The ICO issued notices of intent to fine British Airways and Marriott. What happened?
On 8 July 2019, the UK Information Commissioner’s Office (ICO) announced a notice of intent to fine British Airways £183.39 million (about US$230 million) for violating the General Data Protection Regulation (GDPR). The proposed fine is the largest to date under the GDPR, and equals 1.5% of British Airways’ 2017 global turnover, according to the Financial Times. It follows months of investigation after British Airways notified the ICO of a security incident that led to the theft of customer data in September 2018.
Then on 9 July 2019, the ICO announced a notice of intent to fine Marriott International £99.2 million (about US$124 million) for infringements of the GDPR stemming from a data breach at Starwood, which it acquired in 2016. According to the Wall Street Journal, this fine represents 2.5% of Marriott’s global revenue. Marriott initially announced the data breach in November 2018, which led to an ICO probe. Continue Reading