Privacy and personalization in hospitality starts with permission

|In Hotels

Back in 1998, the book, Permission Marketing: Turning strangers into friends and friends into customers, was released to help marketers deal with the “attention crisis” happening in America.  At that time, the web wasn’t even mainstream, and yet we still had an attention crisis.  What does that say about today with over 65 billion indexed webpages vying for our eyeballs and ears?

A decade later, the author published a blog post on the same topic - a sign that marketers still “weren’t getting it” or were just ignoring it.

“Permission marketing is the privilege (not the right) of delivering anticipated, personal, and relevant messages to people who actually want to get them.”

Seth Godin

More than twenty years after the launch of Godin’s bestseller, we have witnessed exponential growth of digital content and the rampant exploitation of people’s personal information in advertising as a result.  And in the hospitality sector, numerous data breaches at major hotel chains have shaken traveler trust to its core.


Free Download: The Art of Retention in Hospitality


Trust takes years to build, seconds to break, and forever to repair

It probably goes without saying, but the foundation upon which to build brand loyalty is trust.  This is particularly evident when it comes to respecting people’s privacy and protecting their data. 

In a recent IBM Cybersecurity and Privacy Research survey, 78% of Americans believe data privacy policies are “extremely important.”  However, only 20% of US citizens “completely trust” the businesses that store and control their personal data.  Bridging the trust gap is going to take some serious work.

In Skift’s 2018 Personalization Dilemma in Travel study, less than 11% of respondents said they would be willing to share their personal information with travel companies.   And when asked if they would like to receive personalized offerings from travel companies based on the company’s knowledge of what the person might like, 67% said no; only 10% said yes. 

The following year, multichannel behavior marketing platform, SmarterHQ, unveiled the results of its Privacy & Personalization study.  One of the insights that caught my attention was the companies and industries consumers believe are using their data responsibly. 

Companies and industries consumers believe are using their data responsibly

A chart showing companies and industries that consumers believe are using their data responsibly, with Amazon placing first, and Banks second.

Did the answers surprise you? 

I would have hoped that hotels and resorts would have fared better.  But given what a threat researcher at Symantec discovered in the spring of 2019, I’m not so surprised now. 

In his extensive testing of 1,500 two- to five-star resort websites in 54 countries, he found that 67% of them leak guest booking details that open up access to personal information.  The majority of offending hotels exposed the following personal data of their booked guests:

  • Full name
  • Email address
  • Postal address
  • Mobile phone number
  • Last four digits of credit card, card type, and expiration date
  • Passport number

Talk about opening the door to identity theft!

When the researcher contacted the data privacy officers at the leaky hotels to inform them, the response was not what he’d hope for.  Many were very slow to respond, and some admitted that they were still updating their systems to comply with the European Union General Data Protection Regulation (GPDR)- a regulation that came into effect a whole year before!

Given the tenuous nature of trust, it’s time for hotels to make data privacy Priority No. 1 in 2020.


GDPR and CCPA to the rescue?  Maybe.

There’s been a lot of buzz lately about how GDPR and the California Consumer Privacy Act (CCPA) will impact businesses.  And although I have studied them at length to ensure we at PressReader conform to the regulations throughout our systems, you don’t need me to give you the lowdown on what they mean for your hotel.  There are more than enough experts out there who can educate those who need more information.  Instead, I want to talk about the opportunities and threats these regulations bring to the hospitality space. 

Many advocates of the regulations hope that they will help put a stop to privacy abuse in the hotel industry, but it won’t be easy.  Bad behavior is a hard habit to break, and the loopholes within the CCPA are ripe for abuse. 

One area I find particularly concerning is the Act’s exception that personal information can be used or shared when necessary to perform a “business purpose.”  That can include providing advertising or marketing services, analytic services, or “similar services” on behalf of the business or service provider.

There are more holes in this exception than in Swiss cheese!

Allowing personal data to be used in advertising and other “similar services” opens the door to the same widespread abuse we’ve been experiencing for decades.  Even companies in the advertising sector are concerned.

Before GDPR came into effect, hotels were like most other brands, struggling with the mayhem that comes with digital transformation.  Hotel brands expected to be able to reach out and touch anyone in the digital world with their content and advertising without asking permission and then follow us around the webosphere with their remarketing.

GDPR and CCPA give us a chance to reverse that practice and regain the confidence and attention of travelers.  But that will only work if we embrace real permission-based marketing, adhere to the laws that protect citizens’ data, and treat people with the respect we all deserve.


Personalization: it’s complicated

Personalization is a double-edged sword.  It’s great when we receive special offers that appeal to our passions and interests, but those experiences are few and far between.  Too often, we find ourselves digitally stalked by brands.  It’s gone beyond creepy and particularly invasive when the ads are pushed to me on my phone — part of my personal space that should be off-limits. 75% of consumers agree with me, and  63% said they would stop purchasing products and services from companies that take creepy marketing too far. 

At the end of the day, it all comes down to consent.  All of these acts and regulations are not preventing companies from reaching out to people with highly personalized communication pieces, but the user needs to explicitly agree to receive them. 

Personalization done well is powerful

Bond research found that when personalization is done well, brands see a 6.4X lift in customer satisfaction.  In addition, loyalty members become advocates for the brand, stay longer on the site, and spend more money.

The ROI on personalization is significant.   So why do so many businesses get it wrong?  I’m not sure, but it may have something to do with them putting the company’s purse before the person.   They are so focused on their bottom lines that they forget what their real purpose as a brand should be.

