Data Security in Hospitality

Greater Miami & The Beaches Hotel Association
February 07, 2018

The hospitality industry is easily among the most inviting targets for data hackers and would-be thieves of personally identifiable information (PII). The volume of PII available to hotels, and (all too often) a lack of rigor in safeguarding such information, has unfortunately been a recipe for frequent breaches of data security and electronic privacy.

In recent years, breaches have compromised not just hotels’ own business data, but also guest information held by third-party contractors such as travel websites and online booking services. And third-parties’ breaches sometimes make quick legal and public relations actions necessary for hotels.

As hotels continue to expand their relationships with business partners, and begin to roll out newer technologies such as in-room personal assistants like Alexa or Siri, the risks of data breaches are likely to increase.

Among the digital security problem areas or “blind spots” for hotels have been the following:

  • Storing credit card information in clear, readable text
  • Using easily-guessed passwords. For instance, access to the property management system for more than one hotel was “micros,” which was the name of the developer of the hotels’ property management program
  • Failing to use firewalls
  • Maintaining permissive networking protocols, including non-updated security programs, inadequate password protection, and even default user IDs and passwords
  • Allowing easy access to networks and servers for third party vendors
  • Instituting insufficient incident response protocols, and then failing to follow those protocols

With informed advice from legal and IT professionals, 2018 can be the year in which the hospitality industry more successfully meets the challenge of preventing or minimizing data breaches.


Philip R. Stein
Practice Group Leader, Trial & Litigation
Speaking Engagement March 4, 2024
Ryan J. Coyle speaks on the panel Stiff Winds, New Currents and Rough Seas: Navigating the Private Client World in Turbulent Times at the 29th Annual International Private Client Tax Conference. The panel discusses recent changes and salient topics in tax law in different jurisdictions, the use of a...
Publication November 30, 2023
Over the past decade, companies have increasingly turned to the collection of consumer personal data to help them better understand and adapt to the habits, preferences, and needs of consumers, engage in targeted marketing, and gain insight into the broader marketplace—that is, to better compe...
Speaking Engagement September 29, 2023
Melissa Pallett-Vasquez speaks on the panel Press Play to Continue: Navigating Legal Ethics in a Digital World at the ACC South Florida 13th Annual CLE Conference. The session focuses on the unique ethical issues brought on by technological changes in the legal field, particularly the increasing pre...