Category Archives: Privacy

by | May 7, 2011 · 7:21 am

Hospitality Industry Computer Data Risks: New Orleans Hotels Investigation Finds "Pubic Business Center" Computers Retain "Sensitive Information" In Temporary And Recycle Bin Folders

“…the Louisiana Technology Council says …many hotels make little or no attempt to protect your private information on their public PCs…in business centers…”

“That information will live on that computer until such time that it’s deleted,” said Lewis. “You and I both know that it’s really never deleted. It can be recovered and if someone comes in with software, they may be able to get that data off the PC.”

Eyewitness News sent an intern into about a dozen New Orleans area hotels to search for documents and other information left on public computers after the user logged off. Among the things we found: invoices; insurance papers; tickets to a show at the Lakefront Arena; a certificate from the Texas Department of Insurance and even someone’s monthly pay statement.

Most of the documents contained people’s names, addresses and other sensitive information about the user. “I was amazed that you were able to print out some very confidential and private information from a business center location,” said Lewis.

“If somebody wants to open up a new credit card and in this day and age of identity theft, having that kind of information out there is real frightening,” said attorney Daren Sarphie.

He says in March, the client got a disturbing phone call from a guest at the International House Hotel in downtown New Orleans. The guest told him all of the his private information, including Social Security number, birth date, home address and phone number was contained on a document stored on the hotel computer for all to see.

“The person that accessed, that found this file had just gone to hotel to book plane reservations to go back home to Dallas and in the process, he’s just playing around on the computer and he accessed this directory and is able to pull up all kinds of stuff, said Sarphie.

“You’d think that the hotels at least would have a system in place that they would erase the hard drive on a weekly basis or a daily basis to make sure there are no temporary files saved on that computer,” said Sarphie.

The information we found was easy to access on the computers. Most of it was stored in the PC’s temporary Internet files, saved in the documents folder or waiting to be deleted in the computer’s recycle bin.

The owner of the International House Hotel says it is his hotel policy to purge the public computer’s desk top of any documents and public files every 24-hours. But, he says it is a public computer and people need to be mindful to log out of personal accounts and delete personal documents before leaving the computer.

For more:  http://www.wwltv.com/news/Keeping-It-Safe-On-Hotel-Computers-121350324.html

Comments Off on Hospitality Industry Computer Data Risks: New Orleans Hotels Investigation Finds "Pubic Business Center" Computers Retain "Sensitive Information" In Temporary And Recycle Bin Folders

Filed under Crime, Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology

Tagged as , , , ,

by | April 28, 2011 · 6:25 pm

Hospitality Industry Information Security Risks: Hotel Management Must "Encrypt All Confidential Guest Data" To Decrease "Public Exposure Of Data"

“…99% of businesses around the globe at present no longer store confidential information on their systems and 75% continuously complied with PCI requirements…”

“…encrypting confidential information will “shrink the card data environment,” thus a minimal to zero possibility of public exposure of these data…”

To prevent fraud, she proposed three ways for the card industry:

  • Widespread distribution of ‘smarter’ payment devices is one, where EVM (chip-and-pin) cards will be used
  • Smarter networks to stem the cyber crime before or when it happens
  • A cardholder authentication method such as two-factor authentication

“Visa’s global fraud rate recently hit a historic low – at just over 5 cents for every $100 transacted, down more than two-thirds from the levels of 20 years ago,” she added.

She urged the card industry to step up a bit more its security measures as most consumers believe cyber criminals are ahead of what’s already in place. According to Richey, 61% of consumers are of the opinion that the security measures of the card industry are one step behind cyber criminals.

Rather than keeping pace with cyber crime which would only exhaust resources, Richey proposed getting smarter as a better solution in combating fraud and protecting card data.

“We need to use all the intelligence we have at our disposal. I think that the opportunities to get smarter and fight fraud are all around us,” she said.

Richey, on the other hand, recognized the fact that these suggestions will be costly and will require tremendous resources.

