NEWS11 July 2019
All MRS websites use cookies to help us improve our services. Any data collected is anonymised. If you continue using this site without accepting cookies you may experience some performance issues. Read about our cookies here.
NEWS11 July 2019
UK – The Information Commissioner’s Office (ICO) has issued a £99m fine to hotel chain, Marriott International, for infringements of the General Data Protection Regulation (GDPR).
The fine relates to a data breach in November 2018 affecting the personal data of 339m guest records globally – about 30m of those were from the 31 countries in the European Economic Area (EEA) and seven million in the UK.
The data breach related to the Starwood hotels group and dated back to 2014; however it came under Marriott’s responsibility following its acquisition of the business in 2016. The exposure of the information was not discovered until 2018 and the ICO said Marriott failed to do enough due diligence when it bought Starwood.
Information Commissioner Elizabeth Denham said: “The GDPR makes it clear that organisations must be accountable for the personal data they hold. This an include carrying out proper due diligence when making a corporate acquisition and putting in place proper accountability measure to assess not only what persona data has been acquired but how it is protected.”
Marriott has co-operated with the ICO investigation and improved its security arrangements since these events came to light. Marriott can make representations to the ICO as to the proposed findings and sanction.
Related Articles
0 Comments