Just yesterday I wrote about how British Airways is facing a massive fine over the data breach that happened last year. Under the UK’s General Data Protection Regulations (GDPR), which were implemented last year, the UK’s Information Commissioner’s Office (ICO) is slapping them with a £183m fine.
British Airways is now facing the consequences of this breach under GDPR, and their fine is massive. British Airways is looking at a £183m fine from the Information Commissioner’s Office (ICO) for last year’s data breach.
Well, they’re not the only company looking at a massive fine. Remember Marriott’s data breach from last year (which Marriott handled horribly)? This first came to light in November 2018, and contained records for about 339 million guests globally, including information of seven million UK residents.
Well, it has just been announced that the UK ICO is fining Marriott a total of £99,200,396 in relation to this data breach.
Marriott has the right to respond before any final determination is made, and the company does plan on contesting this.
Information Commissioner Elizabeth Denham had the following to say regarding this:
“The GDPR makes it clear that organisations must be accountable for the personal data they hold. This can include carrying out proper due diligence when making a corporate acquisition, and putting in place proper accountability measures to assess not only what personal data has been acquired, but also how it is protected.
Personal data has a real value so organisations have a legal duty to ensure its security, just like they would do with any other asset. If that doesn’t happen, we will not hesitate to take strong action when necessary to protect the rights of the public.”
Marriott CEO Arne Sorenson had the following to say:
“We are disappointed with this notice of intent from the ICO, which we will contest. Marriott has been cooperating with the ICO throughout its investigation into the incident, which involved a criminal attack against the Starwood guest reservation database.
We deeply regret this incident happened. We take the privacy and security of guest information very seriously and continue to work hard to meet the standard of excellence that our guests expect from Marriott.”
These massive fines will no doubt give a lot of executives pause. I expect that this will only be the beginning of these kinds of fines, which are otherwise unprecedented. With fines being for up to 4% of annual global revenue for big companies, we could continue to see fines this massive.
However, at some point one has to wonder if all of this isn’t just a bit extreme. Obviously these were massive breaches, but seeing nine figure fines is something, alright. Furthermore, it’s not like this money is going to those who were impacted by these breaches…
What do you think — yay that companies are being held accountable to this extent, or is this all a bit over the top?