As ever, Rob Lands and Mark Stephens are ahead of the curve.
At our Early Check-In hotel breakfast seminar on 20 June 2019, the panel of experts agreed some clear recommendations for hoteliers concerned about cyber-security:
- make sure all staff are properly trained,
- appoint a chief technical officer at board level,
- insure against cyber-incidents, and
- plan your response in advance for when it happens (because it's a case of when, rather than if).
The fine proposed the by Information Commissioner’s Office of £99,200,396 announced yesterday - to be imposed on Marriott International in respect of criminal data theft from Starwood Hotels' former guest reservation database - is in respect of the UK only. The UK ICO is the enforcement agency for only one of the 28 EU countries subject to GDPR, so there must be a concern that further fines are to come.
As Marriott International has indicated in its SEC filing, it has the right to respond before any final determination is made and a fine can be issued by the ICO. The company stated that it "intends to respond and vigorously defend its position".
The next Early Check-In is on 19 September 2019, when we will be looking at hotel operating models.