Marriott data breach fine set to hit £99m

Marriott data breach fine set to hit £99m

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Just two days after the announcement of the huge BA data breach fine to the tune of £183m, the Marriott data breach fine is reportedly going to be set at £99m.

These are real statements of intent from the UK’s data watchdog, the ICO (the Information Commissioner’s Office).

When GDPR came into force last year, there was little doubt about the responsibilities that organisations have when it comes to data protection, and the punishments for failure are clear. We’re pleased with the announcement of another huge fine, and as always, we continue to bring the fights for justice for the victims who deserve compensation for the loss of control of their personal information.

Significant Marriott data breach fine

The provisional Marriott data breach fine that’s understood to be set at £99m is another significant GDPR punishment. Before, we had maximum fines of £500,000.00, but now, organisations can be fined up to 4% of their global annual turnover.

The incentive to ensure that data is processed and stored safely is evident. The level of fines that can be issued are enormous, and all organisations need to do is comply with the law.

The Marriott data breach itself was a significant one. Hundreds of millions of records were compromised, of which seven million were understood to belong to UK citizens. The Starwood database had reportedly been compromised since 2014, but discovery of the breach was made years later with the announcement of the problem hitting the headlines in 2018.

The Marriott chain acquired the Starwood chain in 2016, but somewhere along the line, due diligence in terms of cybersecurity wasn’t adequately performed.

How does the fine affect claims for compensation?

It’s important to distinguish the difference between the Marriott data breach fine and claims for data breach compensation. Money from the proposed £99m penalty will usually go to the treasury as it’s not designed to be used for compensation.

Damages claims for the victims is a separate matter. Data breach compensation amounts are based on the extent of any distress and financial loss that has been caused.

What we do is pursue the organisations for compensation, and although the fine is a separate thing to legal action, penalties can help with cases. They show that there has been a clear failure to adhere to important data protection legislation which is a powerful tool in our legal arsenal when it comes to succeeding with compensation action.

Reaction to Marriott data breach fine

The reaction to the Marriott data breach fine has been similar to that of the BA data breach fine. It’s understood that Marriott has expressed that it’s “disappointed” with the findings, which is hard to believe given the circumstances of the particular breach.

In our view, a clear breach of important data protection legislation has taken place, and the proposed fine is more than justified.

Speaking about the £99m fine, Information Commissioner Elizabeth Denham said:

“The GDPR makes it clear that organisations must be accountable for the personal data they hold. This can include carrying out proper due diligence when making a corporate acquisition, and putting in place proper accountability measures to assess not only what personal data has been acquired, but also how it is protected.

“Personal data has a real value so organisations have a legal duty to ensure its security, just like they would do with any other asset. If that doesn’t happen, we will not hesitate to take strong action when necessary to protect the rights of the public.”

We continue to monitor the news of further GDPR fines, particularly for those where we’re involved in data breach group actions for compensation.

To find out if you can claim compensation, make sure you get in touch with our legal team today.  

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon