Yesterday we heard that BA had been fined by the ICO in the UK for a larger data breach and now the Information Commissioners Office has announced that it intends to fine Marriot International £99 million over a data breach.
The fine is in relation to infringements of the General Data Protection Regulation (GDPR) in the UK and it related to a data breach of 339 guest records from 2018.
Information Commissioner Elizabeth Denham said:
“The GDPR makes it clear that organisations must be accountable for the personal data they hold. This can include carrying out proper due diligence when making a corporate acquisition, and putting in place proper accountability measures to assess not only what personal data has been acquired, but also how it is protected.
“Personal data has a real value so organisations have a legal duty to ensure its security, just like they would do with any other asset. If that doesn’t happen, we will not hesitate to take strong action when necessary to protect the rights of the public.”
You can find out more details about the ICOs plans to fine Marriot International over at their website at the link below.
Source ICO