Safety and Security in Tourism and Hospitality PDF

Chapter 3 Security Management in Tourism and Hospitality Ms. Kathrine Camille Nagal, MBA Facilitator Presentation Outline 1. Types of Security in hotels 2. Security Measures adopted by hotels 3. Information/ data Management 4. Security Crisis Management Plan Element 3. Information / Data Management DATA “life blood” Flows between systems, databases, processes, and departments Carries with it the ability to make the organization smarter and more effective. DATA RIGHT DATA ORGANIZATION IMPACT Appropriate Process DATA in the Organization 1. Essential to make well- informed decisions 2. Guide and measure the achievement of the organizational strategy PROCESS IMPROVEMENT 3. Determine the optimal enforcement actions SAVINGS 4. Reduce non-compliant behavior Data & Information Management Set of people, processes, and technologies Creation Collection INFORMATION Storage ASSET Exploitation Disposal DATA MANAGEMENT Subset of information management Data management the process of creating, obtaining, transforming, sharing, protecting, documenting and preserving data. DATA ASSET Core part of defining, designing, and constructing their systems and databases. Customer Confidential Information Information of Customer Name, date of birth, age, sex and address not generally known to the Current contact details of family public Bank details Medical history or records Personal care issues Service records and file progress notes Individual personal plans Assessments or reports Intellectual Property Property that includes intangible creations of the human intellect Trade Secrets Intellectual Formulas, practices, processes, designs, instruments, Property patterns, or compilations of information that have inherent economic value. Trademarks Recognizable sign, design, or expression which identifies products or services. Copyrights Gives its owner the exclusive right to make copies of a creative work, usually for a limited time. Patent Gives its owner the legal right to exclude others from making, using, or selling an invention for a limited period of years. Cybercrime Computer Oriented Crime Computer and a Network The computer may have been used in the commission of a crime, or it may be the target. May threaten a person or a nation's security and financial health. Cybercrime 1. Access a user’s personal information 2. Confidential business information 3. Government information 4. Disable a device 5. Sell or elicit the information online. CYBERCRIME Crimes that target Crimes using devices to networks or participate in devices criminal activities Viruses Phishing Emails Malware Cyberstalking DoS Attacks Identity Theft Crimes that target networks or devices Viruses When executed, replicates itself by modifying other computer programs and inserting its own code. When this replication succeeds, the affected areas are then said to be "infected" with a computer virus. Malware Any software intentionally designed to cause damage to a computer, server, client, or computer network. DoS Attacks The perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Devices to participate in criminal activities Phishing Emails Online scam where criminals send an email that appears to be from a legitimate company and ask you to provide sensitive information. Cyberstalking Use of the Internet or other electronic means to stalk or harass an individual, group, or organization. Identity Theft Use of someone else's identity, usually as a method to gain a financial advantage or obtain credit and other benefits in the other person's name. Republic Act 10173 : Data Privacy Act of 2012 e S ta te to p ro tect the of th It is the policy g h t of privacy, of h u m a n ri fundamental e n su ri n g fr e e flow of while communication te in novation and p ro m o information to growth. s th e v ita l role of o gn ize The State rec n ica ti o n s te chnology com m u information and s in h e re nt obligation to in g a n d it in nation-build l in formation in p e rs o n a ensure that n ic a ti o n s systems in c o m m u information and th e p ri v a te sector are a n d in the government cted. secured and prote SEC 20 : Security of Personal Personal information controller Information A person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf. Guidelines 1. Safeguards to protect its computer network against accidental, unlawful or unauthorized usage or interference with or hindering of their functioning or availability; 2. A security policy with respect to the processing of personal information; 3. A process for identifying and accessing reasonably foreseeable vulnerabilities in its computer networks, and for taking preventive, corrective and mitigating action against security incidents that can lead to a security breach; and 4. Regular monitoring for security breaches and a process for taking preventive, corrective and mitigating action against security incidents that can lead to a security breach. Republic Act 10173 PENALTIES SEC. 25. Unauthorized Processing of Personal Information and Sensitive Personal Information. Unauthorized Processing of Personal Information (PENALTY) Shall be imposed on persons who process personal information without the consent of the data subject, or without being authorized under this Act or any existing law. IMPRISONMENT 1-3 years Not less than 500k but not more than FINE 2M SEC. 25. Unauthorized Processing of Personal Information and Sensitive Personal Information. The unauthorized processing of personal sensitive information (PENALTY) Shall be imposed on persons who process personal information without the consent of the data subject, or without being authorized under this Act or any existing law. IMPRISONMENT 3-6 years Not