Tag Archives: Databases

Hospitality Industry Information Risks: Hotel's Store "Enormous Amounts Of Data" That Is Never Used; 100% At Risk And 0% Value

“…companies can go a long way toward reducing their exposure to significant losses resulting from a security breach by putting themselves on a “data diet…There is an enormous amount of information that we never use, but we never get rid of. It’s 100% risk and 0% value. As a risk manager, that’s the scariest equation you’re ever going to hear…”

While there is no way for companies to completely eliminate the risk of data breaches and cyber attacks, there are several steps they can take to reduce their potential financial and reputational losses, a panel of experts said Thursday at the third annual Business Insurance Risk Management Summit®in New York.

“The fact is that you’re going to be attacked. That’s the reality,” said Alan Brill, senior managing director of secure information services for New York-based Kroll Inc. A well-crafted cyber risk management program need not be wildly expensive or complex, Mr Kroll said, but should at least strive for “commercially reasonable levels” based on company size and industry.

For more:  http://www.businessinsurance.com/article/20120229/NEWS06/120229881?tags=|338|299|302|342|303|335

Comments Off on Hospitality Industry Information Risks: Hotel's Store "Enormous Amounts Of Data" That Is Never Used; 100% At Risk And 0% Value

Filed under Guest Issues, Insurance, Labor Issues, Liability, Maintenance, Management And Ownership, Privacy, Risk Management, Technology, Theft

Hospitality Industry Information Security Risks: Hotel Management Should Consider "Cyber Liability Policies" With "Vicarious Liability Provisions" To Insure Guest Information Database Breaches

“…clients with robust cyber liability policies will find coverage under the vicarious liability provisions. …”

Data breaches generally represent enormous problems for companies,” said Alan N. Situn, a shareholder with law firm Greenberg Traurig L.L.P. in New York. “Not only can they be very expensive, but equally important to many companies (is) the reputational damage that they perceive from these types of breaches” if information they provide to a third party is somehow breached.

Hackers tend to hold on to such information “usually about a year, and then use it in the hope that folks have become a little bit more relaxed and not as vigilant,” said Mauricio F. Paez, a partner with law firm Jones Day in New York.

For the most part, the companies that are affected are in a damage- or crisis-management mode, said Robert J. Scott, managing partner with law firm Scott & Scott L.L.P. in Dallas. “They’re emailing their customers; they’re apologizing for the inconvenience, trying to clarify and limit the scope of the magnitude of the problem; and they’re hopeful the leakage of the email doesn’t result” in other problems.

Observers noted that the firms were notifying customers of the data breach even though they were not legally required to do so by state laws, except in North Dakota, unless more damaging personal information, such as Social Security or credit card numbers, had been revealed.

Epsilon customers whose data was breached have been “doing everything they should be doing in terms of being up front and honest with the consumers,” Mr. Scott said.

If the breach results in litigation, the question will arise of “how does that fit into the overall risk management program of the company” that hired the outside marketing company, said Kroll Ontrack’s Mr. Brill, who suggested that affected firms review their risk management programs now.

For more:  http://www.businessinsurance.com/article/20110410/ISSUE01/304109976

2 Comments

Filed under Claims, Guest Issues, Liability, Management And Ownership, Risk Management, Technology

Hotel Industry Guest Issues: Hotel Guest Databases Such As “GuestChecker.com” Can Assist Hotel Management In Avoiding “Problem Guests”

“Many hotels now refuse guests based on their perceived or real behavior,” the story says. “For example many hotels in Florida and the Caribbean will not accept reservations for “Spring Break” groups. In Europe, hotels shy away from groups of British Soccer fans.”

Hotels are increasingly interested in swapping information with each other about “bad” guests, just like guests do with “bad” hotels using TripAdvisor, according to Hospitality Business News.

Most hotel guests, naturally, are good.

But when hotels do encounter guests who, for instance, call their credit card company to reverse a charge, assault another guest or even smoke in a non-smoking area, they just might wind up in the type of database maintained by GuestChecker.com.

  • What private information is kept on me?: The database contains a guest’s name, address, and phone number only, as opposed to more personal information such as credit-card number, race or religion. The information is kept in a database with “bank-level security” and is not available to the public.
  • Can hotel managers see the full list?: Hotel managers can’t scroll through the database to see who’s on it. They can only search for specific names and receive a “Match” or “No Match” result.
  • Is this a blacklist?: The company doesn’t call the database a “blacklist” because members “do not have the ability to advise other accommodation providers to refuse service for a guest.” It’s designed to help the next hotel “make an informed decision on how to best prepare for that guests arrival.”
  • What offenses land me on the list?: The company tracks five categories of behavior, with the worst being stealing, assault and non-payment. Lesser offenses would include actions such as smoking in non-smoking areas or using facilities such as the swimming pool or tennis court after hours. “Someone who accidentally knocks over a lamp and offers to pay for it should not be placed in the same category as someone who purposefully trashes a hotel room,” the company says.
  • Who reports me? One person per company or hotel can report a guest for an offense, and GuestChecker.com requires that person be a senior manager. “This stops any malicious reporting by the night watchman, for example,” the company tells Hospitality Business News.
  • How long will I be on the database?: A person could stay on the database for as long as four years.
  • For more:   http://travel.usatoday.com/hotels/post/2010/10/hotel-blacklist-how-do-hotels-define-a-bad-hotel-guest/127726/1

    Comments Off on Hotel Industry Guest Issues: Hotel Guest Databases Such As “GuestChecker.com” Can Assist Hotel Management In Avoiding “Problem Guests”

    Filed under Guest Issues, Management And Ownership, Risk Management, Theft