Organisations should also put in place proper accountability measures to assess what personal data has been acquired and how its protected, and implement or improve the measures to ensure the security and proper processing of the personal data. In its published intention to fine Marriott, the ICO explicitly states that organisations are accountable for the personal data they hold, which includes carrying out proper due diligence when acquiring another company. Importance of data protection due diligence The ICO believes that Marriott should have done more to secure Starwood's systems upon the acquisition. Consequently, the data breach was not discovered until 2018. Marriot subsequently acquired Starwood in 2016, but it failed to carry out a proper due diligence into the data protection practices, especially data security practices, of Starwood. The data breach likely began when the systems of Starwood were compromised in 2014, which resulted in the exposure of personal data of approximately 339 million guests. This shows the great importance of carrying out proper data protection due diligence when making or preparing an acquisition. The ICO thus links the lack of such proper data protection due diligence by Marriott to the fine. However, the essential aspect of this fine is how the ICO blames Marriott for failing to undertake proper due diligence when buying the Starwood hotels group (Starwood) in 2016, where the data breach originated. Consumer Goods, Retail, Food & Beverages.Information, Communication and Technology (ICT) Law.Pharmaceutical, Biotechnology and Medical Devices.Overheidsaansprakelijkheid en overheidscontracten.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |