I've stayed at this property at least a dozen times. Recently improved decor over the average Sleep Inn, very friendly and helpful staff. Often asked to
show an ID at check-in, to which I never object. That's become standard practice at all Starwoods, many Choice, and the occasional Hilton.
Last night I stayed there after a late arrival to DEN, before driving up the mountain today.
To my surprise, the desk clerk required that I hand her my license, because "we have to scan it and store it in the computer".
What an Identity Theft risk! A small business, with a few computers, no in-house CISSP-certified security experts (not that I'd expect that). Much larger businesses with huge Information Security departments and dedicated full-time 24/7 IT support have been hacked and had personally identifiable information/customer sensitive information stolen. TJ Maxx
parent company TJX.
Heartland Data Systems, one of the largest Credit Card Processors in the country.
It was 1am, I was dead tired from 6 weeks on east coast time so it felt like 3am, and it was already well-past chargeable no-show time. So against my better judgement, I checked in anyway, though let the (very nice but clueless about the issue) clerk know my opinion and asked she notify the manager.
This morning I spoke with the GM. She claims the owner decided this was a good idea. He had spoken with some other (not local Aurora/Denver) Police Department about how they'd had an investigation and a hotel was able to not only verify a guest reservation/check-in, but confirm the photo/DL and send it to the police.
I demanded that they send me within a week the following:
1. Their (the hotel's, not Choice's) Privacy policy.
2. Their Data Retention policy.
3. The Data Security policy and what type of HIPS (Host Intrusion Prevention System) they have. (hint, she didn't know what that was.
4. Their patching policy. To which she answered "we don't patch them, we keep them safe by being off the internet".
I really doubt they have a total gap between a pure-internal system and the internet. They also do have outside IT support so people come in to work on it. What about their data destruction policy if they replace a machine or a drive? I could go on and on.
I hate to do this, but FTers and other travelers should know that this hotel is storing enough information to allow hackers to commit various types of identity theft. Not at all accusing their staff, but botnets, maintenance releases (some commercial software has had viruses or trojans). At some point, even if the management doesn't know or understand the details (and why should they, they're not IT), that machine is exposed to the outside world.
Oh, the manager told me that the policy is if someone objects, they then instead do a "visual verification" of the ID. Except their staff hasn't been trained to know that or even to understand that there are good reasons why someone should object. So the very nice helpful clerk demanded it and gave me no choice if I wanted to stay there.
Fraud warning going on my cards after this experience.
Great low-end airport hotel otherwise. I've recommended it before, and was planning more stays there. Cheapest mid-week park-n-fly in the area.
But it's off-limits as far as I'm concerned while they have this dangerous policy.