CEP Magazine (January 2021)
After extended investigations and negotiations, the United Kingdom’s Information Commissioner’s Office levied a fine of £18.4 million against Marriott International Inc. for a data breach that occurred in 2014.[1] The breach was one of the largest leaks of personal data in recent years, affecting more than 300 million guests. The breach affected Starwood Hotels and Resorts Worldwide Inc., which Marriott acquired in 2016.
The investigation was complicated by Brexit, the passage of the General Data Protection Regulation (GDPR), and the fact that Marriott was accepting responsibility for a breach that happened prior to the acquisition. The Information Commissioner’s Office stated that the fine was under GDPR and in cooperation with European Union data protection authorities.
1 Jonathan Armstrong and André Bywater, “Client Alert: ICO Fines Marriott £18.4m after Data Breach,” Cordery Compliance, November 3, 2020, https://bit.ly/3oSh5wC.
[View source.]