When acquiring a hospitality business with lots of personal customer data held on legacy IT systems, assessing the target’s information security should be a top priority. Alex Dittel and Anita Bapat explain
The Information Commissioner’s Office (ICO) has recently issued a letter of its intention to fine Marriott International £99,200,396 for data protection breaches suffered by Starwood group in 2014. Marriott acquired the group in 2016 but did not discover the breaches until 2018. ICO’s key criticisms is that Marriott failed to undertake sufficient due diligence to identify the Trojan malware on Starwood’s IT and secure its systems.
You need to be a premium member to view this. Subscribe from just 99p per week.
Already subscribed? Log In