On May 2, 2014 Adam Tanner, a writer and respected contributor to posted a story that in our opinion accurately reflects information security challenges that put consumers at risk every day.

PrivacyAtlas believes the quotes offered by these companies are flawed and meant to distract the reader from the topic of the article. PrivacyAtlas is focused on informing and protecting the consumer.

Kathryn Potter of the American Hotel and Lodging Association was quoted in the article saying “With the rise in cyber-attacks and resulting data breaches across U.S. industries, many hotel brands, management companies, and owners have consistently made significant improvements to their systems, including providing franchise owners with access to information and training,”

Ms. Potter when it comes to PCI Compliance Hotel Brands are distancing themselves from franchisees.   Please refer to quotes from Vantage Hospitality and Wyndham Hotel Groups that support this statement.

Ms. Potter continues to say in her statement that hotels are making significant improvements “providing franchise owners with access to information and training.”  Access to information and training does not equate to being compliant.  PCI has existed for eight years and merely providing access to information is not sufficient.  None of Ms. Potter’s statements do anything to bolster consumer confidence.

She continues with “the industry is stepping up efforts in light of the growing attention on security.”   Is Ms. Potter saying that consumer protection is now a priority because of the visibility being received and it really wasn’t important previously?

Mr. Leitch VP of Operations for Vantage Hospitality was previously quoted saying,  “America’s Best Value Inn isn’t responsible for the PCI Compliance of the individual locations in the chain.”  Mr. Moyle CFO/COO of Vantage chimed in by questioning PrivacyAtlas’ methodology and assessment process but failed to address his company’s stance on franchise or corporate compliance.

Rich Jeffers, spokesman for Darden Restaurants, whose brands include The Capital Grille, The Yard House, and Olive Garden was quoted saying, “I have doubts about the way he is trying to go about insinuating that we don’t do what we are required to do…..”

PrivacyAtlas has a mature validation and assessment process that was developed in conjunction with Security Assessors, Privacy Attorneys and Security Professionals.  Included as part of the assessment phase is speaking directly with the business owner or general manager, as there is significant value in having that dialogue.

Mr. Jeffers closed his quote bragging about the number of restaurants Darden operates and the number of meals they serve.  However quoting numbers does not address the question Mr. Jeffers. Darden will again dodge the question instead of being forthcoming with their level of compliance.  Darden’s Online Privacy Notice states they may collect and store credit card information along with a large amount of personally identifiable information of their patrons.  Are Darden’s corporate facilities PCI Compliant as well?

Why would companies trusted with personal and financial data of consumers not want to advertise their compliance?  They should not be given a choice.  It is the consumers right to know.

Posted in: Hospitality