Marriott & British airways fines

British Airways and Marriott received the largest-ever fines under the EU’s new General Data Protection Regulation this past week.

The U.K. Information Commissioner’s Office (ICO) fined British Airways a proposed $230 million for an incident that took place from June to September 2018 and compromised the data of 500,000 customers. The ICO gave Marriott a $123 million proposed penalty for the loss of 339 million guest records, reported in November 2018. Both companies have the opportunity to respond to the fine before the ICO issues a final decision, and both companies already indicated they will appeal the decision.

But the GDPR fines were important for reasons well beyond numbers. The GDPR is a very broad rule with little detail, and companies have had few insights into how regulators in the EU would interpret the law, particularly what they would consider “adequate” security measures.

Full Article Here