Consumer privacy is a hot topic that is not going away any time soon. Guests are increasingly concerned about their personal information—and for good reason. Frequent data breaches, improper collection and usage, sharing and selling without consent, unwanted solicitations, ignored preferences, and identity theft are all too common.
To combat this, new legislation and rules are being rolled out around the world to allow consumers to control who has access to their personal information and how it is used. This includes rights such as: affirmative express consent, right to requesting copies or deletion of personal data, right to know or change how personal data is used (e.g., shared or sold), right to say no, and the right to be informed of a data breach.
While it’s a good rule of thumb for all domestic businesses, companies that market and sell to customers who reside in Europe need to be compliant with the European Global Data Protection Regulations (GDPR), whose goal is to give control to individuals over their personal data and to simplify the regulatory environment. In the United States, the upcoming California Consumer Privacy Act (CCPA) set to go in effect in January 2020 and proposed legislation from Vermont and South Carolina are the latest topics in privacy. There is also growing momentum for the creation of a national consumer privacy policy, based on the history of “Do Not Call” legislation. Creating a single, national privacy policy has the obvious benefit of reducing the number of policies with which companies are required to comply.
According to a November 2018 report by market research company, Forrester, Predictions 2019: Privacy And Data Ethics, “The marketing-privacy ecosystem is about to change—again. If 2018 was the year of regulatory action, then 2019 will be the year of consumer action. This will open new opportunities for brands that choose to make privacy a competitive differentiator, and create significant business risk for those that choose to ignore it.” The report went on to say, “New laws give people new rights to exercise; new tools make it easier to hide from marketers; and new approaches to transparency and consent will finally give people the ability to make purchase decisions based on how a company treats personal information.”
Becoming a Customer Data Privacy Ambassador
This is a pivotal time for businesses like hotel organizations to transform into one that protects and honors consumers’ privacy choices and preferences. That protection will translate into elevating the brand, guest satisfaction, and, most importantly, customer retention, which then contributes to increased revenue.
In the Forrester report Make Privacy A Competitive Differentiator, Fatemeh Khatibloo helps marketers navigate the complex connections between privacy, trust, and ethical data use. “Consumers are increasingly aware of the value of their personal data. As a result, companies can no longer afford to dismiss customer concerns about the use of that data—failure to respect customers’ data preferences will drive them to more customer-obsessed competitors,” she wrote in the report.
To become a “Customer Data Privacy Ambassador,” here are five key focus areas for hotels.
1Affirmative Express Consent
Require affirmative express consent prior to collecting and using consumer data. Provide a link to the hotel’s current privacy policy to answer any question by the consumer about their privacy. Also, provide a clear and conspicuous mechanism directly adjacent to where the consumer data is entered and only collect the data that is needed.
2Simplify Policies
Simplify the privacy policy and consumer choice options by providing easy access for the consumer to change consent or contact preferences and request for their personal information.
3Provide Preference Options
Provide guests with choice and contact preferences—for example, time, date, channel, offer, and product.
4Secure Data
Secure and protect customer data by implementing and maintaining technical and organizational measures to ensure data security. Limit access to data only to those who have a need and protect the data using encryption in motion and at rest.
5Focus on Guests
Build a customer-focused privacy response process for authenticating identity for customers from third-party data sources, handling special situations, and creating processes that walk consumers through the data removal process or personal data requests.