I Learned a New Word Today

data protection Jan 13, 2022

I learned a new word today.

It was in a Privacy Policy.

Just when I thought the depths had already been plumbed as deep as they would go with privacy policies, some idiot presented me with this,


Yes, I had to go and look it up.  My memory isn't what it once was.

It was used in the context of trying to impress upon the reader that the website using this privacy policy was collecting personal data of such little consequence that we needn't bother or concern ourselves about it.  Specifically it was used to describe the data collected during the website visit.  You know, unimportant things like IP addresses...

As in, "We collect a nugatory amount of data when..."


Dictionary Definition

The dictionary definition of "nugatory" is, "of no value or importance", or, "useless or futile".

Which raises an important data protection question, to be answered by the smart alec who wrote this particular privacy policy.

If the data you collect is "of no value or...

Continue Reading...

Personalised or Creepy?


Let's Make It Personal

There is no shortage of articles in hotel industry websites and blog telling you that "personalisation" is the way towards recovery or success.

Yes, they're probably right.  Personalisation IS important when you're trying to sell to people.  We all like being treated as individuals.  We all like it when it appears as though we really matter to someone else.  In the absence of eye contact, you can use a name and you can use what you know about behaviour.

(Before you post a comment that you can use eye contact online if you use Zoom/Teams/etc - yes you can but you need to be really, really careful - I promise you I'll address this in another blog post, let's just restrict ourselves to personalisation by name and behaviour today)

I like getting emails from people who use my first name and spell it correctly.  It's an important first step for me.  When an organisation has taken the time to associate my name with their message and has...

Continue Reading...

Privacy notices are for customers. Not lawyers.

data protection Jul 12, 2021

Over the last few years I have spent some time getting annoyed about privacy notices (see video above).

It is now just frustrating.  You see, businesses all over the world seem to think they should publish a long-winded, hard-to-read "privacy policy" on their websites.  Few people read them, mainly because they simply can't be bothered to try.  The prospect of scrolling down the privacy policy page for hours at a time puts people off.

Which is a pity because a properly presented privacy notice (which is not a privacy policy) can be used to create and build trust with your customers.  You need trust if you're going to sell them anything at a worthwhile price.  Boring privacy policies just don't do it.

I have wondered just why senior business people and owners follow this itensely stupid behaviour - of publishing a difficult to read privacy policy, then hiding it at the foot of their website and doing their best not to attract attention to it.

Part of the...

Continue Reading...

People Don't Care About Privacy. Until They Do.

privacy Apr 07, 2021

Like most businesses, we are all dealing with the effects of the COVID-19 virus.  You and I are challenged with the task of running a business during lockdown and trying to work out how to emerge from the restrictions and recover.

A topic close to the heart of the hospitality industry these days is the idea of the "COVID Passport", which the government plans to use to "enable" a return to normal society.

It appears to be a reasonable idea although it turns out the concept of a passport is a hot topic of conversation.  You see, amongst other things, there are data protection and privacy issues.  Such a passport may be used to deny services to people.  It may be used to isolate people.  It may be forged and used fraudulently.  The storage of personal data it would demand (it would need a very big database linking up to other items of personal data about you as an individual) presents a significant risk to your future personal privacy.

Recent surveys...

Continue Reading...

Why Privacy Should Matter To You

personal data privacy Dec 11, 2020

Cards on the table.

We’re not doing this just because a regulation says so.

We protect personal data and privacy because it should matter to each and every one of us.  It makes sense on both a personal and business level.

As we reach the end of one of the most challenging years of our lives, those of us who have made it through ought to be thankful.  We are bruised, in many cases scarred.  Yet we are still here and we are preparing to make 2021 the year we recover.

We end the year with our privacy rights intact.  The GDPR enhanced our rights as individuals over what can be done with our own personal data.

The regulations also makes organisations and businesses responsible for upholding those rights.  Some are doing this now, many are not.  Others are doing it and are making the most tremendous pills of it.

They don't mean to of course.  They just...  are.

For businesses, the opportunity to extract value from personal data is there for...

Continue Reading...

So You Think Your Cards Are Safe? Mistakes Happen!

data breach personal data Nov 11, 2020

Just when we thought we had all recovered from the Marriott data breach, up pops Prestige Software, a Spanish software developer, who have put at risk possibly 10 million sets of transaction data going back to 2013.

