Hefty Fine for Booking.com Due to Delayed Data Breach Notification; With Little Financial Information Stolen, Is the Amount Excessive?
Thursday, April 8, 2021
Booking.com’s immediate acquiescence is somewhat surprising given that EU regulators have tended to be forgiving of companies in the travel industry, particularly during the pandemic. The Marriott data breach of 2018 was one of the largest of its type of all time, but was ultimately reduced to $23.8 million in October from an initial assessment of $123 million. Similarly, the major British Airways incident of 2018 was reduced to $26 million that month from an initial proposed $238 million. Each involved more serious issues than a data breach notification, with the companies involved found responsible for the loss of millions of records of sensitive personal and financial information.
The Dutch DPA did not play a role in those decisions, however. It is thus unclear if this signals a trend in the EU toward stricter enforcement of slow data breach notifications, or if companies based in the Netherlands are going to be subject to tougher standards in this area. Ilia Kolochenko, Founder and Chief Architect at ImmuniWeb, believes that the European Data Protection Board may decide to weigh in on this particular issue: “The fine seems to be severe given that sensitive data of just 300 people was compromised among 4000 victims that were somehow affected. The Dutch DPA exercised its discretion to impose fines under Article 83 of GDPR in a broad manner, and it seems to be an unambiguous signal of zero tolerance for late data breach reports … The European Data Protection Board will probably intervene and bring more clarity on this specific misconduct in terms of gravity and subsequent punishability. In any case, this precedent evidences that victims of data breaches are to rigorously follow Article 33 of the GDPR and notify the competent DPA within 72 hours as prescribed.” Read Full Article
CPO Magazine: Hackers Compromised a Popular Carding Site Exposing 300,000 User Account Details