Skip to main content

Guest data is gold. And like gold, it’s a target for thieves. That’s why we’re committed to providing smart tools that help you protect guest data while maintaining smooth day-to-day operations. One critical setting that every property admin and manager should be aware of is the ‘View customer data’ permission. This simple yet powerful control ensures only authorized staff can access sensitive guest details. 

 

What does the ‘View customer data’ permission do? 

 

Think of this setting as your property’s data gatekeeper. When turned off, users can still access the Reservation Report, but guest details (such as names and contact information) are automatically blurred out. No peeking, no prying, no unnecessary exposure. This means unauthorized users can’t extract or misuse guest data, strengthening your property’s security against potential threats. 

 

Why is this important? 

 

Restricting access to customer data is a simple yet highly effective way to: 

✅ Protect guest privacy and security – Not everyone on the staff needs to see guest details. Limiting access to essential personnel minimizes risk and helps prevent unauthorized access. 

✅ Deter phishing – If a cybercriminal gains access to a compromised staff account (say, a housekeeper’s login), they’ll hit a dead end without viewable guest data. That’s a major roadblock for potential data thieves. 

✅ Improve compliance with data protection best practices – Many regulations and internal security policies require strict access controls on personal data. Enforcing this permission helps keep your property in line with best practices. 

 

Take action: Audit your staff permissions 

 

We strongly encourage all property admins to review and adjust their permissions and access controls today. Ask yourself: 

🔹 Who really needs access? Many operational roles – like housekeeping – don’t require access to customer data. Review and refine your permissions accordingly. 

🔹 Are your access levels set correctly? If a staff member doesn’t need to see guest details, don’t leave that door open. Adjust their role settings. 

🔹 How often are you reviewing staff access? Permissions shouldn’t be something you set and forget. Regular audits ensure only the right people have access and help prevent unauthorized data exposure. 

 

Next steps to take 

 

🔍 Unsure about your current settings? Take a moment to review your user role permissions in Mews and adjust them as needed. Remember, a few clicks today means stronger security tomorrow. 

By fine-tuning your access controls, you can greatly reduce security risks and enhance protection for both your guest data and your property’s reputation.  

 

Got questions? Need guidance? Drop a comment below and let’s discuss best practices together! 

Hi Rui, 

I do like the ‘view customer data’ setting, we had it turned off at the beginning, however we did run into some issues:

Housekeeping doesn't need all guest data, however it's crucial that they do see a guest name. To assist guests with their door, but also to see if the same guest is checking out and checking in again (two separate reservations of the same guest). 

Also F&B staff need to see the name of the guest combined with their room number, but no other information of the guest. 

 

So as this permission looks great, in operational setting it's not as useful as depicted in your message above.

If you have any questions, please feel free to contact me.

Kind regards, Kirsten

Hi Rui,

When will this be in place?

Currently, to enable a user to view the Timeline, the ‘Create and manage customers and companies’ permission must be selected. 

When solely selected, it automatically selects ‘View Company Data’ and ‘View Customer Data’. 

When either ‘View Company Data’ and ‘View Customer Data’ is unticked from the profile, the option is automatically added-back when the user profile is saved. 

I completely agree with Kirsten on its use though: HSK, F&B and other ops teams do need to see the clients’ name, and also profile notes upon hovering on them from the Timeline, but they should not be able to click on anything or see the Reservations Report in their access to the stacked menu.  

The permission ‘Access Sensitive Reports’ should also comprise the Reservations Report as it is a sensitive report; sensitive enough to be the target of hackers for sure.

A solution could be for all exported customer centric reports to exclude personal data such as email addresses or phone numbers. If those are required for an export, they should be subject to user identification (which I think you have mapped for anytime soon?). 

I have seen systems exports where those personal data are included as exported items but they are ‘starred’/hidden.

Peggy

When is MEWS finally coming with the granularity that was promised a long time ago? Seeing is something else then Creating or Managing… 

 

Reply


Terms and ConditionsCookie settings