Hotel and Hospitality Data Security

The hospitality and hotel industry is under constant threat from data security breaches. The potential threat to loss of customer data can be expensive and devastating to your companies reputation. Data such as social security numbers, birth dates, credit card numbers, CVV codes are potentially exposed. Every hospitality organization knows these are key pieces of data that must be kept private and secure via encryption but what’s not known are other sources of data breaches of the organization, customers and staff that pose additional vulnerabilities.

Guest Identifiers & Privacy Regulations

Hotels insecurely store lots of guest data that is also considered to be personally identifiable information (PII) subject to privacy laws, especially when several identifiers are combined. Under California privacy laws, for example, a user name combined with a password and an email adds up to PII. That combination could be used to, for example, cash in stolen loyalty points. Privacy regulations are on the rise, and typically a hotel must follow the privacy law that applies to where a guest is from, not where the hotel is located. International laws can be even more restrictive.

Guest data is strewn across a wide and surprising range of data stores — for example, recorded audio in the call center, on which guests share sensitive data, or faxed copies of reservations made when the digital message failed to send. PII is also passed to partners where the brand no longer controls it but may be held responsible for its security, at least in guests’ eyes. Employee data is also pervasive across multiple systems.
Many hotels collect data for one reason and then use it for another, unwittingly violating privacy laws. One inappropriate use case example: using PII from the VIP room list at a LGBT event held by a group at the hotel to market a Pride weekend promotion to that person.


Validity and it’s partners are well versed in the latest software, hardware and technology that can protect any hospitality company from exposing their customers, employees and business data from potential hackers. Contact us to learn more about options to protect your company.