Lessons from Marriott/Starwood: Are You in Compliance with GDPR? Other Data Regulations?

With the number of individuals impacted by Starwood breach, the big question yet to be answered is, “Who was specifically impacted?”

Considering the safeguards prescribed in the General Data Protection Regulation (GDPR) and now Canada’s updated Personal Informational Protection and Electronic Documents Act (PIPEDA), time will tell whether Starwood had made the required updates before the breach was discovered. Other countries, such as Japan and Argentina, are also in the process of updating legislation related to data protection, giving companies a growing list of international requirements to meet.

The other question not yet addressed is whether Marriott/Starwood met the requirement to report any data breach within 72 hours. As facts continue to emerge, governments and customers will be watching, and what we learn is likely to affect future legislation and industry standards.

To learn more about our cybersecurity services, contact a Weaver professional today. 

Read more from our "Lessons from the Breach" series: