|
|
|
|
|
|
by ramses0
2754 days ago
|
|
|
The same way you can throw snark at a company for their (lack of) security knowledge, they can do the same for your lack of industry knowledge. Generally, gathering passport data for hoteliers is a legal requirement (see here: https://www.quora.com/Why-do-some-countries-require-a-passpo... ). Now. Agreed. Required to collect v. having available online and hackable for all guests ever is not a best practice, but it's easy to see how a hotel (quite physical-space-intensive, labor-intensive, capital-intensive business) may not have viewed or understood the risks of having this data around. The last time I stayed in a hotel, there was a car whose window was broken in the parking lot (unfortunately). A crime was committed, on hotel property! The question businesses are struggling with is: how can they focus on their business and either government or industry can focus on crime-prevention? |
|
|
Here's my technical view:
That does not mean you have to _have_ the data. Either forward the customer to a government system where they enter the data, then it's the government's fault. Or do escrow: For example, you could store the data encrypted with a public key of the government. Then only they could decrypt it. If someone stole it, there would be no problem. And the government could still view the data.
My political view is that the government has no business asking hotels to collect passport data, or indeed any data on their customers. This is a blatant privacy and data protection violation. The government does not need to know my location at all times. It's deplorable that things have deteriorated this far already.