U.S.

Hotel Management· 6 September 2018
In May, our email inboxes and internet browsing were inundated by messages of compliance for a new data-security regulation—-the European Union’s General Data Protection Regulation. For the hospitality industry, the new regulation holds significant weight due to the range of personal data we hold and the international nature of our guest database, including the EU citizens protected under GDPR. The reality though, is that hospitality companies outside the EU might still slowly be moving toward compliance, which is costly and time-consuming and not as high a priority.

In a post GDPR world, first-party data is more important than ever

clickz.com·14 August 2018
At the beginning of the summer, the General Data Protection Regulation went into effect, requiring marketers in the EU to obtain explicit consent from consumers before collecting and using their data. Companies refusing to comply could be fined up to 20 million Euros, which has been a motivating factor for brands around the world to update their policies and focus on educating the public about how their data is being used. The post In a post GDPR world, first-party data is more important than ever appeared first on ClickZ.

Some Companies Are Ignoring GDPR Risk

CFO Magazine· 9 August 2018
During the six-year lead-up to the May 25, 2018, effective date of the European Union’s General Data Protection Regulation (GDPR), much attention was focused on the onerous financial penalties for noncompliance.
commercial

BA's GDPR confusion gets the Twitter treatment

Tnooz·23 July 2018
Implementing the EU’s General Data Protection Regulation (GDPR) was always going to be a challenge for travel companies, but a recent social media storm centred around British Airways would suggest that even the biggest travel brands are not completely on top of the new requirements.
commercial

British Airways shows everyone how not to GDPR

hotelmarketing.com·23 July 2018
The company’s social media staff have been caught unintentionally encouraging customers to post personal data into a public forum. Let’s all take a minute to appreciate the view in the British Airways social media cockpit, where staffers at the coalface of the airline’s Twitter account have presided over a wildly unusual ‘interpretation’ of Europe’s new data protection rules.
commercial

Travel Managers Should Get Used to Data Privacy Restrictions

skift.com - Travel Services·10 July 2018
For most organizations, it’s business as usual after Europe’s new privacy measures embodied in the General Data Protection Regulation (GDPR) came into effect on May 25. That is largely because of the efforts of the major travel suppliers and industry associations.
commercial

What GDPR Means for You and Your Restaurant

Modern Restaurant Management· 6 July 2018
The European Union’s new General Data Protection Regulation (GDPR) recently went into effect. The set of rules were created to govern the privacy and security of personal data and were put out by the European Commission. Even though the GDPR is set in Europe, it still has serious implications for a number of companies in the United States. Who Is Affected? Regardless of the location of your company, you will be affected by the GDPR if: You collect personal data or behavioral information from someone located in a EU country You’re based outside of the EU but provide goods or services to the EU, including free services You are established within the EU, regardless of where you process and collect personal data (including cloud-based processing performed outside of the EU for an EU-based company) With that being said, clearly the new regulation will cause a rippling around the world.
commercial

European regulators report sharp rise in complaints after GDPR

hotelmarketing.com·27 June 2018
The first month of GDPR has seen a sharp increase in the number of complaints to regulators across Europe, showing strong public interest in the new rules. The UK’s Information Commissioner’s Office (ICO) told the Guardian it has seen a rise in breach notifications from organisations, as well as more data protection complaints following the activation of the law.
commercial

New data rules stress privacy by design

Hotel Management·22 June 2018
Data security just got a lot more complicated. After four years of discussion, the European Union has signed the General Data Protection Regulation on May 25. The regulation consists of 99 articles that replace the EU Data Protection directive, as well as new penalties for non-compliance. The GDPR was founded to protect the privacy of individuals located in the European Union, and its implementation impacts any business that collects data from EU citizens. This includes international businesses, and most hotel companies.
commercial

Marketers struggle to track audiences after Facebook and Google scale back data for GDPR

hotelmarketing.com·18 June 2018
Google’s and Facebook’s preparations for the General Data Protection Regulation have caused a headache for marketers that relied on the platforms for ad targeting.
commercial

How and why you have to deal with the watershed that is GDPR

eHotelier.com· 7 June 2018
If you are reading this, you have probably been inundated with emails from companies announcing that they have adopted new and better privacy and security policies and procedures. This isn’t a coincidence – as of May 25, 2018, the EU’s General Data Privacy Regulation (GDPR), requires every organization that does business in the EU, or that collects information from EU citizens, to guarantee the privacy and accuracy of personal information.

Technology Pulse: A roundup of digital news

hotelnewsnow.com Featured Articles· 6 June 2018
This month’s roundup of news from the technology sector includes how Instagram determines placement; GDPR in effect; and more.

Travel industry must do more to protect client data

hotelmarketing.com· 1 June 2018
We are the guardians of our client's well-being when they travel. But we also need to be the custodians of their personal information in the best ways available to

Is Your Customer Experience GDPR-Ready? | forbes.com

Forbes.com ·29 May 2018
A huge change is coming to Europe, and most businesses aren't ready.The EU's General Data Protection Regulation, or GDPR, goes into effect May 25, and with it comes a power shift that allows customers more access to their personal data than ever before.Customer data has long been thought of as a business asset. However, under GDPR, customers are now taking back ownership of their information and the power that comes with it. They can now choose what information companies have and delete their information from a company's database for any reason. Companies that don't comply with the new regulations run the risk of being fined up to millions of dollars.

Newletter

Thank you for subscribing. Your email address has been added to our mailing list.
Close
To subscribe to the GDPR Bytes Newsletter please enter your contact details below.
An error occured, please check your input and try again.
I do want to receive the GDPR Bytes email newsletter.
By submitting this form, you have read and agreed to the Privacy Notice of HFTP.
You may unsubscribe to these emails at any time.
CancelSubscribe