If you don't value your own personal data someone else will devalue it

Tim Horton's - a chain of coffee shops based in Canada - has been using a smartphone app downloaded by millions of customers to track their location.

Not just when the app was in use on their phones, oh no.

This app tracked customer locations even when the app wasn't in use.

And they did it for years.

Such is the current state of the penalties for this under Canadian data protection law, that Tim Horton's has announced that it will settle the resulting class action lawsuit by giving all those affected a free coffee and a donut.

That's it.  One coffee.  One donut.

If you're a Tim Horton's customer and you have had your location tracked almost everywhere you've been for a couple of years, that's what they think of you and that is what they think you will settle for.

Having ridden a coach and horses through the fundamental bonds of trust between customer and vendor which are needed in the modern data economy, their assessment of the response to the scandal is very low...

Continue Reading...

How did they know THAT?? - How to avoid the unintended consequences of using personal data


What they don't tell you about collecting guest data for personalisation

Is it a secret?

I mean the personal data your hotel collects in the name of "personalisation".

Is it a secret that you collect it?

Is it a secret that you're going to use it?

Judging by the privacy information on many hotel websites, the casual reader would be forgiven for thinking that it just might be.

Of course nothing could be further from the truth.  Could it?

You have very good reasons for collecting and using personal data.  It is essential for your business.  You need to know what people like so you can sell them more of it.  You need to know how to compete.

Let us be clear

Take a moment to consider what your marketing and sales efforts are actually going to do with personal data.  If you are doing direct marketing properly, this is what you will be doing:

You will be collecting guest personal data, then reflecting it back to them using psychological manipulation to get them to...

Continue Reading...

How to prepare for the data protection and privacy storm

data protection privacy Jul 11, 2022

As though you don't already have enough challenges as a hotelier...

The secret most data protection "experts" didn't share with you when you made your initial compliance efforts back in 2018 is this,

"The world of data protection and privacy is fluid and it moves at a fast pace."

I'll caveat that a wee bit - I know it appears to outsiders that the regulators don't move with quite the same alacrity as the environment they oversee.  The IT press in particular grumbles about this quite a lot.

However you've only got to take an example from the news last week, where the Irish Data Protection Commission raised the prospect of Meta (Facebook) being told to stop transferring EU citizen data to the USA or face the consequences.  Which could result in Facebook not being available to EU citizens.

When regulators move, their actions can have serious consequences.  If your marketing and lead generation uses Facebook adverts, this latest action could simply switch it off for...

Continue Reading...

The danger of hotels using personal data without transparency: The flightless bird

A couple of interesting sets of survey results were published in the last week or so.

One presents some facinating insight on hotel technology as experienced by hoteliers today in mid-2022.  The other takes us to the near future and considers what will be important come 2025.

The current state of hotel technology is discussed in this survey by HotelOperations.com (as presented by the ever-relevant Josiah Mackenzie, if you're not following him you should) which you can read if you click on this link.

The glimpse into the future is presented in a joint report created by Oracle and Skift.com, which you can access from the page this link will take you to if you click it.

From my point of view as a data protection and privacy chap, these are very useful documents.  If you pull up a chair and get yourself a cup of coffee I'll explain why - and why it should matter to you.


Why the Dodo?

It's probably best if I tell you about the Dodo first.

A few years ago, in the early...

Continue Reading...

Unleashing the power of data - or have you got a tiger by the tail?


Your ability to make use of guest data is critical - yet you need to make sure you are using it responsibly.  The consequences of you not paying enough attention to the need to keep personal data safe are serious.

I mean, just look at those teeth!

The power of data is its ability to improve things.  It can be analysed by people who are much cleverer than I am and they can draw conclusions from it which can dramatically improve the livelihoods of other people.  I witnessed this during the Covid pandemic.

Data can also be analysed by machines and artificial intelligence (AI).  The concern about AI is that until it has learned how to do the tasks it is challenged to do it is not much cleverer than I am.  It is however a lot faster than I am.  And that should be a concern for all of us.

You see, something which still has a lot of learning to do, but which is capable of travelling at mind-boggling pace, will be able to make lots of mistakes in many places,...

Continue Reading...

