If you don't value your own personal data someone else will devalue it

Tim Horton's - a chain of coffee shops based in Canada - has been using a smartphone app downloaded by millions of customers to track their location.

Not just when the app was in use on their phones, oh no.

This app tracked customer locations even when the app wasn't in use.

And they did it for years.

Such is the current state of the penalties for this under Canadian data protection law, that Tim Horton's has announced that it will settle the resulting class action lawsuit by giving all those affected a free coffee and a donut.

That's it.  One coffee.  One donut.

If you're a Tim Horton's customer and you have had your location tracked almost everywhere you've been for a couple of years, that's what they think of you and that is what they think you will settle for.

Having ridden a coach and horses through the fundamental bonds of trust between customer and vendor which are needed in the modern data economy, their assessment of the response to the scandal is very low...

Continue Reading...

How did they know THAT?? - How to avoid the unintended consequences of using personal data


What they don't tell you about collecting guest data for personalisation

Is it a secret?

I mean the personal data your hotel collects in the name of "personalisation".

Is it a secret that you collect it?

Is it a secret that you're going to use it?

Judging by the privacy information on many hotel websites, the casual reader would be forgiven for thinking that it just might be.

Of course nothing could be further from the truth.  Could it?

You have very good reasons for collecting and using personal data.  It is essential for your business.  You need to know what people like so you can sell them more of it.  You need to know how to compete.

Let us be clear

Take a moment to consider what your marketing and sales efforts are actually going to do with personal data.  If you are doing direct marketing properly, this is what you will be doing:

You will be collecting guest personal data, then reflecting it back to them using psychological manipulation to get them to...

Continue Reading...

The danger of hotels using personal data without transparency: The flightless bird

A couple of interesting sets of survey results were published in the last week or so.

One presents some facinating insight on hotel technology as experienced by hoteliers today in mid-2022.  The other takes us to the near future and considers what will be important come 2025.

The current state of hotel technology is discussed in this survey by HotelOperations.com (as presented by the ever-relevant Josiah Mackenzie, if you're not following him you should) which you can read if you click on this link.

The glimpse into the future is presented in a joint report created by Oracle and Skift.com, which you can access from the page this link will take you to if you click it.

From my point of view as a data protection and privacy chap, these are very useful documents.  If you pull up a chair and get yourself a cup of coffee I'll explain why - and why it should matter to you.


Why the Dodo?

It's probably best if I tell you about the Dodo first.

A few years ago, in the early...

Continue Reading...

Unleashing the power of data - or have you got a tiger by the tail?


Your ability to make use of guest data is critical - yet you need to make sure you are using it responsibly.  The consequences of you not paying enough attention to the need to keep personal data safe are serious.

I mean, just look at those teeth!

The power of data is its ability to improve things.  It can be analysed by people who are much cleverer than I am and they can draw conclusions from it which can dramatically improve the livelihoods of other people.  I witnessed this during the Covid pandemic.

Data can also be analysed by machines and artificial intelligence (AI).  The concern about AI is that until it has learned how to do the tasks it is challenged to do it is not much cleverer than I am.  It is however a lot faster than I am.  And that should be a concern for all of us.

You see, something which still has a lot of learning to do, but which is capable of travelling at mind-boggling pace, will be able to make lots of mistakes in many places,...

Continue Reading...

Customer Data: Whatever it is, it's NOT voluntary

personal data May 17, 2022

The notion of the use of someone's personal data by a business being somehow "voluntary" crops up from time to time.  It has done so again today in an article about the interesting new advertising proposals from Marriott.  You can read about it here.

The issue here is not the proposed use by Marriott of their app related data (although we will perhaps look at hotel apps and how some of them use personal data another day).  No.  Today I am taking issue with the following sentence which appears in this article.  It says,

"As consumers opt out in large numbers, travel marketers think more about capturing and using so-called first-party data like email addresses that consumers voluntarily share with brands, such as when joining a hotel loyalty program."

Here's the thing.  People never give you their personal data voluntarily.  No they don't.  Not ever.

(to be fair, I don't think Marriott themselves use the "V" word, I think it's the journalist who...

Continue Reading...

