CEP Magazine (January 2021)
After extensive investigation and negotiation, the UK Information Commissioner’s office fined Marriott International Inc. £ 18.4 million for a data breach in 2014. The breach was one of the largest personal data leaks in recent years, affecting more than 300 million guests. The breach involved Starwood Hotels and Resorts Worldwide Inc., which Marriott acquired in 2016.
The investigation was made more difficult by Brexit, the passage of the General Data Protection Regulation (GDPR), and the fact that Marriott took responsibility for a pre-acquisition violation. The Information Commissioner’s Office stated that the fine is under the GDPR and in cooperation with the data protection authorities of the European Union.
1 Jonathan Armstrong and André Bywater, “Customer Notification: ICO Fines Marriott £ 18.4M for Data Breach,” Cordery Compliance, November 3, 2020, https://bit.ly/3oSh5wC.