In the last two days I have written about how British Airways and Marriott face nine-figure fines for GDPR violations related to their data breaches. These fines can be up to 4% of the annual income of a company, so fines have the potential to be mbadive.
Although it is not so big, @Dailybits Y @fotograaf point out another very interesting hotel data breach. This time we are not talking about a fine of tens of millions of pounds sterling, and we are not talking about something that has affected tens of millions of people.
We are talking about a hotel breakfast. The GDPR compliance tracker shows a fine of July 2 against the World Trade Center in Bucharest (which has a Pullman hotel) for an amount of 15,000 euros. The breach? A list with the names of 46 guests who had the right to breakfast at the hotel was photographed by an unauthorized party.. Here is the summary of the incident:
The violation of data security was that a printed list used to verify breakfast customers and that contained personal data of 46 clients who stayed at the hotel WORLD TRADE CENTER BUCHAREST SA was photographed by unauthorized persons outside the hotel. company, which led to the disclosure of personal information. Data of some clients through online publication. The operator of WORLD TRADE CENTER BUCHAREST SA has been sanctioned because he has not taken measures to guarantee that the data is not disclosed to unauthorized third parties.
It is said that the hotel did not implement adequate technical and organizational measures to guarantee an adequate level of security.
I totally agree that this hotel did not do enough to protect customer data, although am I the only one who feels this is totally common? Likewise, I think hotels do not do enough to protect guest data.
For example, I can not count how many times I've seen the guest list at the host's breakfast stand, or how many times I've seen a guest list in a cleaning cart. Similarly, some hotel gyms make you sign your name and room number on a list that everyone can see, which also seems to be a big violation.
I absolutely believe that hotels should do better than this to protect customer data, although if this is worth it, I think the vast majority of hotels have a fine like this on the way.
What am I missing?