No more random acts of data protection


Is your use of other people's personal data properly managed or will your response to your next data protection challenge be determined by a quick game of rock, paper, scissors?

This is our goal for data protection and privacy in the UK hospitality industry:

"No more random acts of data protection."

It is part of the answer to a very serious problem all hotels face.  The problem is this:

Privacy is contextual.  Your management of privacy and data protection depends heavily on the context of your use of, the availability of and the risks surrounding personal data.  This is a fluid environment, it changes shape regularly.  Which means it can be very frustrating to deal with.

The problem with frustration is that it quickly leads to people not making what might be considered "the best" decisions or introducing "the best" solutions to problems.

Which means you end up with random acts of data protection (and privacy).  For example, think about cookie banners on...

Continue Reading...

People Don't Care About Privacy. Until They Do.

privacy Apr 07, 2021

Like most businesses, we are all dealing with the effects of the COVID-19 virus.  You and I are challenged with the task of running a business during lockdown and trying to work out how to emerge from the restrictions and recover.

A topic close to the heart of the hospitality industry these days is the idea of the "COVID Passport", which the government plans to use to "enable" a return to normal society.

It appears to be a reasonable idea although it turns out the concept of a passport is a hot topic of conversation.  You see, amongst other things, there are data protection and privacy issues.  Such a passport may be used to deny services to people.  It may be used to isolate people.  It may be forged and used fraudulently.  The storage of personal data it would demand (it would need a very big database linking up to other items of personal data about you as an individual) presents a significant risk to your future personal privacy.

Recent surveys...

Continue Reading...

Why Privacy Should Matter To You

personal data privacy Dec 11, 2020

Cards on the table.

We’re not doing this just because a regulation says so.

We protect personal data and privacy because it should matter to each and every one of us.  It makes sense on both a personal and business level.

As we reach the end of one of the most challenging years of our lives, those of us who have made it through ought to be thankful.  We are bruised, in many cases scarred.  Yet we are still here and we are preparing to make 2021 the year we recover.

We end the year with our privacy rights intact.  The GDPR enhanced our rights as individuals over what can be done with our own personal data.

The regulations also makes organisations and businesses responsible for upholding those rights.  Some are doing this now, many are not.  Others are doing it and are making the most tremendous pills of it.

They don't mean to of course.  They just...  are.

For businesses, the opportunity to extract value from personal data is there for...

Continue Reading...

COVID And Contactless Technology In Hotels

privacy Oct 28, 2020

Part of the response to the challenge of running a hotel during the COVID pandemic has been to adopt some contactless technology.

  • Check in has been made contactless.
  • Room keys can now use contactless systems.
  • Systems record attendance of individuals and groups of people.
  • Guests can enjoy the services of a digital concierge.
  • Some hotels have even installed interactive devices in their bedrooms.  Which means guests can now enjoy the delights of communicating with Alexa or the Google digital assistant.

The technology can be really easy to deploy.  In some cases deceptively easy.

Do you know what the technology is really doing?

  • Do you have a data controller/data processor agreement in place for each new technology vendor you have used?
  • Do you know what personal data each system is collecting and what it's doing with it?
  • Do you know where this personal data is being kept and for how long?
  • Have you run any sort of vendor assessment for each technology supplier?
  • Have you...
Continue Reading...

Putting Compliance In Its Place

privacy Oct 25, 2020

Careful Use Of The C-Word

In the world of data protection and privacy, you need to be careful how you use the C word in polite conversation.

A note from the author:

You may have read elsewhere on these pages that we are just a bit sceptical of the notion of "compliance" with GDPR or the Data Protection Act.  Some people have taken me to task about this, so here is an article which clarifies my experience and thinking on the topic.  So many businesses were sold on the pig-in-a-poke notion of "compliance" in the run-up to GDPR being implemented.  It is clear nowadays that compliance on its own just doesn't work.  This is my view on why that might be.

Treat it as a starting point for a discussion, rather than a definition.  Obviously this is based on my own experience.  It would be interesting to take it further.

Allan Simpson - hotelDPO


As you read through the sales blurb created by most privacy management software providers, law firms and...

Continue Reading...
1 2

50% Complete

Two Step

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.