It’s 2021 and people will (hopefully) soon be back to planning vacations and staying at hotels.

In this 30 minute video for HospitalityNet, Odia Kagan, a partner in Fox Rothschild’s Privacy & Data Security Practice, discussed the five top things hotels should think about relating to data privacy compliance.

  1. Privacy disclosures: Are they complete? Do they talk about offline collection of data too? Are they specific enough? Are they clear?
  2. Do Not Sell My Personal Information link: Do you need one? How do you put one in? Does the California Attorney General care about cookies? (Hint: yes).
  3. California Privacy Rights Act (CPRA): What to do to prepare? Look at data minimization, retention limitation, profiling and privacy risk assessments (DPIA).
  4. Federal Trade Commission: Do you have robust data governance? A person in charge of privacy? internal policies? Data breach response plan?
  5. What can you, in light of the Schrems II decision, do (besides cry) if you are a multinational chain that shares data between EU and U.S. entities?