How Hotels Can Spring Clean Their Information Security Policies Ahead of the Summer Travel Season

Given the kind of information guests provide hotels (i.e. passport copies, driver’s licenses, etc.) it’s worrying to imagine what happens to these documents after the guest leaves the property.
By Ann Nickolas, SVP, Stericycle (provider of Shred-it services) - 5.7.2019

Summer is without a doubt the busiest travel season of the year – last year 42 million Americans traveled on Memorial Day weekend alone. With a significant number of vacationers checking in and out of hotels every day, it’s essential that hotels ensure their information security policies are in place to protect their customers.

Hotels and hospitality companies have faced a slew of cybersecurity breaches over the past few years, and guests are taking notice – in fact, 77% of Americans say that data protection is important to them when deciding which hotel to book. Given this consumer sentiment, it’s crucial that hotels take a proactive approach to security ahead of the summer months. But with cybersecurity a main focus for many hotels and hospitality companies, it’s easy to forget about the more common threats – specifically physical information security. There are hundreds (if not thousands) of people walking in and out of a hotel on any given day, and this constant turnover makes physical security a major risk for hotels.

Shockingly, nearly a third of hotels (32%) admitted they currently have no known policy for storing and disposing of documents. Given the kind of information guests provide hotels (i.e. passport copies, driver’s licenses, etc.) it’s worrying to imagine what happens to these documents after the guest leaves the property. They could sit in unlocked cabinets for years, increasing the probability that they fall into the wrong hands.

However, this isn’t just a consumer perception issue. Since hotels collect and store guests’ financial information, such as credit card numbers and rewards numbers, they also have a legal responsibility to follow regulations in place around information security including the EU’s General Data Protection Regulation (GDPR), the Gramm-Leach Bliley Act, and the Sarbanes-Oxley Act.

Let’s dive into how hotels can get ahead of the summer travel season by spring cleaning their information security policies.

Fighting Negligence Through Employee Training

Employee negligence is a major problem that must be addressed in the hospitality sector, particularly due to the high turnover rate in the industry in the U.S. – the Bureau of Labor Statistics estimated nearly a 74% rate. This makes it tough for hotels to consistently ensure all employees are appropriately trained in security policies.

Furthermore, hotel training policies can be different for various positions – for example, management positions may have a different onboarding process and continual training schedule than housekeeping positions. However, streamlining security training processes across all employees by implementing it into the onboarding process is an efficient way to ensure the high employee turnover rate doesn’t put your hotel’s information security at risk.

Implementing a Clean Desk Policy  

Although some hotels have gone paperless, a large number still use a variety of paperwork to check their guests in and out. From signing check-in and check-out forms to payment consent, to add-on items such as activities or renting a car, countless documents cross the front desk every day.

During the busy summer travel season with back-to-back guests checking in and out, it may be difficult for employees to find the time to properly store or destroy those documents. However, this disorganization can not only create chaos in the back office, but also a major security risk for the hotel as sensitive documents left out in the open can be stolen or visually hacked.

To combat this clutter problem, hotels should implement a Clean Desk Policy, enforcing a clear working surface at the front desk (and in any employee offices) and thus mitigating security risk. The policy requires all employees to keep the desk clear and information filed and locked away in secure areas or drawers. 

Understanding Consumer Expectations

A guest’s first impression when they walk in the door of your hotel is perhaps the most important touchpoint when it comes to physical security. Most guests are carrying multiple sensitive documents from passports and credit cards to confidential business documents, so security is top of mind from the beginning of their visit. There are specific initiatives that hotels can invest in to improve the feeling of security when guests step through the doors to the lobby and swipe the key into their rooms.

One simple strategy is to have employees more identifiable with matching uniforms and name tags – ensuring guests feel comfortable knowing they’re talking to a real employee. Additionally, installing lockable cabinets and safes in guest rooms and secured storage in business centers will help provide your guests with peace of mind that their important and confidential documents are secure.

 With the busy season ahead of us, there’s still times for hotels to review and update their information security policies – providing employee training, implementing a clean desk policy and implementing new policies to meet guests’ expectations are all good ways to start. Knowing this, how will you work to change your hotel information security policies this spring?

Ann Nickolas is SVP at Stericycle, the provider of Shred-it information security solutions, where she oversees new business development and account management for customers in the commercial, health care and government verticals. Nickolas helps businesses secure their confidential information with products, services, policies and training that help protect them from the risks, fines, penalties and loss of revenue that come with an information breach.


Are you an industry thought leader with a point of view on hotel technology that you would like to share with our readers? If so, we invite you to review our editorial guidelines and submit your article for publishing consideration.