Privacy & Cybersecurity
U.S. Privacy and Data Protection | Insights |
U.S. Privacy and Data Protection | Insights | May 2024 (Federal Law) As a business owner in the digital age, it is critical to remain compliant with FTC rules and...
Read ArticleNovember 22, 2024
Senior Associate
FTC Brings Enforcement Action Against Hotel Chain
After experiencing multiple large-scale data breaches, Marriott International, Inc. and its subsidiary Starwood Hotels & Resorts Worldwide LLC have agreed to a significant settlement with the Federal Trade Commission (FTC) and 49 state attorneys general. The hotel giants are also required to implement a comprehensive information security program to address the fallout from three major data breaches that occurred between 2014 and 2020.
The FTC's complaint outlines a series of security failures that led to the following three significant data breaches:
The FTC alleges that Marriott and Starwood did not offer adequate data security and these breaches were possible due to:
The settlement includes both financial penalties as well as stringent security requirements including:
Data Deletion Requests: U.S. customers will now have the ability to request the deletion of personal information associated with their email addresses or loyalty rewards account numbers.
Loyalty Points Restoration: Marriott has agreed to review loyalty rewards accounts upon customer request and restore any stolen loyalty points.
Key Takeaways
Samuel Levine, Director of the FTC's Bureau of Consumer Protection, emphasized the importance of this action: "Marriott's poor security practices led to multiple breaches affecting hundreds of millions of customers. The FTC's action today, in coordination with our state partners, will ensure that Marriott improves its data security practices in hotels around the globe."1
Conclusion
This settlement serves as a wake-up call for the hospitality industry and other businesses handling large volumes of customer data, especially during mergers. It underscores the importance of implementing robust data security measures and the potential consequences of failing to do so.
The FTC's action against Marriott and Starwood sets a precedent for how data breaches and security failures will be addressed in the future, potentially leading to more comprehensive data protection regulations across industries.
Kronenberger Rosenfeld, LLP regularly advises clients regarding data and privacy compliance. Contact our firm using our online case submission form.
This entry was posted on Friday, November 22, 2024 and is filed under Privacy and Data Protection Updates, Internet Law News.
Privacy & Cybersecurity
U.S. Privacy and Data Protection | Insights | May 2024 (Federal Law) As a business owner in the digital age, it is critical to remain compliant with FTC rules and...
Read ArticlePrivacy & Cybersecurity
On March 15, 2024, the California Privacy Protection Agency released its 2024-2027 Strategic Plan, which outline the privacy agency’s values and objectives in California. Background The passing of the California...
Read ArticlePrivacy & Cybersecurity
In 2023, Washington State enacted a first-of-its-kind health privacy law known as the Washington My Health My Data Act (WMHMDA). This sweeping new privacy-focused law seeks to protect data that...
Read ArticlePrivacy & Cybersecurity
In a novel case, the California Attorney General (AG) has treated targeted ads using third parties, such as through routine marketing and analytics cookies, as data "sales." What did the...
Read ArticleGet legal help now
Submit your case in 3 minutes and get legal help fast.
Give us a call