new government product safety office created

Marriott data breach fine set to hit £99m

Sign-up to one of our many Group Actions today - use our quick and easy form to start your claim for compensation.

Begin Your Group Action Claim Today
Please note we are unable to proceed with claims involving BMW, Dacia, Ford, Honda, MINI, Mercedes-Benz & Mitsubishi.
The deadline for claims for EA189 engines passed in 2018, and claims settled in 2022. We are unable to take any claims on for vehicles with EA189 engines. We are able to take on claims for newer engine types that are NOT EA189 engines.
Our claims team will call you back at a time that's suitable to you.
Your privacy is extremely important to us.
Information on how we handle your data is in our Privacy Policy
solicitors regulation authority

Marriott data breach fine set to hit £99m

The Marriott data breach fine to be issued by the Information Commissioner’s office (ICO) from the breach that was discovered last year is set to be £99m.

News of the penalty came within days of the record-setting provisional fine that’s been set for the British Airways data breach in the sum of £183m. GDPR allows the regulator to fine organisations up to 4% of their global annual turnover, and for large organisations who are guilty of significant breaches of important data laws, monetary penalties – as seen in these first two big ones – can be substantial.

Victims of the data breach can also be entitled to claims compensation, but this is a separate matter to any fine that’s issued by the ICO.

Reaction to the Marriott data breach fine

The reaction to the Marriott data breach fine has been what we expected. Despite the severity of the breach that lasted for a number of years, the hotel chain has reportedly expressed its “disappointment” regarding news of the proposed fine.

This reaction has been similar to that of BA owners IAG.

Speaking about the Marriott fine, Information Commissioner Elizabeth Denham said:

“GDPR makes it clear that organisations must be accountable for the personal data they hold. This can include carrying out proper due diligence when making a corporate acquisition, and putting in place proper accountability measures to assess not only what personal data has been acquired, but also how it is protected.”

This level of the fine, and the comments that have come from the ICO, clearly show that there’s no hiding from the law. Data breaches will be punished, and the worst ones will result in significant fines as we’ve seen with both BA and Marriott.

Denham also expressed the importance of the responsibilities organisations have:

“Personal data has a real value so organisations have a legal duty to ensure its security, just like they would do with any other asset. If that doesn’t happen, we will not hesitate to take strong action when necessary to protect the rights of the public.”

What does the Marriott data breach fine mean for compensation?

The Marriott data breach fine is a completely separate matter to any claims for compensation that victims of the incident can make. Money from the fine will usually go to the treasury and isn’t designed to be used for damages claims.

That’s why we pursue separate civil actions for compensation, and rulings made by the ICO can be supportive when it comes to the argument in favour of compensation.

Advice for compensation

If you were a victim of the incident and you want to know more about claiming for data breach compensation, you can speak to our team for free advice on a no-obligation basis.

We’re fighting for justice in over 40 different group and multi-party actions. The news of the Marriott data breach fine will likely lead to an increase in inquiries about options for justice, and our team is ready to assist you.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.