|By Diana S. Barber, Esq., February 2004
Did you hear the one about the guest who checked in to a luxury hotel
room and found a guest folio print out for the previous guest in the waste
paper basket in the guest room? Personal information was located
on the guest folio and was in the hands of a stranger who had ample opportunity
to steal the previous guest’s identity. This happens all too often
in large and small facilities.
During my recent visit to a 5-star hotel, I walked by an empty meeting
room with the door wide open. On a table just inside the door was
the daily guest recognition report that showed the arrival dates of all
the VIPs and celebrities in the hotel including personal comments about
the guests. It also contained a detailed meeting itinerary for a
professional football team. Personal information of this nature should
never be left in plain view in any public space, but it happens.
Identity theft can occur in hotels and motels and should be taken very
seriously. The Federal Trade Commission has stated that identity
fraud is one of the fastest growing white-collar crimes nationwide and
affects one in four Americans. In 2002, the FTC received 161,819
complaints about identity theft and it is estimated that it costs each
victim more than $1,000 to correct the damage made to their accounts and
their reputations. Identity thieves capture information about your
guests and use it to commit fraud, steal money, and charge items to credit
accounts and even create new accounts. How can you protect your patrons
and guests from being victims of identity theft? Here are some basic
security rules for you to pass on to your managers and supervisors to decrease
the likelihood that your patrons and guests will be the next victims of
Training is the most important rule. Hotel personnel should never announce
out loud the guest’s name and room number at the front desk during check-in
or in the food and beverage outlets in the hotel or facility. If
during the check-in process, you or any of your employees overhears a guestroom
number being announced, immediately assign a different room for the guest.
In addition, instruct your wait staff not to request a guest’s room number
out loud in restaurants. Have the guest write it on a piece of paper
then destroy the paper. Never, ever say the room number out loud.
Believe it or not, this is still happening at hotels and motels across
Instruct your housekeeping staff to leave a kind note for the guest reminding
them to never leave important papers containing personal information in
plain view in your guestroom, the lobby, any of the food and beverage outlets
or in any meeting room space. Remind them to put all personal information,
such as airplane tickets, passports, etc. in the in-room safe located in
the guestroom when absent from the room.
Remind guests, and meeting planners so they can advise their attendees,
to make sure all computers, including laptops and PDAs (which usually contain
valuable and personal information) are secured in all meeting rooms or
hand carried by the owner from the guestroom or meeting room space.
Have your front office and accounting office procedures that address your
efforts to safeguard guests’ personal information in writing and available
for your guests to see. Find out if there are any leaks or
holes in your process. Who has access to guests’ data and is it secured?
Are the employees trained on maintaining the privacy of guests, and how
so and how often? How secure are your fax machines? Does personal
guest information lie around for anyone walking by to see? Hotels
and motels need to focus on these issues and if you haven’t, you need to
do so immediately.
Do not place calls directly to guestrooms without the caller knowing the
name of the guest assigned to the guestroom for that day. Although your
telephone operators want to be helpful to callers, they should never give
out names or partial names of any guests to outside callers.
Do not slip guestroom folios under the guestroom doors the evening prior
to checkout. Mistakes by your night shift hotel staff can and do
happen and valuable personal information may find it’s way into another
guestroom or worse yet, stranded in the middle of the hallway for all guests
and employees to see.
Check the credit card receipts printed from all outlets in your hotel,
such as retail shops and restaurants. Some receipts still print the
entire credit card numbers. Others only print the last four digits
of the credit card number. Having the entire number printed on the receipt
can be hazardous to your guests’ financial health. This is usually a simple
software programming issue and it will protect your guests if you promptly
remedy this situation.
Remind all meeting attendees to remove their convention badges outside
the meeting venue as it provides immediate personal information to any
stranger the attendee passes by. Also, remind meeting planners to
be careful as to what information is stored on the back side of the convention
badges because if it is lost or misplaced, the information displayed, albeit
intended for the ease and convenience of the attendee (such as cell phone
numbers of colleagues), can end up in the wrong hands.
Inspect your wastepaper refuse system or trash dumpsters for your hotel
or facility. It is in a secure area? Is it inaccessible to
the general public? Does a fence or wall surround it? If thieves
will go through your personal household trash receptacles to gain personal
information, imagine what they could find if they gained access to the
waste paper dumpster located at your hotel or motel. Some thieves have
admitted that they go dumpster diving at accounting and law offices to
gain proprietary information. What will they find if they dive into
Be aware of the potential for identity theft with your hotel if you engage
shoptalk or shop call systems. This is when you contract with a third party
provider to record live reservation calls for purposes of spot checking
the reservation agents for compliance efforts and for training purposes.
These audio recordings which include names, addresses and credit card information
are now in the hands of someone, other than the hotel staff, that can abuse
the process and use this information to steal personal information.
Make sure you have written agreements with these companies, together with
clear and precise language in the contracts prohibiting any type of use
of the information contained on the tapes. The information on the
tapes should be limited to hotel use only.
In case one or more of your guests’ identity has been stolen during their
stay at your hotel or motel, be prepared to offer assistance by sharing
with them the FTC hotline for identity theft at 1-877-IDTHEFT (438-4338)
and their accompanying website www.consumer.gov/idtheft.
This will enable them to get a head start on the process to regain control
of their identity.
Diana S. Barber, Esq., former vice president/associate general counsel
for The Ritz-Carlton Hotel Company is the founder of LodgeLaw, A Division
of Barber Law Associates, a law firm specializing in hospitality law.
She also teaches at Cecil B. Day Hospitality School at Georgia State University
and is a member of Georgia Hospitality & Travel Association.
For more information, Ms. Barber can be reached at (770) 813-9363 or firstname.lastname@example.org.