PARCA eNews – July 9, 2019 – The UK’s Information Comissioner’s Office (ICO) the UKs independent policing arm for the EU’s General Data Protection Regulation or GDPR regulation that rolled out many revisions to the privacy regulations launched last year has already levied a fine totaling $230 million on British Airways.
Now the ICO is proposing a fine of $123 million for Marriott’s breach involving 339 million customer records. The breach occurred in 2014 with the Starwood Hotels & Resorts (including the Sheraton brand) which was acquired by Marriott in 2016, Tthe breach involved hackers who gained access to the guest reservation system, but was not discovered until 2018.
Meanwhile the GDPR data protection authority in the Netherlands, Authoriteit Persoonsgegevens, had issued its first data breach fine to the Haga Hospital in the Hague for €460,000 ($516,000 US) for security failures that contributed to a privacy breach last year, citing poor internal security controls.
With the size of the fines, it is clear that failure to secure patient data in the EU as called for in by the GDPR will be costly.
Source: ICO News and Events page and HIPAA Journal
No comments:
Post a Comment