In message <[log in to unmask]>, at 09:42:50
on Tue, 26 Aug 2008, Jethro R Binks <[log in to unmask]> writes
>> Late last night I picked up another part of this story where Best Western
>> states that the breach only affected 13 people.
>
>Best Western UK website has a link to their statement which gives their
>version of events ("don't panic, crap journalism" would be a summary).
Their statement confirms what I had suspected about the breach, with a
couple of exceptions. That's the inability of someone logged into a
hotel to access reservations at another BW hotel (surely a major
customer service inconvenience for someone touring around from hotel to
hotel and wanting to check their next port of call) and the purging of
data after seven days.
As the latter goes against all anti-terrorist and other "data retention"
initiatives (as well as their "Club Card" records), I expect that the
data is removed from the hotel's front desk computer but remains stored
somewhere else.
I have always regarded Best Western as a "Franchise", where each hotel
is independently run and the Best Western brand is just a high class
bookings agency. Can anyone confirm that? If true, it would confirm each
hotel not being able to access another hotel's financial data (but as a
customer I'd still expect to be have the benefit of centralised booking
information).
What a complicated life we all lead when interfacing with multi-national
concerns like this, and trying to work out who has access to which data
about us!
--
Roland Perry
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|