Week 2 – Guest Relations Office; letter
This week, your internship assignment is with the company’s Guest Relations office.
You have been asked to draft a letter to guests to address concerns about the impacts of possible cyber-attacks. This particular letter should reassure guests that the company is taking positive steps to protect guest privacy. The guests’ concerns extend beyond privacy of information in databases. There have been news reports detailing situations where hackers have attacked internal building monitoring and control systems to spy on guests and invade their privacy.
In order to write an effective notification letter, it is first necessary to understand the legal requirements for such a letter. This Data Security Breach Notice Letter guidance document from Hutnik, Kelley Drye & Warren LLP provides guidance for companies facing the need to write notification letters. Second, you should consider the technical and people perspectives which guide the incident-specific content required for such a letter.
From a technical perspective, this type of attack is a data security problem because the attackers are stealing data by attacking at the point of creation (data at rest) and then along the transmission paths (data in transit). The impact of this type of attack is a loss of confidentiality.
From a people perspective, this type of attack is viewed as an attack on the privacy of guests and is categorized as a loss of privacy.
Managers need to address this problem from all three perspectives. With internal technical staff, the conversation would revolve around data security. But, with guests and Guest Relations staff, the conversation needs to address concerns about the possible loss of privacy. For both audiences, the conversation needs to take place in a manner that will not expose the company to avoidable legal difficulties.
Next, we must consider the required “tone” for such a letter. The letter must be factual but, more importantly, it is necessary to show an appropriate amount of empathy and understanding for the recipient’s feelings. Empathy and emotional intelligence are important leadership skills for managers.
Having empathy and/or acting in an empathetic manner (aware of and sensitive to the emotions of guests and customers), allows a manager to respond appropriately when a cyberattack occurs. As you write this letter, you will need to find a balance between addressing the emotional aspects of a cyberattack (need for a supportive and calming response — less information may be best) and the need to develop trust by providing information about a situation which can invoke fear and concern.
To learn more about emotional intelligence, read this definition of Emotional Intelligence and this discussion article about What Emotional Intelligence Is and Is Not. Then, read about three types of empathy https://www.huffingtonpost.com/entry/types-of-empathy_us_56f171cde4b03a640a6bcc17.
Finally, read one or more of these articles about cyber attacks that can affect hotel operations and create fear and concern among guests and employees.
- Hackers use ransomware to target hotel guests’ door locks
- Is Hotel Wifi Safe? No, and here’s why
- 20 hotels suffer hack costing tens of thousands their credit card information
Using what you’ve learned about data security AND emotional intelligence, draft a letter that Padgett-Beale could use to inform and calm its guests should a similar cyberattack (door locks, guest WiFi access, or credit card Point-of-Sale breach) affect one of the company’s hotel properties. Your draft letter will also be used to train employees in how they can and should respond to guest concerns.
Please note: “draft” means that your letter has not yet been reviewed and approved for publication. Your letter should be fully polished and contain no errors in style, grammar, word choice, grammar, etc.