7 Ways to Protect the Privacy Information of Human Body Existence Sensors in Hotel
Human Body Existence Sensors can more accurately detect the subtle states of micromotion and breathing of the human body, and can even distinguish the activity patterns of different people, so as to provide more detailed and accurate information for the hotel.
But when using human devices with sensors, or technology, how to protect the privacy of the guests is a great concern for many of us.
On the one hand, the human radar sensor is very necessary to capture the dangerous actions of children and the elderly.
On the other hand, more customers are worried that their human behavior data will be leaked out.
Hotel operations can protect customer data from the following seven aspects when using human body sensors.
1. Technical Level
(1) Optimization of Human Body Presence Sensor Design
① Use a Privacy-Friendly Sensor
Choose noninvasive human body sensor technology, such as millimeter wave radar sensors. These sensors can detect people’s activities by detecting the reflected signals of objects. They do not involve visual information and can effectively avoid recording the guest’s appearance, behavior details, and other private content.
② Reduce the Accuracy of the Human Body Presence Sensor
On the premise of meeting the basic operation needs of the hotel, the sensing accuracy of the human body sensor should be appropriately reduced.
For example, the human sensor sensor is only set to detect whether there are people in the room. Still, it is not accurate to the person’s specific location and action details, reducing the amount of private data possible.
③ Sensor Anonymization Processing Exists in the Human Body
Anonymize the data collected by human body sensors, remove or encrypt the information that can directly identify the identity of the guests, such as name, room number, etc.
Through technical means to convert the data into a form that cannot be directly associated with specific guests, ensuring that even if the data leaks, it is difficult to trace back to specific individuals.
(2) Data Encryption and Secure Transmission
① Application of the encryption algorithm
Powerful encryption algorithms such as Advanced Cryptography Standards (AES) are used to encrypt the data collected by the human body sensor. Whether the data is transmitted between the human body sensor and the hotel server, or stored on the server or the cloud, the data is in the form of ciphertext.
Even if the data is illegally obtained, without the decryption key, the attacker cannot interpret the content.
② Secure transmission protocol
Secure transmission protocols, such as SSL / TLS (secure socket layer/transmission layer security) protocol, are adopted to ensure the confidentiality and integrity of the data transmission process.
These protocols use encryption and authentication mechanisms to prevent data from being intercepted during transmission, tampering, or stolen.
(3) System Safety Protection
① Firewall and intrusion detection system
The hotel shall deploy a firewall and intrusion detection/prevention system (IDS / IPS) to monitor and filter network traffic to and out of the hotel network.
Firewalls can prevent unauthorized external access, IDS / IPS can detect and prevent potential network attacks in real-time, such as hackers, malicious software transmission, etc., and protect the server and network security for storing guest privacy data.
② Access control and permission management
Establish a strict access control mechanism to manage the rights of the hotel staff and the system users.
Assign different data access rights according to different positions and responsibilities to ensure that only authorized personnel can access the guest’s private data.
For example, front desk staff can only access the basic occupancy information of the guests, while technical maintenance personnel need to go through a strict approval process to access more sensitive data during system maintenance.
2. Management level
(4) Formulate privacy policies and operating procedures
① Privacy policy formulation
The hotel should have a clear and detailed privacy policy to clearly inform guests about what data the hotel is collecting, how to use it, how to secure the data, and under what circumstances it will share data with third parties.
The privacy policy should comply with relevant laws and regulations, and be displayed to guests in an easy-to-understand way, such as on the hotel’s official website, front desk, guest rooms, and other prominent places.
② Operating process specification
Establish a strict operation process for data collection, storage, use, and sharing.
To stipulate the steps and principles that employees must follow when processing customer data. For example, prohibits employees from collecting additional privacy information from customers without authorization, and requires employees to anonymize processing when using data for service optimization or marketing activities.
(5) Staff training and supervision
① Privacy awareness training
Strengthen the privacy awareness training of hotel staff, so that employees can fully understand the importance of protecting guests ‘privacy and the hotel’s privacy policy.
The training content can include basic knowledge of data security, customer privacy protection case analysis, responsibilities and obligations of employees in the process of data processing, etc. Regular training and assessment, to ensure that employees can correctly process customer data.
② Supervision and punishment for violations
Establish a supervision mechanism to regularly check whether employees’ data processing behaviors comply with privacy policies and operating procedures.
For the employees who violate the privacy regulations, clear punishment measures should be formulated, such as warnings, fines, dismissal, etc., to ensure strict discipline to ensure that the employees strictly comply with the privacy protection requirements.
(6) Supplier management
① Privacy terms and constraints
If the sensor equipment used in the hotel or the relevant technical services are provided by a third-party supplier, the privacy provisions shall be specified in the contract. Ask suppliers to comply with the hotel’s privacy policy and strictly restrict the data processing behavior of suppliers, including the scope of data collection, data security measures, location and duration of data storage, etc.
② Supplier audit and supervision
When selecting suppliers, the privacy protection ability and reputation should be strictly reviewed, and suppliers with good privacy protection records should be selected. During the cooperation process, we will regularly supervise and evaluate the suppliers to ensure that they continuously meet the privacy protection requirements. If the supplier is found to have privacy risks, it shall timely request rectification or terminate the cooperation.
3. Service Level
(7) Guest Authorization and communication
① Clear notification and consent to obtain
When checking in, the hotel shall inform the guest in written or electronic form of the use of the human body sensor technology, including the type of sensors, the functions, the data that may be collected, and the purpose of these data. At the same time, obtain the clear consent of the guests,and let the guests choose whether to accept the application of sensor technology in the guest room.
② Guest feedback channel establishment:
Establish smooth guest feedback channels, such as setting up feedback cards in guest rooms, providing a customer service hotline or online feedback platform, etc. Encourage the guests to put forward opinions and suggestions on privacy protection issues, and the hotel should respond to and deal with the guests ‘feedback in time so that the guests can feel the hotel’s attention to its privacy.
