Security used to mean safes and locks. Today, it has much to do with guarding against cyber thieves eager to use a person's identity for illegal purposes. Harvey Ewing, senior director of information technology security for Accor North America has forged a strategy called defense in depth, or DID. “We're trying to be proactive with our consumer data,” he says. “When we request name, address and credit card number, our goal is to keep that data as secure as possible.”

To make the customer feel secure and meet regulatory requirements, Accor North America uses encryption.

“You create a jumble of characters and letters from something that once had significance, like a credit card number or a message. An electronic key has the ability to scramble and descramble the message.”

To accomplish that, Accor turns to RSA, a firm that provides the foundation to allow encryption between all of Accor's systems. “The trick is to share the key between a property and a central reservations system so they can share data,” Ewing says.

Become familiar with federal, state and credit-card industry security requirements. It's expensive to implement technology allowing “your systems to exchange information,” Ewing says, “but it's well worth it.”

More than 20 states have adopted legislation requiring notification of customer data loss, and “the goal for Accor is never to lose any information in the first place,” he says.