Cloudbeds Release Notes - April 2019

Follow

Cloudbeds is releasing an update to the myfrontdesk system in April 2019. This update includes security improvements, updates on the booking engine and activity logs. Check all the details below.

Security Updates
Handling Sensitive Personally Identifiable Information (Activity Log)

For security reasons, when a user handles sensitive data, this handling will be noted in the myfrontdesk activity log.

When users encounter a field that contains sensitive data, they will need to click on an “eye” shaped icon to view the information.

We have added a 'click-to-view' button and the system will register the action on the General Activity Log for both guest data and data related to Integrations with Cloudbeds.

Guest data includes:

When users view or edit:

  • Document Number
  • Tax ID
  • Company Name
  • Company Tax ID
  • Custom Fields with Personally Identifiable Information / PII (per GDPR) or change PII Settings

Integrations data includes:

  • API Client ID on the API Credentials page
  • Access Tokens on the API Credentials page
  • Client Secret on the API Credentials page
  • Tax identification number for Czech Gov integration
  • Fact API Key field for Portuguese government integration

Viewing Emails

When a user views a previously sent email, it will be added to the reservation/activity log.

Permissions to View and Handle Sensitive Data

This release will add a new section to the Roles page that will indicate what kind of access a user has to view and handle sensitive data. This includes:

  • When users view or edit:
    • Document Number
    • Tax ID
    • Company Name
    • Company Tax ID
    • Custom Fields with Personally Identifiable Information (this is a feature appears when GDPR is enabled) or change PII settings
    • Extract guest data (This is a feature that appears when GDPR is enabled)
    • View previously sent emails
  • The sensitive details will be removed from the registration cards when the user prints them

Emails can sometimes contain sensitive data or personally identifiable information - perhaps a merge tag or an attached invoice. An email could also contain sensitive data that was manually put there by the writer. When granting permission to view previously sent emails, properties should also review their own policies around what data they send in emails and whether staff should be permitted to view this data.

Please Note:

  • If a user is not permitted to view sensitive data, they also will not be able to modify this data in a reservation or a guest’s profile (Guest Page), regardless of whether user has permission to edit guest data generally (please check more details on the screenshot below).
    Exception: If a user is creating a reservation, they can enter the sensitive data into the field. Once it’s saved though they won’t be able to see that data again unless they have permission to view it.
  • By default, all users have permission to see this data. Users responsible for managing permissions should review all users to confirm which ones should be allowed to view sensitive data. Please refer to this article to check how to manage user's permissions.
  • If a user’s permission to view/edit sensitive data has been disabled then their permission to extract guest data or view previously sent emails will also be disabled. However, if they don’t have permission to view this sensitive data then the data will not be included in the export.
Cloudbeds Booking Engine More Accessible

Cloudbeds is making several improvements to our booking engine to be even more accessible to people with disabilities. These improvements make the booking engine easier to navigate with a screen reader. The improvements are:

  • General navigation - when adding guests or opening a pop-up (availability calendar/larger photos and more) making tooltips more readable.
  • We improved where our color schemes had too low contrast (making them hard to see).
  • We went through it all with a screen reader, which is a device people can use to navigate through a website and be read/described what content is there.
Activity Logs Improvements

This release will add more logs to the activity logs:

  • When a property was removed from an association. The log will also note who removed the property.
  • When the credit card password expires.
Have more questions? Contact Support

Comments

Powered by Zendesk