8 March 2022
The rules around data privacy and cybersecurity are constantly evolving. In order to protect themselves from liability, hotel owners should pay attention to ongoing legal developments and learn more about their own data infrastructure.
Bob Braun, senior member of JMBM’s Global Hospitality Group® and Co-Chair of the Firm’s Cybersecurity & Privacy Group, explains why hotels need to understand exactly what data they hold, where it is stored and who has access to it.
Facing the Knowledge Gap: Why Hotels Need “Visibility” to
Avoid Data Privacy Liability
by Bob Braun, Hotel Lawyer
Addressing privacy compliance and cybersecurity is becoming more and more challenging for companies. At least 26 states are considering various kinds of data privacy laws. At the same time the rate, depth, and impact of ransomware, wiperware and data breaches has become more intense and more expensive, and there is no indication that the trend will end soon. Hotel companies, as holders of significant amounts of personal information and highly dependent on computer networks for daily operations, are particularly at risk in this environment.
A hotel company that seeks to comply with privacy mandates, and to prepare for and defend against a data breach, requires knowledge – it requires visibility.
What does that mean? To achieve visibility, a hotel brand, manager or owner needs to increase its knowledge of key elements of its data infrastructure:
See Your Network
Most hotel executives, other than chief technology officers and chief financial officers, have little knowledge of their network. But understanding what data is stored on the network, how the various parts of the network interact, and who has access to the network (and what kind) is essential to evaluating risks, complying with privacy laws, and preparing and defending against attacks. This means not only knowing what is supposed to be on the network, but the “silent” nodes as well – things like unused servers and the devices that attach to the network, such as personal laptops, smart phones and tablets. As hotels become increasingly automated – by relying on smartphones to substitute for keys and allowing touchless registration – being able to see the full scope of the network is challenging but essential. CONTINUE READING →