Hilton HHonors - No Privacy at Hilton Hotels

I subscribe to Ed Foster's Gripeline weblog, which typically concerns itself with issues that customers experience with technology products. Today's newsletter caught my eye:


By the nature of their business, you'd think hoteliers would have some concern for their customers' privacy. To judge by their privacy and website terms, however, Hilton.com thinks publishing your credit card number is within its rights.

A few days ago, a reader was trying to book a room for the 4th of July at an Embassy Suites, one of many hotel chains owned by Hilton Hotels Corporation (HHC). "When I was about to reserve through their site, which was running a deal better than Travelocity offered, I decided to glance at the privacy clause," wrote the reader. "I found it to be quite interesting. Go to www.hilton.com and click on 'Privacy & Security' and then read section IV. See if I'm interpreting it correctly. The way I read it, all information that you submit as part of a transaction, like booking a room, is now theirs. They reserve the right to do whatever they want with the info, including publish it. That info would include my name, address, credit card number, etc. I booked with Sheraton instead."

Well, yes, I'd say the reader was interpreting it correctly. "You agree that HHC shall own all Information," Hilton's terms state baldly. Further, it says that "such Information belongs to HHC and is not personal or private proprietary information ... (and) may be processed, used, reproduced, modified, adapted, translated, used to create derivative works, shared, published and distributed by HHC in its sole and absolute discretion in any media and manner irrevocably in perpetuity in any location throughout the universe..." Nowhere in the 7000-plus words of what's supposedly a privacy policy does Hilton put any constraints or limitations on how it may use information supplied by customers on its websites.


full article (http://www.gripe2ed.com/scoop/story/2004/6/24/84919/0676)

I read the article. Hilton's website privacy policy might be hilarious, but dangerous? Come on! Just because Hilton gave itself permission to publish your name and address, doesn't mean it is going to do so -- I think there is a greater chance of the Pope converting to Wicca. Save the stress for something that really matters.

I read the article. Hilton's website privacy policy might be hilarious, but dangerous? Come on! Just because Hilton gave itself permission to publish your name and address, doesn't mean it is going to do so -- I think there is a greater chance of the Pope converting to Wicca. Save the stress for something that really matters.

It's not just your name and address! It is anything you enter, including credit card information. If they cause you any damage through their negligence, finacial or otherwise, you will have no recourse.

Read the entire statement!

http://www.hilton.com/en/hi/info/privacy_security.jhtml

Thanks for posting this, LarryU. I'll place my bet on Hilton (or an employee)selling information, before the pope changes to wicca.

It's not just your name and address! It is anything you enter, including credit card information. If they cause you any damage through their negligence, finacial or otherwise, you will have no recourse.

Read the entire statement!

http://www.hilton.com/en/hi/info/privacy_security.jhtml

First of all, I'm not going to go and look, but I would wager that pretty much any hotel web page that you book rooms through has similar terms and conditions. The odds are that the Sheraton site this person subsequently used provides the same terms and conditions.

Secondly, its simply NOT true that you have no recourse. Its the same situation as when you park in a public parking garage. You know how your little ticket and the sign when you enter both see something to the effect of "the garage disclaims all liability for damages suffered to your car while you are parked here"? One of the first things we learned in my law school torts class was that, surprise surprise, even with that little disclaimer, they are still liable if your car gets messed up. They put that there becuase most people will assume that they can't sue and won't. Its the same thing here. Many people probably wouldn't think to sue when confronted with this clause, but that doesn't mean you can't if Hilton does something careless with your information and you suffer damages because of it.

Anyway, its highly unlikely Hilton is going to pass along your name and address to other people, much less your credit card information. The former would run the risk of alienating numerous customers and do far more harm then the limited profit they would yield by selling the data would warrant. The latter could create numerous problems.. including, if used for illegal purposes (and this is probably a stretch but it could happen and someone might try to make the charge if it did), possibly subjecting them to some type of criminal charges for passing credit card information. Somehow I doubt that that is the type of reputation or publicity Hilton wants to get.

Thanks for posting this, LarryU. I'll place my bet on Hilton (or an employee)selling information, before the pope changes to wicca.


Good call, I bet a AOL employee would never sell their client list to a SPAMER. :D

I read the article. Hilton's website privacy policy might be hilarious, but dangerous? Come on! Just because Hilton gave itself permission to publish your name and address, doesn't mean it is going to do so -- I think there is a greater chance of the Pope converting to Wicca. Save the stress for something that really matters.

Those who write those Hilton Terms look EXACTLY for these statements from their customers. Probably a reason why advertisements from properties I never will go to make it to my postal mail box, rather than from properties where I really go to stay.

Thanks to the OP for posting that! Good consumer information to know! ^

I had to hit the "page down" button 24 times to scan (but not read) the document. I wonder how much this cost HH to produce.

MisterNice

I had to hit the "page down" button 24 times to scan (but not read) the document. I wonder how much this cost HH to produce.

MisterNice

We play the Internet game and give out all our details on any number of sites....

To Say Hilton is in someway guilty of possibly violating our security is violating logging on to the Internet! If you do NOT trust the internet...SIMPLE! DONT USE IT! Walk In to a property and book your room!

Identity Theft, Etc Etc is the bane of the Internet these days......If you are concerned about this.....Then do what you feel you need to protect yourself!!!!!!!!!

But dont blame technology for YOUR failure! YOU AND YOU ALONE make the decision to give out your information and if you dont read the fine print of ANY website....Well....Whos the fool??????????????

You tell me?

Just be aware of what you opt into...Whatever site or program or great deal!

READ THE TERMS AND SPECIFICS!

Its easy to click ok.....Down the road ITS HARD to reverse it.....

My 2 Cents...

Just because a company posts terms and conditions doesn't mean it is law. Do you really think that garbage would hold up in court? Of course not. I don't worry about it - their pockets are deep enough.

Evidently in response to quite a few complaints, Hilton posted a new privacy policy (http://www.hilton.com/en/hi/info/privacy_security.jhtml) on July 1st. Ed Foster's comments from his July 6th newsletter:


Will customers really bother to compare the sneakwrap agreements of competing vendors and choose the one with the best terms? Well, we just had a real world test of that question, and the customers passed with flying colors.

--------------------------------------------------------------------------------
My June 24th GripeLog column examined the remarkable document that at the time was posted as both privacy policy and website usage agreement for Hilton.com and its various brands, such as Conrad, Doubletree, and Embassy Suites. While pretty bad as terms of service go, it was even worse as a privacy policy. Rather than offering any assurances of how it would protect customer privacy, Hilton asserted it had complete ownership of all information collected from customers on its websites to do with as it pleased.

Perhaps because some were still making travel plans for the 4th of July, many readers decided to compare Hilton's terms to those of other hotels. "I was appalled at the disclosure policy for the Hilton Hotels," wrote one reader. "My question is if this an industry standard, or are they way out of the norm. I am staying at a Holiday Inn this weekend, so I popped to their site and read their privacy policy. This looks very good by my review, a further contrast with the Hilton site."

Indeed, not only was there a clear contrast between Hilton and Holiday Inns/Intercontinental, but readers also identified Choice, Marriott, Sheraton, and Westin Hotels as all having reasonable privacy policies in comparison to the Hilton brands. And they didn't just report this to me - they reported it to Hilton, too.


Full Article (http://www.gripe2ed.com/scoop/story/2004/7/6/04029/44897)

Hilton has changed their privacy policy in a positive direction, but hasn't updated what they can do with HHonors information.

More at;
http://weblog.infoworld.com/foster/2004/07/06.html#a124

An excerpt:
"Indeed, not only was there a clear contrast between Hilton and Holiday Inns/Intercontinental, but readers also identified Choice, Marriott, Sheraton, and Westin Hotels as all having reasonable privacy policies in comparison to the Hilton brands. And they didn't just report this to me - they reported it to Hilton, too.

"I have directed my company travel agent to NEVER place me in another Hilton-owned hotel until I receive written notice that you have changed your policy to protect my private information," one reader quoted his letter to Hilton. "I hope you understand that I, and my friends, family, and business associates all consider identity fraud a serious problem, and we are intelligent enough to recognize that your privacy statement is contrary to our interests, contrary to good business principles, and totally unacceptable. I have enjoyed the Hiltons and Embassy Suites I have stayed at. I am sad that I will stay there no more."

Some readers also said they were asking their corporate travel departments to re-evaluate their relationship with Hilton. "These policies are completely over the top," wrote a reader who was one of several pointing out that the terms for Hilton's HHonors frequent visitor program also contain some very dubious privacy provisions. "My department alone spends millions with Hilton every year, and there is no way we will tolerate this if Hilton doesn't change its ways very quickly."

One way or another, it would appear Hilton got the message. On July 1st Hilton and its subsidiaries posted a new privacy policy, separate from its website usage agreement and much more in line with the privacy policies of the other hotel chains. And, while Hilton's revised website usage agreement still has a decidedly UCITA-like aspect in its concept of contract formation, at least the all-your-informations-are-belonging-to-us stuff has been removed. (At this point, however, the dubious HHonors privacy language remains as it was.)"

Well, if you feel that strongly about it, then move to the other chains. Hilton's loss; their gain. I'm in the Pope/wicca camp (now what's wicca? :D).