The hospitality industry faces unique information governance challenges. The management of sensitive personal credit information (PCI) has increasingly become a concern for the hospitality and travel industry as the introduction of new technologies has left these organizations vulnerable. Hospitality and retail cyber security have received increasing attention from the Federal Trade Commission. Recent incidences of sophisticated hacks on major hotel chains have raised questions about what the appropriate privacy practices and procedures are and how they must not only be implemented, but measured. Considering the amount of sensitive information captured on a daily basis, a practical cyber security approach is now mandatory to make it easier to store, access, protect and secure personally identifiable information (PII) and PCI.
In order to sufficiently address these challenges, corporate parents need to take a top down approach that outlines information management and security requirements, how to handle a breach (response team) and compliance training for employees. Poor decisions and/or lack of the appropriate technological investment made by the franchisees affect the overall system and reputation of the corporate parent. Other issues for hospitality include the
- Lack of a central governmental body in the United States to regulate cybercrime, data theft and data breach
- Need for insurance policy coverage for data breaches, and the correspondent liability between the corporate franchisor and franchisees
- Global implications of privacy requirements for multinationals, data breach and data transfer
- Posture of pending litigation and motions
- Present policies for information management, document retention, privacy, data transfer, data expiry and cyber security
- Need to revise existing compliance program for Business Associate Agreements, with special attention on cloud solutions
- Need for updates to the corporate and franchisee data maps
- Need for reporting functionality on a system wide basis for training, best practices and compliance reporting to protect corporate.