ICO to fine Marriott £99m for GDPR data breach
The fine relates to a data breach in November 2018 affecting the personal data of 339m guest records globally – about 30m of those were from the 31 countries in the European Economic Area (EEA) and seven million in the UK.
The data breach related to the Starwood hotels group and dated back to 2014; however it came under Marriott’s responsibility following its acquisition of the business in 2016. The exposure of the information was not discovered until 2018 and the ICO said Marriott failed to do enough due diligence when it bought Starwood.
Information Commissioner Elizabeth Denham said: “The GDPR makes it clear that organisations must be accountable for the personal data they hold. This an include carrying out proper due diligence when making a corporate acquisition and putting in place proper accountability measure to assess not only what persona data has been acquired but how it is protected.”
Marriott has co-operated with the ICO investigation and improved its security arrangements since these events came to light. Marriott can make representations to the ICO as to the proposed findings and sanction.
We hope you enjoyed this article.
Research Live is published by MRS.
The Market Research Society (MRS) exists to promote and protect the research sector, showcasing how research delivers impact for businesses and government.
Members of MRS enjoy many benefits including tailoured policy guidance, discounts on training and conferences, and access to member-only content.
For example, there's an archive of winning case studies from over a decade of MRS Awards.
Find out more about the benefits of joining MRS here.
0 Comments