It shouldn’t be viewed as a bold statement for a merchant to state they take the responsibility of protecting your personal information and data security seriously. Unfortunately, no one is doing it.

More than 110 million people, over a third of the US population, have been impacted by data breaches within the last year due to security incidents at Target, Michaels, Neiman Marcus, and PF Chang’s amongst others. While the companies have to deal with the public relations and potential regulatory fallout from such an incident, impacted consumers are also often faced with life disrupting changes as they update credit cards or fight the battle to recover from identity theft.

Several years ago, the brands of the Payment Card Industry (Visa, MasterCard, etc…) implemented a collection of rules and requirements for merchants to abide by known as Data Security Standards (DSS). These standards, created to protect consumer’s data from theft, are marketed and promoted as being mandatory; however, in the time following their release, many merchants have yet to fully implement them.

While becoming and staying compliant with the requirements (known as PCI DSS) is not an onerous effort for the average business, too many have neglected to. Whether it is due to the lack of a clear sense of urgency (i.e. need) to do so, or worse, deliberate neglect, consumer’s data is constantly being put at risk without their knowledge.

This has created an opportunity...

Much like companies big and small reacted to the “Going Green” trend over the last decade, socially conscious and compliant merchants who “own” their responsibility to protect their customers should by publicizing it. They should be promoting their actions in the data privacy arena to their customers…. and their competition.

As consumers become increasingly aware of merchants’ fundamental neglect and overarching irresponsibility toward the security of their personal information the time is right for companies to stand up and say “We take your data seriously, we know it is important”.

Much like other business verticals, the hotel industry has sought to leverage any competitive advantage possible in their desire to capture more customers over the years. In the 90’s properties placed coffee pots in the rooms. In the 2000’s the industry has already used custom bedding, high speed Internet and free meals as tactics to draw people in the doors. Green marketers have pulled on the strings of social consciousness to convince customers they could save the earth by doing business with their company.

Wyndham Worldwide, franchisors of more than 7500 hotels across 17 brands, markets themselves as the world’s largest and most diverse hotel company. Like their competition, they have marketed to the competitive offerings above to gain business. They have launched an aggressive “Green” program known simply as Wyndham Green. They have also been negatively impacted by three publically reported data breaches and as a result are currently fighting a complaint filed by the Federal Trade Commission.

They, like many other companies, also have yet to require compliance from the thousands of business owners operating their franchised portfolio. As a result, companies who take an approach to unilaterally require and promote the need for security compliance via standards and education at all levels can market in a way those like Wyndham are unable to today.

At a time when consumers should now be thinking about saving themselves from identity or data theft, companies should be letting consumers know where they can feel a bit safer. While the environment is important and we all care to protect it… is the consumer not equally important? Isn’t the consumer the very reason merchants are in business? It is time to protect the customer – and those who are doing it will be well positioned to seize this existing opportunity as consumer awareness grows.

PrivacyAtlas ( is a fast growing consumer advocacy site where individuals can check on the reported compliancy of merchants across many business verticals inclusive of hospitality (hotels, restaurants, car rentals) and retail as they make their purchasing decisions. Businesses can update the accuracy of their listings by sending an email to

Posted by:Brian Lombra

Posted in: Hospitality