Included in this edition of Data & Privacy News: Marriott may face GDPR fine of up to £17.4m; UK businesses require more cyber security support from the Government in 2019 and more...


Marriott may face GDPR fine of up to £17.4m following data breach

Marriott International could face a fine of up to £17.8 million or 4% of its annual turnover, following a huge data breach affecting approximately 500 million guests.

On 8 September, Marriott was made aware of an attempt to access its Starwood guest reservation database. It then discovered there had been unauthorised access to the database since 2014.

Guest information compromised during the breach included names, addresses, phone numbers, passport numbers, dates of birth, email addresses and booking information.

Reports suggest two American law firms have already filed a class action against the hotel chain.

Staff working on personal devices outside of hours could be breaching GDPR

Research by Insurance2go has revealed that staff working out of hours could be breaching the General Data Protection Regulations (GDPR) by using their own devices.

Under Data Protection laws, businesses must ensure data stored on employees' personal devices is as secure as that held on their own databases and servers. 

Of those surveyed, a third said they answer work emails or carry out work tasks on their personal mobile after work, a quarter do this during their lunch break and nearly a quarter work on personal handsets during their commute to work. 

UK businesses require more cyber security support from the Government in 2019

A survey of 500 UK senior IT professionals has revealed that UK businesses feel let down by the government on cyber security and require more support around these issues in 2019. 

The research by Atomik showed that 68% of those surveyed had suffered at least one cyber attack in the past year and 31% had not received enough support or guidance from the Government on cyber security.

This latest research comes not so long after the chancellor of the Duchy of Lancaster, David Lidington, highlighted the problem during the second annual review of the National Cyber Security Centre.

Man suing Scotland Yard over leaked online document of gang's database

A 28-year-old man is suing Scotland Yard after his name appeared on a leaked document of the force's secret gang's database, which was photographed and circulated on social media. 

The document contained personal information such as home addresses and gang affiliations, causing the man and his family to fear for their safety. 

The Information Commissioner's Office is investigating Newham Council over the alleged breach, which was reported in November 2018. 

Key contacts

Helena Brown

Helena Brown

Partner, Head of Data
Edinburgh, UK

View profile
Ross McKenzie

Ross McKenzie

Partner, Commercial Services
Aberdeen, UK

View profile