Not sure I agree that it is a breach, poor practice definitely but a breach?
Given that the hotel has a degree of legitimacy in collecting the
information in case the guest does a runner without paying (and having
worked in the hospitality industry it is a common and growing occurrence) I
would argue that there are grounds for processing.
I do accept that there are security concerns but they are no different to
buying concert tickets over the phone and giving the same information to a
ticket agency. What is to say that the ticket agent isn't going to retain
that info and then authorise a payment of £X to buy themselves tickets?
Better practice on the part of the hotel may be to place a charge against
the guest's credit card for £x as a guard against the midnight flit but it
doesn't remove the fact that the hotel has some legitimate grounds to obtain
that information.
Just my twopenneth.
Lee
-----Original Message-----
From: Brenda Scourfield [mailto:[log in to unmask]]
Sent: Thu 19 October 2006 11:44
To: [log in to unmask]
Subject: [data-protection] Hotel keeping card details...
This is obviously a breach.
What happens when you ring up to order something and give your card details
over the phone ? Maybe the person the other end scribbles it down on a piece
of paper and later verifies it with the card company. The piece of paper
later finds its way into the waste bin and the municipal tip.
Also recorded phone calls must keep your card details too for a certain
time. I don't agree that electronic data is more vulnerable, just vulnerable
in a different way.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses using Sophos
anti-virus software.
www.mimesweeper.com
www.sophos.com
**********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|