You can read about it here - https://www.infosecurity-magazine.com/news/hotel-booking-firm-leaks-data/

Why Does This Matter?

First, it's not a malicious attack.  This one was caused by the most common method.  Someone made a mistake.

Mistakes happen.  In this case, someone misconfigured an Amazon AWS server.  For those of you who neither know nor care what that is, it's the computers on which much of our online activity is stored.  They are quite complex things.  Most of your technology data processors run their stuff on something similar.  It's all well and good as long as you employ people who now what they're doing and you have effective security and work monitoring in place.

Someone either didn't know what they were doing or...

Continue Reading...

"How May I Compromise Your Stay?" - Marriott Data Breach Lessons

data protection Oct 30, 2020

Today we learned of the Information Commissioner's Office (ICO - the data protection regulator in the UK) decision to fine Marriott Hotels for a breach of data protection regulations.

The fine in the UK is £18.4 million.  Which is a serious amount of money.

A group legal action, currently waiting in the wings, is likely to heap further financial penalties on the hotel group.  Now the ICO has completed its investigation and imposed a fine, all a lawyer needs to do is point at the ICO paper work and repeat what it says.

You can read about it in this article on the BBC website.

The Lessons For Hoteliers

  1. If you are buying a hotel, it will include the personal data belonging to previous and prospective hotel guests.  Make sure the vendor has been paying enough attention to the task of looking after that personal data.
  2. The devil is in the machines.  Hotels use a great many 3rd party data processors.  Many of them collect personal data and keep it for longer...
Continue Reading...

COVID And Contactless Technology In Hotels

privacy Oct 28, 2020

Part of the response to the challenge of running a hotel during the COVID pandemic has been to adopt some contactless technology.

  • Check in has been made contactless.
  • Room keys can now use contactless systems.
  • Systems record attendance of individuals and groups of people.
  • Guests can enjoy the services of a digital concierge.
  • Some hotels have even installed interactive devices in their bedrooms.  Which means guests can now enjoy the delights of communicating with Alexa or the Google digital assistant.

The technology can be really easy to deploy.  In some cases deceptively easy.

Do you know what the technology is really doing?

  • Do you have a data controller/data processor agreement in place for each new technology vendor you have used?
  • Do you know what personal data each system is collecting and what it's doing with it?
  • Do you know where this personal data is being kept and for how long?
  • Have you run any sort of vendor assessment for each technology supplier?
  • Have you...
Continue Reading...

Putting Compliance In Its Place

privacy Oct 25, 2020

Careful Use Of The C-Word

In the world of data protection and privacy, you need to be careful how you use the C word in polite conversation.

A note from the author:

You may have read elsewhere on these pages that we are just a bit sceptical of the notion of "compliance" with GDPR or the Data Protection Act.  Some people have taken me to task about this, so here is an article which clarifies my experience and thinking on the topic.  So many businesses were sold on the pig-in-a-poke notion of "compliance" in the run-up to GDPR being implemented.  It is clear nowadays that compliance on its own just doesn't work.  This is my view on why that might be.

Treat it as a starting point for a discussion, rather than a definition.  Obviously this is based on my own experience.  It would be interesting to take it further.

Allan Simpson - hotelDPO


As you read through the sales blurb created by most privacy management software providers, law firms and...

Continue Reading...

Personal Data In Hotels - Are You Bad Food Or Dirty Kitchen?

personal data Oct 24, 2020

As a hotelier you are keenly aware of your reputation locally.

There will be restaurants in your area which are queued out the door at peak times while others just seem to have the couple sat in the window table.  They wandered past and made the mistake of venturing inside and have now been used to make the place look busy.

People get to know what is good and what is bad and they respond accordingly.  When it comes restaurants, if the food is bad people will quickly make up their minds about whether or not to return.

And when the food is bad, they don't come back.  It can take a lot of effort to encourage people to come back and purchase again when their last meal with you tasted as though it had been strained through the sous chef's underwear.

I know this because I've run a few hotels.  Some better than others.  I've also managed catering outlets which churned out phenomenal volumes of food.

Get the flavours or textures wrong and recovery can take a...

Continue Reading...
1 2

50% Complete

Two Step

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.