For more:  http://inaudit.com/audit/it-audit/cyber-crime-vincible-through-smarter-technologies-visa-5856/

Comments Off on Hospitality Industry Information Security Risks: Hotel Management Must "Encrypt All Confidential Guest Data" To Decrease "Public Exposure Of Data"

Filed under Crime, Guest Issues, Liability, Management And Ownership, Privacy, Risk Management, Technology, Theft

Tagged as , , ,

by | March 25, 2011 · 3:05 pm

Hospitality Industry Guest Security: Hotel Security Depends On Management Adopting A "Global Security Program"

Effective security and risk management relies on a foundation of principles including critical rapid data flow, standardization of emergency protocols, executive leadership and effective local management, not luck. We can guarantee only that attacks against hotels will happen again. The nature of the hospitality industry offers porous, soft, attractive targets.

The corporate security departments of most major hotel brands are not budgeted to provide the effective layers of detection or deterrence required to minimize this risk. A cautious examination of the major world economies reveals the first early signs of improvement. This presents an opportunity for major brands to offer an enhanced measure of security to their important customer base. We should consider that the safety of business and recreational travel is on the minds of everyone who boards a plane and visits or stays as a guest in your facilities. Comfortably resolving this sense of uneasiness is good business.

There are several critical elements required to create an effective hotel global security program:

•    security risk management software (global command and control);
•    security management standardization by venue;
•    new generation security equipment with software analytics; and
•    training.

Management methods that increase margins and reduce the risk of crime, terror, accidents and incidents, can be summarized by four words: global command and control.

For more:  http://www.hotelnewsnow.com/Articles.aspx/5239/Guest-safety-in-an-unsafe-world

2 Comments

Filed under Crime, Guest Issues, Injuries, Insurance, Liability, Management And Ownership, Privacy, Risk Management, Technology

Tagged as , , ,

by | February 15, 2011 · 8:49 am

Hospitality Industry Data Security: Hotel And Restaurant Management Should Consider "Tokenization" For Credit Cards And Sensitive Data

“…tokenization is a data security model that generates surrogate values, called tokens, to replace sensitive data—credit card numbers, for example—in applications and database fields. The sensitive data is simultaneously encrypted and stored in a central data vault, where it can be unlocked only with proper authorization credentials...”

In 2011…expect to see many more mid-sized to large enterprises adopt tokenization more broadly to protect many other types of sensitive information, including electronic health records (EHR).

It does this by removing sensitive data from applications and databases, which has the added benefit of reducing scope for Payment Card Industry Data Security Standards (PCI DSS) compliance audits.  Over the past couple of years, the tokenization data security model has taken its rightful place alongside data encryption, and it is well on its way to becoming a commonplace solution for credit card protection.

What’s more, a particular version of tokenization—Format Preserving Tokenization™—is equally adept at protecting personally identifiable information (PII) and electronic health records (EHR) to help organizations comply with data privacy laws like the EU Data Privacy Directive and HIPAA.

For more:  http://www.thetechherald.com/article.php/201107/6818/RSAC-2011-Data-Security-Wunderkind-Tokenization

2 Comments

Filed under Crime, Guest Issues, Insurance, Liability, Management And Ownership, Privacy, Risk Management, Technology

Tagged as , , ,

by | January 20, 2011 · 9:02 am

Hospitality Industry Technology: "Technology-Driven Hotels" That Protect Guest Data Privacy And Invest In Low-Tech Upgrades That Guests "Don't Necessarily Have At Home" Will Increase Approval Ratings With Online Booking Sites

For more:  http://www.hospitalitynet.org/file/152004480.pdf

Comments Off on Hospitality Industry Technology: "Technology-Driven Hotels" That Protect Guest Data Privacy And Invest In Low-Tech Upgrades That Guests "Don't Necessarily Have At Home" Will Increase Approval Ratings With Online Booking Sites

Filed under Guest Issues, Management And Ownership, Privacy, Risk Management, Training

Tagged as , ,

by | November 17, 2010 · 10:35 am

Hospitality Industry Guest Service Issues: Hotels Are Under Pressure To Deliver High-Speed, Cost-Effective Wireless To Guests Who Want To Access It Everywhere (Video)

