Hotel Privacy: 3 Tips to Ease Your Guests’ Data Worries

By: on August 3, 2017

Consumer paranoia and distrust is at an all-time high regarding their privacy and how their information is being used by companies, and it’s not hard to see why.

According to Gartner research (available to Gartner clients):

  • There were more than 750 identity-related data breaches in the U.S. in 2015.
    • 87 percent of consumers feel that organizations are not doing enough to safeguard their data.

    Even when handing over something as harmless as an email address, many consumers feel a bit nervous:

    How consumers feel when handing over personal information in 2017

    As a hotelier, you should sweat this too—using relationship management tools lets you discover your customers’ journey, customize email marketing and delight guests during their stay, boosting loyalty and encouraging repeat bookings.

    With Gartner research and advice from a data privacy and cybersecurity lawyer, we offer three tips for hotels to develop a genuine privacy policy that quells security and privacy concerns.

    1. Be Transparent About How You Collect and Use Data

    Do you know what happens when companies aren’t open and clear about how they use customer data? Customers offer wrong numbers, emails or addresses: fake information to throw companies off their trail.

    Small and midsize hospitality businesses depend on that data to personalize experiences and set themselves apart from the competition. So how do they make sure consumers feel comfortable providing that information?

    “A good first step would be to contact a local [hotel and lodging] trade association,” says Diane Reynolds, a lawyer with several years of experience in data privacy, cybersecurity and more. “They would likely have a recommendation for one or two law firms that they have negotiated with.”

    These law firms would have serviced potentially hundreds of small businesses and hotels, so getting a basic template for a privacy policy that fits your needs, perhaps with some small tweaks, is simple.

    For example, here’s a public-facing policy posted on the website of Hotel St. Cecilia, a popular boutique property in Austin:

    This policy has a few key aspects:

    • It clearly lays out which businesses the policy applies to
    • It details the methods by which data is collected
    • It is addressed toward the guest in a readable way instead of dense legalese

    As you scroll down, you also find the other critical parts, Reynolds says: what information is collected, specifically how it is collected, how it is used and how it is disclosed.

    Tips for Hotel Privacy Policy Transparency

    • Place universal opt-in and opt-out options on the privacy policy page. Many companies require customers to opt-out multiple times to individual uses of customer data, causing confusion. Instead, offer a single opt-out and explain that it revokes permission for the hotel to use any personal data aside from what’s necessary to book a room or purchase other services.
    • Allow guests to easily ask questions about policy language. Customers may want to get clarification on specific language in the policy, so include some way to facilitate that communication, whether it’s a link to a self-service FAQ page or a pop-up live chat box on your site.

    Reynolds says a common misstep small hotels should avoid is adding language like: “We are the industry leader in cybersecurity” or “We go above and beyond to maintain our data.”

    “Don’t go making promises and representations,” she says. “It sounds good, but if you’re really not doing it, then the [Federal Communications Commission] is going to have a problem with that.”

    2. Avoid Getting Too Personal with Personalization

    Personalization is a strategic way smaller hotels can set themselves apart from the hotel giants. Despite consumer concern about privacy, the Gartner study mentioned above shows that nearly half of those respondents say they’re OK with companies tracking their buying behavior if it leads to more relevant offers.

    So we know even hotel guests want their experience customized, but things can get creepy, fast.

    Tips for Appropriate Hotel Personalization

    • Only use details the guest has specifically opted to share, but be careful.
      • Do use: Birthdays and anniversaries
      • Never use: Financial activities or health-related conditions or events
    • Include a method to collect feedback on the personalization approach. Hotels often gather feedback about several aspects of the experience post-stay, and should also welcome comments or concerns about how personalization improved their stay, or didn’t. This can help hotels tweak their methods over time and avoid offending guests.

    Reynolds agrees that using birthdays and anniversaries to surprise and delight guests with a free bottle of champagne in their room or a free meal on their special day can create a memorable, shareable moment that boosts loyalty.

    “Also, if there’s a wedding where the parents are paying, you could give the parents a gift because of all the business they’re bringing in,” he says.

    Personalization opportunities can also come from indirect sources, like social media. A regular guest of the Gaylord Opryland Hotel tweeted about how much she loved the clock radios in the rooms. Next time she stayed, the hotel left a note and an extra clock in her room for her to take home.

    Finding two clock radios delighted a regular Gaylord Opryland Hotel guest

    Sometimes the best personalization doesn’t revolve around a vast collection of details, but comes from simply paying attention to guest behavior and delighting them with an unexpected treat.

    3. Coach Staff on Internal Policy and How to Not Be Creepy

    Security is about protecting data, whereas privacy is about how information is used and collected. As a result, privacy best practices aren’t always grounded in technology, and extend through the process of training your entire workforce.

    “The external facing policy is really a notice because you’re telling the consumer what your practices are,” Reynolds says. “You should have, on the inside, an actual policy procedure that implements what you say you’re doing externally.”

    All staff members, from the front desk to maintenance workers to housekeepers, need to be trained regularly about privacy policy language. They need to know how to, and how not to, engage with guests regarding personal information.

    Tips for Internal Policies and Training

    • Have internal privacy procedures. Create an internal policy that mirrors what you’re expressing to your customers, and train staff on what constitutes a privacy violation: sharing guest information through their personal devices, or using any information your company has determined is off-limits, for example.
    • Use non-creepy questions. Many hotel organizations have training for front desk staff to use specific questions that are designed to gather information in a way that feels natural:
      • “Do you have any special requests we can accommodate?”—The guest could offer useful information you may not have been able to gather otherwise.
        • “What’s the special occasion?”—Guests who are excited to celebrate a birthday, anniversary or first family vacation are likely to let you know.

      Part of this internal policy should include a standard response for when a violation occurs, Reynolds says.

      “You need to have an incident response plan so you know what to do if and when you have a data incident,” she says, “whether it’s a true breach or not, so you know who to call and how to respond and contain it.”

      Many breaches of privacy (as opposed to security) tend to be on the individual level, meaning they’re not generally from external sources, but from malicious or poorly trained insiders.

      According to a 2015 study, hospitality businesses made up 12 percent of cyber security claims caused by malicious employees, so hotels are one of the prime types of companies for these violations.

      Malicious Insider Involvement in Claims by Business Sectors in 2015

      Reynolds says these kinds of privacy violations are just a part of doing business, so she suggests companies look into cyber security coverage with their business insurance to mitigate the risk of storing personal information.

      How Can Software Help Ensure Data Privacy?

      The leading, modern hotel management software vendors often include customer relationship management (CRM) functionality in their suites, and most are cloud-based.

      While an on-premise installation would require significant IT resources to ensure data security, when the data is stored in the cloud, the software vendors can use their own strong IT resources to protect your guests’ data.

      So when you evaluate hotel management systems, look for:

      • A vendor with a track record of strong security around their cloud data
      • A system that allows managers to limit access of personal data to specific employees, such as marketing managers and front desk staff

      Give our advisors a call at (844) 688-1783 for a free consultation to help you with your search. They’re available to narrow down your list of the top products that fit your functionality needs.

      You may also like:

      5 Tips for Hotel Marketing Mastery on Instagram

      Software Needs Cycle: Must-Have Functionality for Hotel Management

      How to Use Guest Data to Personalize Your Hotel Email Marketing

      Review the Top Hotel Management Systems

      Compare Software
      Share This