Back to news menu

Study points to breach of personal data by hotel chains

 A study published by Symantec, a digital security company, showed that two out of three hotels accidentally disclose their guests’ personal data. The survey, based on more than 1,500 hotel websites in 54 countries, found that the breach of information reaches the name, e-mail address, credit card details, and passports of individuals.

Companies that receive leaked data include advertising and data analysis companies, which then are able to manage guest accounts and access further personal information that is kept in the websites’ systems.

The new Brazilian Law on Personal Data Protection (Law 13,709/18) defines personal data as all “information related to an identified or identifiable individual“, and requires that the entities responsible for its storage adopt security measures capable of protecting such data from unauthorized access and accidental or unlawful situations of inappropriate processing.

Law 13,709/18 will come into force only in 2020, when the applicable penalties for the violation of the guests’ personal data will include a warning to the hotels and a fine of up to 2% (two per cent) of the companies’ revenues.

More information, in Portuguese, is available at