July 10, 2019
Two Companies Hit with Massive Fines After Data Breach
Two companies are facing massive fines from the Information Commissioners Office (ICO). The UK government agency is handing down a fine of $230 million to British Airways and nearly $125 million to Marriott Hotels.
The British Airways penalty is in relation to a 2018 breach when users were directed to a fraudulent site which obtained the personal information of around 500,000 people. The airline initially disclosed the incident in September 2018 and said that around 380,000 transactions were affected. According to reports, poor cybersecurity arrangements at British Airways was responsible for the leak of personal information such as credit card numbers, names, and email addresses.
Regarding Marriott, the ICO is planning to fine Marriott in relation to a breach dating back to 2014 in which the hotel inadvertently exposed the personal information of 339 million guests. According to the ICO, Marriott failed to properly review and implement data security practices when they acquired another hotel chain.
General Data Protection Regulation
Penalties for breaches like this have only increased under the General Data Protection Regulation. GDPR was enacted to give consumers more control and insight into their personal data and will require companies to ensure they are following safety procedures to collect, process, and store data.
International Data Privacy Laws
Similarly, some states and countries are passing data privacy laws and regulations to protect personal data and hold companies accountable. Recently, California passed the California Data Protection Regulation law which regulates how companies store data and will require them to disclose the types of data stored.