[youtube=http://www.youtube.com/watch?v=kdGJ4uIIEp4]

Comments Off on Hospitality Industry Guest Service Issues: Hotels Are Under Pressure To Deliver High-Speed, Cost-Effective Wireless To Guests Who Want To Access It Everywhere (Video)

Filed under Guest Issues, Maintenance, Management And Ownership, Privacy, Technology, Training

Tagged as , ,

by | October 14, 2010 · 6:24 pm

Hospitality Industry Security Risks: Arizona City Hotel Ordinance Seeks To Curb Guests Who Pay In Cash And Withhold Registering Name In Attempt To Stop Crime

The city is advancing a hotel-motel ordinance designed to track who stays in hotels, which police say will drive away prostitutes, drug dealers and other criminals who pay in cash and don’t give their name.

Police are more interested in patrons who pay by cash or who check in at hotels that don’t require a name, Chief Frank Milstead said. Patrons who check in with a credit card aren’t trying to hide, he said.

Mesa hotels will likely be forced to ask guests for an ID or some other proof of identity under a push to drive crime out of the city’s hotels.

The city is advancing a hotel-motel ordinance designed to track who stays in hotels, which police say will drive away prostitutes, drug dealers and other criminals who pay in cash and don’t give their name.

Police say other cities have fought crime with similar rules, but technology is posing a challenge as the city drafts an ordinance that requires a hotel to see a guest’s ID, verify license plate numbers and keep records for a year.

Many hotels are converting to paperless registration, so it’s possible for guests to check in, pay by credit card and get a key without interacting with a hotel employee. Hotels don’t want to burden guests with showing an ID when a swipe of a credit card will identify who is checking in, said Robert Brinton, president of the Mesa Convention and Visitors Bureau.

“We don’t want them to say it’s a hassle staying in Mesa,” Brinton said.

Police are more interested in patrons who pay by cash or who check in at hotels that don’t require a name, Chief Frank Milstead said. Patrons who check in with a credit card aren’t trying to hide, he said.

“Those aren’t the people we’re looking for,” Milstead said.

The city’s Public Safety Committee agreed to move forward with the rules on Thursday. The proposal stems from police statistics in 2009 that showed 6 percent of all warrant arrests and 4 percent of all drug arrests were at hotels and motels. Just 10 hotels accounted for 49 percent of the warrant arrests and 64 percent of drug arrests. Police say regulation will greatly reduce the time they spend at hotels and allow them to fight other crime.

A hotel-motel review board would oversee the rules, with some members being nominated by the hotel industry and some by the city. Hotels that don’t collect IDs and keep the information for a year could face fines of $250 to $2,500.

Hotels support the rules, but say the ID issue needs to be resolved so it’s possible for guests to check in without showing an ID to a hotel when their identity has been revealed through a credit card payment. Also, Brinton said the six-page ordinance could probably be thinned to two pages to make the rules simple.

For more:  http://www.eastvalleytribune.com/local/article_cdd2a84c-d7e3-11df-a6e4-001cc4c03286.html

Comments Off on Hospitality Industry Security Risks: Arizona City Hotel Ordinance Seeks To Curb Guests Who Pay In Cash And Withhold Registering Name In Attempt To Stop Crime

Filed under Crime, Guest Issues, Privacy, Theft

Tagged as , ,

by | September 20, 2010 · 10:39 am

Hospitality Industry Cybersecurity Risk Management: Hotel And Restaurant Management Must Protect The Privacy Of Company And Employee Emails From Unauthorized Viewing (Audio)

Think no one else is reading your work email? Think again. A new survey by Cyber-Ark Software found more than 40 percent of IT administrators have indulged in a little snooping around inside their own network, using administrative passwords to view sensitive or confidential information. Adam Bosnian is the executive vice president for the Americas and corporate development at Cyber-Ark Software. He says many snoop simply because they have the access. (Click on the microphone above to hear interview with him.)

