Total Tests:

Marriott Data Breach Fine Reduced to £18.4 million by UK ICO

By Scott Ikeda for CPO Magazine
Friday, November 6, 2020

While the GDPR provides for substantial maximum fines, regulators have thus far appeared very hesitant to apply them. The Marriott data breach is another example in a seeming trend of relatively minimal fines for serious incidents that compromise the personal information of very large groups of people.

As Ilia Kolochenko, Founder & CEO of ImmuniWeb, observes: “This present (Marriott data breach) … may disincentivize some organizations, hit by the spiralling pandemic, in investing in cybersecurity and data protection. We already observe some industries freeing their cybersecurity budgets and laying off security personnel. Such “savings” may result in disastrous data breaches, harsh financial penalties by several state agencies, and trigger multi-million lawsuits and class actions from the victims … I respectfully disagree with some experts who say that GDPR becomes toothless, but the signal is clear – the application of penalties under GDPR may, and likely will depend on the financial conditions of a breached company. This makes a lot of sense but may eventually diminish or even nullify the deterring purpose of GDPR.”

The Marriott data breach ruling does raise the concern that the pandemic, which looks to stretch on well into 2021 at this point, may be used by companies as a justification for a reduced cybersecurity posture — at least in terms of protecting customer information. There is now evidence that a pandemic hardship case plus a basically competent mop-up effort after the fact will lead to this outcome, at least if the UK ICO is making the determination. Read Full Article


Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a Technical Question?

Our security experts will answer within
one business day. No obligations.

Have a Sales Question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
*
Your data will stay private and confidential