Running a hotel is one of the most challenging and time-consuming jobs you can do.

In terms of privacy and data protection, hotels present a unique set of challenges.

You see, with hotels, the personal data doesn't just follow the guest around (more on that in a moment). Instead, guest data is at risk long before a guest arrives, it grows like a rolling snowball while the guest is in the hotel - and then when the guest departs their data doesn't check out. Instead it remains, lurking, alone and vulnerable.

Unlike customers of many other types of business, a hotel guest is on premises at least overnight. Hotel managers and staff get to experience all sorts of behaviours over that time: The good, the bad and the naughty. Sometimes behaviour the guest wouldn't dream of trying in the comfort and privacy of their own home.

Hotels get to know what you look like, what you sound like, what you eat, what you drink, who you meet with, the car you arrived in, the car you left in, what you watched on the TV in your room, the websites you connected to through the hotel WiFi, what you like, what you didn't like, what you complained about, what you are allergic to, how much you paid, how you paid - and other aspects of your life which can be combined to draw conclusions about you as an individual.

Some of which might be obvious to anyone who knows you. Some of which you might prefer to be kept private.

Yet hotels record a lot of this data as a matter of course. Some of it deliberately and quite reasonably in the course of their business. Some of it without realising they do so. Or indeed without understanding exactly what happens to the information after they have collected it.

The days of the inscrutable hotel manager who sees all and says nothing are long gone. Nowadays guest behaviour is recorded as a matter of course. The hotels like to claim it helps them to "personalise the guest experience". While that may be true to a certain extent it is also true that some of this data could be used to harm an individual. To embarrass them, to steal from them, to raise questions about their behaviour or character - to make their life very difficult indeed.

Of course none of these are outcomes the hotel has in mind when it collects guest information before, during and after the guest stay. However the fact that the hotel now holds all this information makes their data systems a plum target for criminals.

Which makes the responsible use of personal data in hotels a high priority.