Comments Off on Hospitality Industry Cybersecurity Risk Management: Hotel And Restaurant Management Must Protect The Privacy Of Company And Employee Emails From Unauthorized Viewing (Audio)

Filed under Labor Issues, Liability, Privacy, Risk Management

Tagged as , , ,

by | August 7, 2010 · 6:55 am

Hospitality Industry Data Theft: Hotel Owners Must Prevent Breaches Of Credit Card Processing Systems By “Cyber-Criminals” Who Install “Malicious Programs” To Steal Data

“… remote attackers installed a malicious program into the card processing system of Englewood, Colo.-based hotel chain Destination Hotels & Resorts. Guests at 21 Destination properties may have been subjected to credit card theft…”

“..the Westin Bonaventure Hotel & Suites in Los Angeles disclosed a possible data breach of its POS systems dating back to 2009. Also, between November 2008 and May 2009, the computer systems of some Radisson hotels in the United States and Canada were illegally accessed. And the computer systems of Wyndham Hotels & Resorts were accessed on two separate occasions by cybercriminals who stole customers’ card numbers, expiration dates and other data…”

Cybercriminals last year targeted hotels more than any other industry for credit card theft, according to a recent report by data security company Trustwave. Hotels are being targeted because they have large amounts of credit card data and frequently neglect to implement the most basic security precautions, such as changing default passwords or ensuring programs are up to date, said Nicholas Percoco, senior vice president of Trustwave’s SpiderLabs.

As a result, attackers commonly gain entry into a hotel’s network by exploiting default passwords on point-of-sale (POS) applications, added Dave Ostertag, manager of investigative response at Verizon Business. From there, customized malware is loaded onto the hotel’s transaction server that steals credit card information as a transaction occurs.

In March, the Westin Bonaventure Hotel & Suites in Los Angeles disclosed a possible data breach of its POS systems dating back to 2009. Also, between November 2008 and May 2009, the computer systems of some Radisson hotels in the United States and Canada were illegally accessed. And the computer systems of Wyndham Hotels & Resorts were accessed on two separate occasions by cybercriminals who stole customers’ card numbers, expiration dates and other data.

For more:  http://www.scmagazineus.com/rampant-hotel-data-theft/article/174579/

Comments Off on Hospitality Industry Data Theft: Hotel Owners Must Prevent Breaches Of Credit Card Processing Systems By “Cyber-Criminals” Who Install “Malicious Programs” To Steal Data

Filed under Insurance, Liability, Privacy, Risk Management, Theft

Tagged as , , ,

by | July 16, 2010 · 6:27 am

Hotel Industry Privacy Risks: ESPN Reporter Erin Andrews Files “Negligence, Negligent Infliction Of Emotional Distress And Invasion Of Privacy” Lawsuit Agains Hotels

“I do hope that my experience will cause the hospitality industry to be more vigilant in protecting its guests from the time they reserve a hotel room until they check out.”

Her suit claims negligence, negligent infliction of emotional distress and invasion of privacy against the hotel entities.

ESPN reporter and road warrior Erin Andrews filed a civil suit today against Marriott International, Radisson Hotels International and others involved with the hotels in which a stalker surreptitiously filmed her nude through a hotel-room peephole.

Andrews was stalked and/or filmed in rooms at the Marriott Nashville at Vanderbilt University, the Radisson Airport hotel in Milwaukee, and a third hotel in Columbus, Ohio. Andrews stays in hotels frequently for her job as an ESPN reporter “always with the expectation of privacy once checked into her room,” the release says.

“Although I’ll never be able to fully erase the impact that this invasion of privacy has had upon me and my family,” Andrews says in the release , “I do hope that my experience will cause the hospitality industry to be more vigilant in protecting its guests from the time they reserve a hotel room until they check out.”

Comments Off on Hotel Industry Privacy Risks: ESPN Reporter Erin Andrews Files “Negligence, Negligent Infliction Of Emotional Distress And Invasion Of Privacy” Lawsuit Agains Hotels

Filed under Crime, Insurance, Liability, Privacy, Risk Management

Tagged as , , ,