The Marriott hotel chain faces £99m fine – Our View

339m customers affected by credit card hack

The Information Commissioner’s Office (ICO) fine relates to a data breach at the company believed to have originated in the Starwood hotels group five years ago.

The ICO said the hotel chain had failed to undertake due diligence when it bought Starwood and should have done more to secure data processing systems.

Starwood Hotels include Trump Turnberry in Ayrshire, London’s Park Lane Sheraton Grand, Westbury Mayfair and Le Meridien Piccadilly. Trump Turnberry is run by Marriott resorts, but Donald Trump lends his name as part of a franchise agreement.

Marriott International’s president and chief executive Arne Sorenson said the company was ‘disappointed’ with the ICO’s announcement and said it would contest the fine. ‘Marriott has been co-operating with the ICO throughout its investigation into the incident, which involved a criminal attack against the Starwood guest reservation database,’ he said.

When first disclosing the breach, the hotel firm said the guest records of around 339 million people had been accessed and said it believed more than five million un-encrypted passport numbers were part of this information. Seven million records are thought to be related to UK residents.

Our view

Like the BA case, it is easy for a business or institution to blame others but to quote information commissioner, Elizabeth Denham, “People’s personal data is just that – personal… The law is clear, when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

How often do you check your credit card gateways? Businesses have a responsibility to check every aspect of their supply chain and having an accountable DPO will protect customers, suppliers and, ultimately the business.

Don’t do the minimum, make sure that every area of data supply and management is covered. People will respect you for this. After all, what price trust?