Modernizing Authentication — What It Takes to Transform Secure Access
He suggests creating liaisons at multiple levels throughout a company to help integrate IT staff into the business.
"People should not just sit there listening to white noise and coding all day," he adds.
"They should meet with the people they are coding for. Organizations that really understand privacy and security are making that happen."
Hilton's OnQ project created a common support system, proprietary software to handle payroll, reservations and marketing for all of Hilton's brands: Hampton Inns, Homewood Suites, Embassy Suites, Doubletree, Hilton Garden Inns, Hilton and the luxury Conrad brand.
"Personally identifiable information controls were considered a business requirement in design discussions for OnQ system," says Harvey.
"We knew it was the right thing to do for the customer."
With OnQ now providing consistent technology networked across all 2,200 hotels, Hilton can come up with a single, consistent view of every customermore than 22 million of them a year. The Hilton HHonors loyalty program and centralized reservation capacity are important contributors to the company's growing revenue line and its relations with franchisees. But information on customer history and preferences, including the choice of opting in to the HHonors program, is sensitive stuff.
Still, privacy is a relative bargain. Harvey's staff of about 500 IT professionals spends about $5 million per year, out of a $130 million budget, on privacy and security safeguards such as encryption and identity management.
Hilton is still working on ways to use information about guests who do not join its loyalty program. The systems are in place to contact frequent guests via e-mail, and to prompt staff to welcome them back at check-in, but it's a sticky subject, so not every capability is currently used.
"If someone stays ten times across the Hilton family of hotels, our front-desk people need to know he's a valued customer," says Harvey.
"But just how to communicate with people who haven't opted in is a problem. At this point, we don't do it very well."
Calculating and communicating the business value of customer information privacy also remains a challenge.
"Little did they know we had been working for a year on it. We never had a philosophy at this company of selling lists. We are still feeling our way along, and balancing our abilities with our vision. But selling customer information is very far from our imperatives for brand success."