Data Security in Hospitality

Greater Miami & The Beaches Hotel Association
February 07, 2018

The hospitality industry is easily among the most inviting targets for data hackers and would-be thieves of personally identifiable information (PII). The volume of PII available to hotels, and (all too often) a lack of rigor in safeguarding such information, has unfortunately been a recipe for frequent breaches of data security and electronic privacy.

In recent years, breaches have compromised not just hotels’ own business data, but also guest information held by third-party contractors such as travel websites and online booking services. And third-parties’ breaches sometimes make quick legal and public relations actions necessary for hotels.

As hotels continue to expand their relationships with business partners, and begin to roll out newer technologies such as in-room personal assistants like Alexa or Siri, the risks of data breaches are likely to increase.

Among the digital security problem areas or “blind spots” for hotels have been the following:

  • Storing credit card information in clear, readable text
  • Using easily-guessed passwords. For instance, access to the property management system for more than one hotel was “micros,” which was the name of the developer of the hotels’ property management program
  • Failing to use firewalls
  • Maintaining permissive networking protocols, including non-updated security programs, inadequate password protection, and even default user IDs and passwords
  • Allowing easy access to networks and servers for third party vendors
  • Instituting insufficient incident response protocols, and then failing to follow those protocols

With informed advice from legal and IT professionals, 2018 can be the year in which the hospitality industry more successfully meets the challenge of preventing or minimizing data breaches.


Philip R. Stein
Practice Group Leader, Litigation
Blog October 5, 2022
Kim Kardashian found herself on the wrong side of the law when the SEC entered a cease-and-desist order against her (the “Kardashian Order”). This blog explains how this and other celebrity violations reflect the trend towards increased regulation of cryptocurrency in the U.S.
Blog May 25, 2022
Developments over the last few months, both in the courts and among policymakers, have demonstrated some of the key legal and regulatory issues facing issuers, exchanges, and investors operating in the cryptocurrency space. Recent statements by regulators, coming on the heels of new class action law...
International Tax & Wealth Planning Conference April 27, 2022
Paul J. D'Alessandro, Jr. and David M. Seifer participated in a panel discussion titled Cryptocurrency: The Basics, Tax Implications, and Initial Planning Observations at Bilzin Sumberg’s International Tax and Wealth Planning Conference.