(MAR.O) reservation databases could lead to a 99 million-pound (US$124 million) fine as the United Kingdom cracked down on privacy breaches with its second major penalty notice in two days. The company will have an opportunity to make representations to the ICO, as to the proposed findings and sanction, the ICO said.
The proposed fines against British Airways and Marriott International indicate that the ICO is prepared to take a hard line on security breaches that compromise customer information, and to make full use of the powers available to it under GDPR.
British Airways is facing a record fine of £183m for last year's data leakage (1.5 per cent of its turnover), and yesterday it was revealed that hotel chain Marriott could be stung for £99m (3 per cent).
That data included name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date and communication preferences. The ICO found that Marriott failed to undertake sufficient due diligence when it bought Starwood and should also have done more to secure its systems.More news: Fortbyte 5 Location: Laid Back Shuffle Inside a Dance Club in Fortnite
"Personal data has a real value so organizations have a legal duty to ensure its security, just like they would do with any other asset", says U.K. Information Commissioner Elizabeth Denham.
The ICO is UK's independent regulator for information rights and data protection law, protecting information rights in the public interest, as well as encouraging data privacy for individuals and openness by public entities. Marriott President and CEO Arne Sorenson said the company is disappointed in the ICO's decision and it will fight to defend its position.
Obviously, the Starwood system is no longer being used, but the ICO lays the blame at the feet of hotel chain for not doing the proper due diligence with the system.More news: Apple update kills off Zoom web server
The updated regulations, which went into effect last year, state that the ICO can seek a fine of up to 4 percent of a company's worldwide annual revenue in the prior financial year.
Photo Credit: A Marriott Hotel guest room. On Monday, the watchdog announced its intention to fine British Airways £183.4 million ($230M) over a 2018 data breach.
Marriott acknowledged that challenges and the disruptions they pose.
Parent company International Airlines Group says it plans to contest the fine. As the ICO's announcement regarding the British Airways' incident demonstrates, the potential consequences of breaching the GDPR can be significant. "That's why the law is clear - when you are entrusted with personal data you must look after it".More news: Baker mistakes 'Moana' birthday cake request for 'marijuana'