Data Security in Hospitality

Greater Miami & The Beaches Hotel Association

February 07, 2018

The hospitality industry is easily among the most inviting targets for data hackers and would-be thieves of personally identifiable information (PII). The volume of PII available to hotels, and (all too often) a lack of rigor in safeguarding such information, has unfortunately been a recipe for frequent breaches of data security and electronic privacy.

In recent years, breaches have compromised not just hotels’ own business data, but also guest information held by third-party contractors such as travel websites and online booking services. And third-parties’ breaches sometimes make quick legal and public relations actions necessary for hotels.

As hotels continue to expand their relationships with business partners, and begin to roll out newer technologies such as in-room personal assistants like Alexa or Siri, the risks of data breaches are likely to increase.

Among the digital security problem areas or “blind spots” for hotels have been the following:

  • Storing credit card information in clear, readable text
  • Using easily-guessed passwords. For instance, access to the property management system for more than one hotel was “micros,” which was the name of the developer of the hotels’ property management program
  • Failing to use firewalls
  • Maintaining permissive networking protocols, including non-updated security programs, inadequate password protection, and even default user IDs and passwords
  • Allowing easy access to networks and servers for third party vendors
  • Instituting insufficient incident response protocols, and then failing to follow those protocols

With informed advice from legal and IT professionals, 2018 can be the year in which the hospitality industry more successfully meets the challenge of preventing or minimizing data breaches.


Related Topics
Related Practices
Philip R. Stein

Philip R. Stein

Partner, Litigation Practice Group Leader
Publication August 20, 2020
In this edition of Coronavirus Q&A, Bilzin Sumberg's real estate leader discussed the current challenges that hotel owners face and the rocky road ahead for that sector.
Webinars October 14, 2020
Philip R. Stein, Litigation Partner and Practice Group Leader, and Kelly Ruane Melchiondo, Partner in the firm's Construction Law Group and member of the firm's Data Security & Privacy Team, lead a discussion around data privacy law and legal obligations of a corporate entity. 
Privacy Portal Blog September 24, 2020
New legislation proposed yesterday by the Department of Justice (DOJ) would make significant changes to the Communications Decency Act, which largely shields the tech industry from legal liability for content posted on their online platforms.