HFTP Blog
August 1, 2019

The Right to Privacy and How to Protect It

Annual Convention
Written by HFTP Publications
Written by: Paul West...From Blockchain and distributed ledger technologies to prioritizing data protection, privacy and security — each of my sessions taking place at the HFTP 2019 Annual Convention this October will present the opportunity to get a straight summary on these ubiquitous topics....
Introduction to Blockchain and Distributed Ledger Technologies is an excellent overview of the titled technology that will define the key concepts involved to help everyone and anyone understand what is being touted as so promising to a very wide variety of industries, including hospitality....Prioritize Data Protection, Privacy and Security is a summary view of the key points to consider when it comes to protecting and securing our valuable data from malicious threats, while also addressing what is potentially becoming a more tedious and “slippery” process in data privacy compliance.

I am looking forward to breaking down both topics so that everyone (both technical and non-technical) can understand the general concepts and what is happening around us.

Consequently, I hope to extract the most important issues and distill them so that everyone can approach their challenges more sensibly and knowledgeably....Introduction to Blockchain and Distributed Ledger Technologies Friday, October 25 | 10:20–11:35 a.m....I would begin first by saying that it has already been more than a few years since I became so intrigued (yet a little confused) by the flood of articles on Blockchain that I began to research it for myself. It is already being deployed in banking capital markets, insurance, logistics, retail, and now within the hospitality industry — one to which I believe it may be perfectly suited....As I found it to be a bit confusing, even as a technology person, I suspected then that many others would also be a little perplexed about what all the fuss is about, especially those not technologically inclined....To address the uncertainty, I thought it would be helpful to find an effective way to summarize and articulate the concepts of this exciting technology broken into its basic components, while still defining the key concepts of its structure. Again, this is not a technical session, but I must discuss at least some technical items in order to properly define the concept....Everyone should know, too, that this is not a session about bitcoin or cryptocurrency, although these two terms often seem to be intertwined with Blockchain (hence, another cause for confusion). Of course, I will address them, as I will discuss the similarities and differences among the variations in distributed ledger technologies. As with Blockchain, I will try to do so in the simplest manner possible, with as little technical jargon as possible....Attendees can expect a number of definitions with examples of methods to share business processes and data across multiple organizations while eliminating waste, reducing the risk of fraud and creating new revenue streams. Learn helpful details about related terms like smart contracts, d’apps, consensus, closed/opened decentralized networks, immutability of data — and of course cryptocurrency, bitcoin, blockchain, and distributed ledger technologies....You can rest assured that I expect to make everyone more comfortable with these topics before departing the session. That is, any owner, manager or other attendee who is not at all technical will leave with a better understanding of how this technology could be applied to their own most complex, time-consuming and (up to now) unsolvable problems....Finally, I will ensure that everyone who leaves the room can say, “Now, I get it! This is pretty cool, and I can’t wait to see how things really play out!” The funny thing is that I still say the very same thing today. This really is pretty cool — and I cannot wait to see how things really play out....Prioritize Data Protection, Privacy and Security Wednesday, October 23 | 1:15–2:05 p.m....Without a doubt, the personal data from our guests is what keeps our businesses competitive and contributes to their profitability. This, in turn, drives cost savings and revenue to contribute to profitability. This is especially true in the hospitality industry, where our clients are our guests. Knowing what they may want or not want while at your property is paramount to your success — which is to say, a means to deliver repeat business....Data saved on computer disks was originally kept in a separate room behind a locked door on a password-protected unit that only a select few could access. The advent of the network made this easier for more people to access and share the data, but again, this was still mostly within the same floor or building or general office. None of the original ideas of networking security were really designed for the global, omnipresent and now rather casual reach of the Internet and the pervasive applications that allow for connectivity by everyone, anywhere at any time....Now, this valuable data — which is your responsibility to protect and keep private — is spread to so many interfaced or integrated applications that are beyond the walls of your operation (to vendors, third parties, hosting services, etc.). Thus, it has been made far more difficult to protect. And, it attracts far more malicious characters than your average teenage hacker. These characters are constantly trying to compromise your data in order to execute extortion on the business or damage its operations, services and reputation.

As a cyber insurance and risk management advisor, I always add that it is not a matter of IF your data will be compromised — but when.

There are a host of new regulations to consider that can be crippling if violated. But compliance to the regulations is so time-intensive, costly and complicated. And none will necessarily assure that you will not be compromised....The most common challenges are the implementation of new security and tracking technologies, and maybe the addition of new positions to address them. It is a delicate dance that involves upgrading legacy applications and patching the current ones. There is also the inconvenience of penetration testing and time-sensitive security and event management. The data journey must be successfully mapped through every potential connection. Also, effective user training requires updated internal and external policies and procedures....As if that short list above were not challenging enough, everything must be performed without affecting the execution of proper guest service, flow of business and the general convenience of daily operations....As a cyber insurance and risk management advisor, I always add that it is not a matter of if your data will be compromised in some manner, but when. It is imperative that a company create a flexible contingency and recovery plan that is continually updated, tested and rehearsed — one that also utilizes a multitude of players from several departments who are cross-trained....Let us not forget, of course, the most challenging of all is the education of your employees. No matter how intent on perfecting a data protection and security plan, its overall success will ultimately rest on the untimely key press of the employee finger who (although he or she may have been paying attention at the onboarding security training) really needed to have that training repeated again — and again, and again....
Paul West is a technical advisor and risk management counselor with GapSpot! Technical Solutions. He is presenting two sessions at the HFTP 2019 Annual Convention — which will be held October 23–25 at the Rosen Centre Hotel in Orlando, Florida, USA. Register today to attend.
2019 Annual Convention Ask the Expert blockchain Data Protection distributed education Florida HFTP hospitality ledger Orlando privacy Rosen Centre Hotel security technologies technology USA