After a data breach that exposed 339 million guest records around the world, violating the General Data Protection Regulation (GDPR), Marriott now faces an $124 million fine from United Kingdom regulators. As the breach affected 30 million Europeans, it fell under the jurisdiction of the GDPR, which sets standards for how companies collect, use, and store data. Marriott’s hack began in 2014 and was discovered in fall of 2018 and reportedly shortly after. Marriott said they plan to appeal any fine, according to a news article from CNN.
Divya Gupta, a lawyer at international firm Dorsey & Whitney, says that Marriott’s fine should be a wakeup call to companies with operations both in the United Kingdom and the United States. Gupta says,
“Marriott faces huge fines for a GDPR breach this week, a signal to other companies that the regulatory bodies are strictly enforcing the law to protect consumer personal data.”
Protecting Customer Data in the United States
Similar to the GDPR in Europe, many states have data privacy laws, with California leading the number of regulations with the California Consumer Privacy Act. To compare it to the GDPR, if only ten percent of the Europeans impacted by the Marriott breach were residents of California, the penalty would be a minimum of $300 billion instead of $124 million under the GDPR, according to Gupta. “For companies looking for the lesson here — this GDPR penalty is a paltry sum, compared to what is looming,” Gupta says.
Marriott and Amazon Alexa
In fall of 2018, Marriott integrated the voice assistant Amazon Alexa into its first hotel, the City Centre hotel in Charlotte, North Carolina. After, the Irvine Spectrum in Los Angeles would get Amazon Echo devices in all of their rooms. Last spring, Marriott tested the Alexa for Hospitality tool as well, allowing guests to order room service, change the TV and lighting, set alarms, and get weather and news updates from Alexa. Given Alexa’s past security issues secretly recording a family in Portland, for one, it will be interesting to see how guests react to Marriott’s most recent data breach.