The settlement requires Marriott to enhance its data security practices, adopt a risk-based approach, and provide specific consumer protections, including a payment of $52 million to the participating states. Maryland will receive $2,214,224 of this amount.
Attorney General Anthony G. Brown announced today that Maryland, in collaboration with 49 other state attorneys general, has reached a settlement with Marriott International, Inc. This agreement follows an extensive investigation into a significant multi-year data breach involving one of Marriott's guest reservation databases.
Maryland played a key role in the investigation, which revealed that from July 2014 to September 2018, hackers accessed the systems of Starwood, which Marriott acquired in 2016, compromising the personal information of approximately 131.5 million guests. The breach included sensitive data such as contact details, birth dates, reservation history, and, in some cases, unencrypted passport numbers and credit card information.
“Marylanders should not have to choose between staying in a hotel and protecting their privacy. Consumers should be able to trust that companies will take reasonable steps to protect their personal information,” said Attorney General Brown. “This settlement ensures that Marriott hotel guests can rest easy knowing that their personal data will be better protected moving forward.”
The settlement requires Marriott to enhance its data security practices, adopt a risk-based approach, and provide specific consumer protections, including a payment of $52 million to the participating states. Maryland will receive $2,214,224 of this amount.
The investigation found that Marriott misrepresented the security measures it had in place to protect consumer data. Today's settlement addresses allegations of violations of Maryland’s Consumer Protection Act and Personal Information Protection Act due to inadequate data security measures during the integration of Starwood’s systems.
In conjunction with the attorneys general, the Federal Trade Commission has also reached a similar settlement with Marriott.
As part of the agreement, Marriott will implement a comprehensive Information Security Program, which includes:
Implementing a comprehensive Information Security Program. This includes new overarching security program mandates, such as incorporating zero-trust principles, regular security reporting to the highest levels within the company, including the Chief Executive Officer, and enhanced employee training on data handling and security.
Data minimization and disposal requirements, which will lead to less consumer data being collected and retained.
Specific technical security requirements with respect to consumer data.
Increased vendor and franchisee oversight and clearly outlined contracts with cloud providers.
In the future, if Marriott acquires another entity, it must timely assess the acquired entity’s information security program and develop plans to promptly address identified gaps or deficiencies in security as part of the integration into Marriott’s network.
An external third-party evaluation of Marriott’s information security program every two years for a period of 20 years.
Additionally, the settlement grants Maryland resident's new consumer rights, including the option to request data deletion, which is not currently mandated by state law. Marriott must also offer multi-factor authentication for loyalty accounts and review those accounts for suspicious activity.
This settlement marks a significant step in holding large corporations accountable for data security and ensuring consumer protection in the digital age.
THANK YOU FOR YOUR TIME
DISCLAIMER
The views and opinions expressed in this article are those of the authors and do not
necessarily reflect the official policy or position of The Steven Wick Blog. Any content provided by our bloggers or authors are of their opinion and are not intended to malign any religion, ethnic group, club, organization, company, individual or anyone or anything.
If you decide to purchase any item using our authorized referral/affiliate links, be aware, we may receive a portion of the sales as commission, i.e. if you purchase a product/service.
To shop, select or click buttons, links or images, you will be redirected to product pages. Please, carefully research before you purchase. Feel free to share and leave a comment, we would love to hear from you. Your feedback is very important to us.
For more like this, music, literature, news, fashion, savvy political commentary, and fascinating features, sign up for the Steven Wick News Letter.
We here at the Steven Wick Blog are so proud of our work, we’d like to thank you for being a part of our community. However, our mission to share so much from music, literature, lifestyle to fashion is a 24/7 undertaking! We need your help to continue our work. Your financial donation will help us not only keep the lights on, but enable us run many more stories in the future to come. DONATE HERE
Message Of Gratitude
We deeply appreciate your contribution in making our blog the top brand among customers.
Without you as our readers, we wouldn't have achieved this level of success. Your satisfaction is our utmost priority, and we assure you that we will always be a reliable source for your entertainment needs.
Your trust in us is invaluable, and we are grateful for your generous donations as our readers.
A number of you took an extra effort and opted to contribute as monthly donors. By doing so, your generous contribution is multiplied by twelve throughout the year, thereby amplifying the impact you have on our work. Your dedication truly makes a significant change, and we sincerely appreciate your valuable support.
Your support has been instrumental in our brand's success.
Thank you for being with us throughout the past year.
As we continue to grow and enhance our business, we pledge to prioritize your needs and interests.
Best Regards
The Steven Wick Team
Comments