Re: Stored data
PCI-dss compliance centrally? No idea.
At certain starwood hotels i was working at this year, they clearly weren't, which was a little surprising. PCI-dss was a big deal at IHG a few years ago (maybe because they'd been hacked in the past and knew they'd be fined next time).