- About Us
- Best Practice
- Contact Us
While the protection of data is essential to a hotel's relationship with its guests and employees, hotels must carefully monitor how they manage the personal information they collect and maintain. In the UK, doing so will ensure the property complies with the Data Protection Act of 1998 and related codes of conduct and legislation. Hotels around the world need to be sensitive to their employees’ and guests’ expectations that their data will be kept secure and confidential, but as a green hotel you want to do this whilst being environmentally conscious at the same time.
There have been many recent reports of businesses not disposing of their personal data securely. Combined with the rise in identity theft, new research shows just how sensitive the issue has become.
Our environmentally friendly waste disposal company Envirowaste has released the results of our survey of businesses in London. Businesses across all sectors were asked one question regarding the confidential documents they didn’t shred.
“Which of the following documents do you most commonly dispose of?”
These were the responses that were given:
With booking information at a whopping 36%, out of the sectors that answered, 81% of the hospitality industry around London said they didn’t shred their confidential documents.
Proper Disposal of Personal Data
In addition to personal data such as booking information, hotels often hold other sensitive data such as credit card slips. All hotels have a duty of confidentiality to their guests and any unauthorised disclosure - even by accident - could not only be a breach of confidence, but also a breach of the hotel’s duty of care.
As well as the obvious legal obligations of correct disposal of data, guests will be concerned that their information doesn’t fall into the wrong hands of fraudsters. The last thing your hotel wants is legal action against any damages or distress suffered.
How can you keep confidential data secure?
Most of the data we collect about people is held on computers. From email contact lists to loyalty scheme customers, we’re constantly creating databases which are subject to Data Protection legislation. Understand your commitments for keeping this safe and put effective measures in place. Perhaps you need to keep customer details on a separate server which can more easily be protected than your main computer system. Make sure your security software is up to date and investigate whether you need to upgrade your firewall.
As no computer system is ever 100% secure, companies could cost effectively and sustainably reduce their risk simply by shredding all their printed confidential documents and having services like Envirowaste pick it up and dispose of it securely, even when recycled.
Although we’re getting better at protecting ourselves online, companies need to ensure policies around confidential documents are being followed by all staff members. There may be a false sense of security that comes with recycling, but shredding documents beforehand ensures nothing slips through the net.
If you use a waste or recycling service, check there are contractual provisions for the data controller to ensure that confidential documents like credit card slips and booking information are shredded and placed in opaque bags or containers, so as to not draw attention to what's inside.
In addition, electronic items like IT equipment and computer disks also contain personal data and this needs to be taken into consideration when disposing of. This is known as WEEE waste, and waste contractors should take responsibility for its safe, green disposal that won’t leave it unsecured and posing a risk.
Data protection is a serious issue but it’s not at odds with good environmental practice. Work with your waste disposal contractors and IT team to ensure you’re protected whilst still upholding your green standards. Solutions do exist.