Join our subscribers
Booking.com fined €475,000 for late reporting of data breach
Thursday, April 1, 2021
However, In its final penalty notice, the UK watchdog the ICO announced that, in view of the pandemic, Marriott would be required to pay just £18.4 million, a huge drop from the £99 million figure it had originally proposed in 2019.
Commenting on the Booking.com fine, Ilia Kolochenko, founder and chief architect of ImmuniWeb, said: "The fine seems to be severe given that sensitive data of just 300 people was compromised among 4,000 victims that were somehow affected. The Dutch DPA exercised its discretion to impose fines under Article 83 of GDPR in a broad manner, and it seems to be an unambiguous signal of zero tolerance for late data breach reports.
"It's unclear whether [Booking.com] will appeal the sanction as disproportionally harsh in light of the unprecedented lenience towards Marriott and BA by the UK regulator. The European Data Protection Board will probably intervene and bring more clarity on this specific misconduct in terms of gravity and subsequent punishability. In any case, this precedent evidences that victims of data breaches are to rigorously follow Article 33 of the GDPR and notify the competent DPA within 72 hours as prescribed." Read Full Article
ComputerWeekly: Ransomware attack on London schools highlights warnings
IT PRO: Harris Federation disables students' emails following ransomware attack