less than php 500k but not more FINE than 4M SEC. 26. Accessing Personal Information and Sensitive Personal Information Due to Negligence. Accessing personal information due to negligence (PENALTY) Shall be imposed on persons who, due to negligence, provided access to personal information without being authorized under this Act or any existing law. IMPRISONMENT 1-3 years Not less than 500k but not more than FINE 2M SEC. 26. Accessing Personal Information and Sensitive Personal Information Due to Negligence. Accessing sensitive personal information (PENALTY) Shall be imposed on persons who, due to negligence, provided access to personal information without being authorized under this Act or any existing law. IMPRISONMENT 3-6 years Not less than 500k but not more than FINE 4M SEC. 27. Improper Disposal of Personal Information and Sensitive Personal Information The improper disposal of personal information (PENALTY) Shall be imposed on persons who knowingly or negligently dispose, discard or abandon the personal information of an individual in an area accessible to the public or has otherwise placed the personal information of an individual in its container for trash collection. IMPRISONMENT 6 months – 2 years Not less than 100K but not more than FINE 500K SEC. 27. Improper Disposal of Personal Information and Sensitive Personal Information The improper disposal of sensitive personal information (PENALTY) Shall be imposed on persons who knowingly or negligently dispose, discard or abandon the personal information of an individual in an area accessible to the public or has otherwise placed the personal information of an individual in its container for trash collection. IMPRISONMENT 1-3 years Not less than 100k but not more than FINE 1M SEC. 28. Processing of Personal Information and Sensitive Personal Information for Unauthorized Purposes The processing of personal information for unauthorized purposes (PENALTY) Shall be imposed on persons processing personal information for purposes not authorized by the data subject, or otherwise authorized under this Act or under existing laws. IMPRISONMENT 1 year and 6 months –5 years Not less than 500K but not more than FINE 1M SEC. 28. Processing of Personal Information and Sensitive Personal Information for Unauthorized Purposes The processing of sensitive personal information for unauthorized purposes (PENALTY) Shall be imposed on persons processing personal information for purposes not authorized by the data subject, or otherwise authorized under this Act or under existing laws. IMPRISONMENT 2-7 years Not less than 500k but not more than FINE 2M SEC. 29. Unauthorized Access or Intentional Breach Shall be imposed on persons who knowingly and unlawfully, or violating data confidentiality and security data systems, breaks in any way into any system where personal and sensitive personal information is stored. IMPRISONMENT 1-3 years Not less than 500k but not more than FINE 2M SEC. 30. Concealment of Security Breaches Involving Sensitive Personal Information Shall be imposed on persons who, after having knowledge of a security breach and of the obligation to notify the Commission pursuant to Section 20(f), intentionally or by omission conceals the fact of such security breach. IMPRISONMENT 1 year and 6 months –5 years Not less than 500k but not more than FINE 1M Element 2. Crisis Management Plan Crisis Management Plan (CMP) It is a document that describes the processes that an organization should use to respond to a critical situation that could adversely affect its profitability, reputation or ability to operate. Used by business continuity, emergency management, crisis management and damage assessment teams Prevent or minimize damages and provide guidelines for personnel, resources and communications. Crisis Management Planning Process Preparation Testing Training Development 1. Determine the crisis Process management team members. Preparation Testing Training 2. Document the criteria for Development determining whether a crisis has occurred. 3. Establish monitoring systems and practices for early warning of possible crisis situations. 4. Specify the spokesperson in the event of a crisis. 5. Provide a list of the main emergency contacts. 6. Document who should be notified in the event of a crisis and how this notification should occur. 7. Identify a process for assessing the incident, its potential severity and how it will affect the building and employees. Preparation Process Testing Training 8. Identify procedures to respond to Development the crisis and define safe places where employees can go in an emergency. 9. Develop a process to test the effectiveness of the crisis management plan and update it on a regular basis. Crisis Management Plan LEGENDS: 1 - The Personnel-In-Charge (PIC) will immediately report to stakeholder and program chair 2A - The stakeholders pertain to tour guide, tour operator and any representative from the Local Government Unit (LGU) 2B – The program chair is the head of each department who will report to the Dean and to the parents of the concerned student/s 3A – The Dean will report to the Regent of the College 3B- The parents will coordinate with the program chair 4 – The Regent or the Dean will convene the College Administrators for appropriate action Reference https://www.privacy.gov.ph/implementing-rules-and-regulations-of- republic-act-no-10173-known-as-the-data-privacy-act-of-2012/ https://nexttourismgeneration.eu/cybersecurity-in-tourism- hospitality-the-urge-of-protecting-customer-data/ https://searchdisasterrecovery.techtarget.com/definition/crisis- management-plan-CMP

Safety and Security in Tourism and Hospitality PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue