The FTC says it has jurisdiction to tell hotels how to secure their data. Based, no doubt, on the government’s recognized expertise in the topic. FTC hasn’t issued any rules on the topic. The alleged deception is the fact that customer information on the hotels’ networks is not secure enough.
No government agency has been given the authority to set the rules for cybersecurity at corporations. Nature, and government, abhors a vacuum.
“Hotel, FTC Clash On Cybersecurity,” Wall Street Journal, November 8, 2013 B5 http://on.wsj.com/1hsdW15