No more random acts of data protection


Is your use of other people's personal data properly managed or will your response to your next data protection challenge be determined by a quick game of rock, paper, scissors?

This is our goal for data protection and privacy in the UK hospitality industry:

"No more random acts of data protection."

It is part of the answer to a very serious problem all hotels face.  The problem is this:

Privacy is contextual.  Your management of privacy and data protection depends heavily on the context of your use of, the availability of and the risks surrounding personal data.  This is a fluid environment, it changes shape regularly.  Which means it can be very frustrating to deal with.

The problem with frustration is that it quickly leads to people not making what might be considered "the best" decisions or introducing "the best" solutions to problems.

Which means you end up with random acts of data protection (and privacy).  For example, think about cookie banners on...

Continue Reading...

Why Privacy Should Matter To You

personal data privacy Dec 11, 2020

Cards on the table.

We’re not doing this just because a regulation says so.

We protect personal data and privacy because it should matter to each and every one of us.  It makes sense on both a personal and business level.

As we reach the end of one of the most challenging years of our lives, those of us who have made it through ought to be thankful.  We are bruised, in many cases scarred.  Yet we are still here and we are preparing to make 2021 the year we recover.

We end the year with our privacy rights intact.  The GDPR enhanced our rights as individuals over what can be done with our own personal data.

The regulations also makes organisations and businesses responsible for upholding those rights.  Some are doing this now, many are not.  Others are doing it and are making the most tremendous pills of it.

They don't mean to of course.  They just...  are.

For businesses, the opportunity to extract value from personal data is there for...

Continue Reading...

So You Think Your Cards Are Safe? Mistakes Happen!

data breach personal data Nov 11, 2020

Just when we thought we had all recovered from the Marriott data breach, up pops Prestige Software, a Spanish software developer, who have put at risk possibly 10 million sets of transaction data going back to 2013.

You can read about it here - https://www.infosecurity-magazine.com/news/hotel-booking-firm-leaks-data/

Why Does This Matter?

First, it's not a malicious attack.  This one was caused by the most common method.  Someone made a mistake.

Mistakes happen.  In this case, someone misconfigured an Amazon AWS server.  For those of you who neither know nor care what that is, it's the computers on which much of our online activity is stored.  They are quite complex things.  Most of your technology data processors run their stuff on something similar.  It's all well and good as long as you employ people who now what they're doing and you have effective security and work monitoring in place.

Someone either didn't know what they were doing or...

Continue Reading...

Personal Data In Hotels - Are You Bad Food Or Dirty Kitchen?

personal data Oct 24, 2020

As a hotelier you are keenly aware of your reputation locally.

There will be restaurants in your area which are queued out the door at peak times while others just seem to have the couple sat in the window table.  They wandered past and made the mistake of venturing inside and have now been used to make the place look busy.

People get to know what is good and what is bad and they respond accordingly.  When it comes restaurants, if the food is bad people will quickly make up their minds about whether or not to return.

And when the food is bad, they don't come back.  It can take a lot of effort to encourage people to come back and purchase again when their last meal with you tasted as though it had been strained through the sous chef's underwear.

I know this because I've run a few hotels.  Some better than others.  I've also managed catering outlets which churned out phenomenal volumes of food.

Get the flavours or textures wrong and recovery can take a...

Continue Reading...

What Do Military Tanks Have To Do With Protecting Personal Data?

personal data Aug 31, 2020

The way that the military goes about protecting our society came under sharp focus last week when the British Army announced a review.  This involves the future of main battle tanks and may involve them being either mothballed or scrapped.

Not something you would immediately associate with personal data protection and privacy I grant you.

Until you read what the head of the Army, General Sir Mark Carlton Smith, had to say on the matter.

In a recent speech he suggested the usefulness of the tank was diminishing in modern warfare.  This is what he said,

"The main threat is less missiles and tanks.  It's the weaponisation of those elements of globalisation that hitherto made us prosperous and secure, such as mobility of goods, people, data and ideas."

Look at that!  He said DATA!

More than that!  He said THE MOBILITY OF DATA!

Part of the reason for scrapping the older warfare capabilities is the need to invest in new capabilities.  One of which is...

Continue Reading...

50% Complete

Two Step

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.