Accor Hotels is rolling out a multi-million-pound encryption system as part of a programme to safeguard customers'...
personal information, including credit card details, from the risk of identity theft.
The hotel chain is thought to be one of the first to use encryption technology to safeguard customer data held on hotel systems, central databases and the internet.
It will roll out the encryption system from security software firm RSA to more than 1,300 hotels across North America this year, and is evaluating a roll-out across Europe.
The project follows growing concern from organisations that identity theft and leaks of personal data can irreversibly damage a company's reputation.
Harvey Ewing, senior director of information technology security for Accor North America, said recent high-profile data breaches were one of the deciding factors behind the project.
"I have been in IT security for 10 years and data theft is something you never want to occur. The website privacyrights.org documents 100 million breaches since February 2005 and that is just overwhelming. It has definitely had an impact on my strategy," he said.
The system will enable Accor to meet compliance regulations, including the credit card industry's Payment Card Industry Data Security Standard, as well as state reporting laws, which require firms to publicly announce any data breaches if the data is not encrypted.
Accor plans to integrate the RSA key management technology with its existing Unix-based legacy systems, hotel point-of-sale systems, call centres and internet booking systems.
The technology will initially ensure that all credit card data is encrypted from the time it is entered into a hotel point-of-sale system, through the internet or a call centre, but will ultimately allow all customer data to be encrypted.
"We are looking at credit card information in the first instance, but with ID fraud becoming more common we wanted architecture that is able to encrypt any data. If we decide names and address are confidential we can start to seamlessly encrypt them," said Ewing.
Read David Lacey's security blog