If you’re struggling with this as many companies do, take a look at Richard Branson’s philosophy.

“From my very first day as an entrepreneur, I've felt the only mission worth pursuing in business is to make people's lives better. There's no point in starting a business unless you're going to make a dramatic difference to other people's lives.”

Personalization done well, focuses on the person, not the purse.  It’s about building relationships, not broadcasting ads across the net.  The revenue will follow.

Inspiring personalization

Consumers’ interactions with brands like Spotify, Netflix, and Amazon have taught us what’s possible in terms of a quality personalized experience that predicts what we want and need.

Spotify’s personalized playlists for members is a great example of putting the person first without any guarantees of rewards — it’s like a gift with ribbons, not strings, attached. 

I’m often pleasantly surprised when I get my unique Discover Weekly mix of songs based on my listening practices.  It’s amazing how well Spotify’s algorithms can predict what I might like. No wonder its churn rate continues to drop.   

Personalization, a pillar of Netflix’s recommendation algorithm, gives each user a different view of the Netflix content based on their interests and behaviors.  This lets the company expand a member’s interests over time and allows Netflix to not have just one Netflix product but hundreds of millions of products: one for each user’s profile.

A few years ago, Netflix CEO Reed Hastings said that its biggest competitor wasn’t HBO or Amazon as one might expect; it was sleep.  This insight is an excellent example of a company that understands its customers and focuses on them rather than real or imagined corporate challengers. 

Netflix quarterly revenue by region (US$ B)

A chart showing Netflix's quarterly revenue by region in US dollars.


Amazon has always been ahead of the corporate curve when it comes to putting the person first.  In 1999 it took the road less traveled to improve its customers’ online experience by offering them one-click purchasing — a novel idea that allowed buyers to save their shipping and payment details on the platform.  Almost every online business since then has adopted the same practice.

In 2010 Amazon launched its first recommendation engine that presented products based on a user’s previous purchases, searches, ratings, and browsing behavior.  Today, ~35% of sales come from Amazon recommendations.  Intelligent use of personal data leads to happy customers and a high ROI.

Then came Amazon Prime - a smorgasbord of services for an incredibly low price.  The benefits are so generous that it makes one wonder how the program actually makes money.  The free shipping alone must put the service in the red.  But you should see PressReader’s reception area.  Every day it’s chocked full of Amazon boxes waiting to be picked up by employees who use the company as their mailing address.  

In April 2019, Amazon told its investors that it would spend US$800M in Q2 to switch from 2-day shipping to 1-day for its Prime members.  Alison Griswold at Quartz called it “a quintessential Amazon undertaking: expensive, audacious, and relentlessly customer-oriented.”  I couldn’t agree more.  Hotel loyalty programs could learn a lot from Amazon Prime. 


Personalization in hospitality

It wasn’t all that long ago that personalization in the hospitality industry was more of a wish than a reality.  Given their use of so many disparate legacy platforms that couldn’t communicate with each other, it’s not surprising.  Access to guest data was complicated and challenging.  And the introduction of OTAs in the booking process introduced even more barriers to access guest information.

Today, most hotel brands are investing in AI and machine learning to drive online bookings — a strategy that grows revenue, but really doesn’t address the personal needs of guests. I can’t tell you how many times I’ve been frustrated by the front desk employee’s question, “Have you ever stayed with us before, Mr. Malyarov?” 

Why don’t they have that information about me at their fingertips?  It’s not rocket science; it’s just not a priority for that hotel.

Marriott is an exception.  It is taking personalization down a more consumer-centric path.  It partnered with Salesforce to store a “360-degree view of each guests' profile” in their customer recognition hub.  This allows Marriott employees to get to know guests better so they can improve their experience with the brand.  This person-focused strategy results in a better ROI for the hotel, but it does it in a way that serves the person first. Know me so you can show me a better time at your hotel!


Pay attention, and for attention

French philosopher Simone Weil once wrote, “Attention is the rarest and purest form of generosity.”
Unfortunately, often our attention is not consciously given, but rather grabbed. Email grabs our attention, text messages grab our attention, mobile alerts and social media grab our attention. Even when we try to focus on a blog post or story, trashy banner and video ads do everything in their power to steal our attention.
These are what author and Columbia Law School professor Tim Wu calls the “harvesters of human attention.” These Attention Merchants continually parade diversions in front of us  diversions that can lead to distraction sickness.
Acknowledging that it’s every person’s right to privacy means that if we want someone’s attention, we need to pay for it with what they consider valuable, not what we want to give them.
We know what people want; it’s what we all want – quality, personalized experiences at the right time, in the right location, at the right price.


It’s all about transparency, control, and choice

Gartner estimates that by 2020, organizations that adhere to best practices for protecting their customers’ privacy will gain 10% more in revenue over competitors that don’t.

Steven Taylor, chief revenue officer for Sojern, said at the Skift Global Forum last year that regulation is a good thing for both the consumer and business because it keeps the brand on the straight and narrow and makes it do the right thing.  

His question for all of us is a good one, “Are we collecting user data fundamentally and essentially to create more value for our guest? And can that guest see and exercise some control over that data?” 

If our answer to both is yes, then we’re halfway to complying with both GDPR and CCPA and giving our customers what they want and need.  If the answer is anything else, then we have a lot of work to do, and we better get started!


The Art of Retention in Hospitality


 New call-to-action


Related Articles