With the number of individuals impacted by Starwood breach, the big question yet to be answered is, “Who was specifically impacted?”
Considering the safeguards prescribed in the General Data Protection Regulation (GDPR) and now Canada’s updated Personal Informational Protection and Electronic Documents Act (PIPEDA), time will tell whether Starwood had made the required updates before the breach was discovered. Other countries, such as Japan and Argentina, are also in the process of updating legislation related to data protection, giving companies a growing list of international requirements to meet.
The other question not yet addressed is whether Marriott/Starwood met the requirement to report any data breach within 72 hours. As facts continue to emerge, governments and customers will be watching, and what we learn is likely to affect future legislation and industry standards.
To learn more about our cybersecurity services, contact a Weaver professional today.
Read more from our "Lessons from the Breach" series:

This Breach Hits Home: Why is the Marriott/Starwood Data Breach Different? And How Can You Protect Yourself?
Marriott shared today the awareness of a data breach that has impacted the Starwood network since 2014. This one is different,…

Brett Nabors
Partner, IT Advisory Services
For more than 15 years, Brett Nabors, CISA, CCSK, CDPSE, CMMC RP, has assisted organizations as an internal…