Skip to main content

Data Security in Hospitality

Greater Miami & The Beaches Hotel Association

February 07, 2018

The hospitality industry is easily among the most inviting targets for data hackers and would-be thieves of personally identifiable information (PII). The volume of PII available to hotels, and (all too often) a lack of rigor in safeguarding such information, has unfortunately been a recipe for frequent breaches of data security and electronic privacy.

In recent years, breaches have compromised not just hotels’ own business data, but also guest information held by third-party contractors such as travel websites and online booking services. And third-parties’ breaches sometimes make quick legal and public relations actions necessary for hotels.

As hotels continue to expand their relationships with business partners, and begin to roll out newer technologies such as in-room personal assistants like Alexa or Siri, the risks of data breaches are likely to increase.

Among the digital security problem areas or “blind spots” for hotels have been the following:

  • Storing credit card information in clear, readable text
  • Using easily-guessed passwords. For instance, access to the property management system for more than one hotel was “micros,” which was the name of the developer of the hotels’ property management program
  • Failing to use firewalls
  • Maintaining permissive networking protocols, including non-updated security programs, inadequate password protection, and even default user IDs and passwords
  • Allowing easy access to networks and servers for third party vendors
  • Instituting insufficient incident response protocols, and then failing to follow those protocols

With informed advice from legal and IT professionals, 2018 can be the year in which the hospitality industry more successfully meets the challenge of preventing or minimizing data breaches.


Related Practices
Philip R. Stein

Philip R. Stein

Partner, Litigation Practice Group Leader
Webinars November 18, 2020

Kelly Ruane Melchiondo, Partner in Bilzin Sumberg's Construction Law Group and member of the firm's Data Security & Privacy Team, leads a discussion around the construction industry's increasing investment in information technology in both a pre and post COVID-19 world, taking a proactive ...

Publication October 29, 2020
As if the recent uptick in national COVID-19 cases and hospitalizations were not enough to tax an already beleaguered health system, on October 28, 2020, three federal agencies issued a cybersecurity Joint Advisory warning of a credible threat of “increased and imminent cybercrime” targe...