United States of America: Initiated FTC action against Marriott International and Starwood Hotels & Resorts Worldwide over alleged multiple data breaches

Initiated FTC action against Marriott International and Starwood Hotels & Resorts Worldwide over alleged multiple data breaches

On 9 October 2024, the Federal Trade Commission (FTC) announced its action against Marriott International and its subsidiary, Starwood Hotels & Resorts Worldwide, for misleading consumers about their data security practices. The proposed settlement prohibits them from misrepresenting their data handling and requires data minimisation, a comprehensive security program with independent assessments, methods for reviewing unauthorised loyalty account activity, and links for customers to request deletion of personal information.

Original source

Scope

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

cross-cutting, other service provider

Implementation Level

national

Government Branch

executive

Government Body

consumer protection authority

Complete timeline of this policy change

Hide details

2024-10-09

under investigation

On 9 October 2024, the Federal Trade Commission (FTC) announced its action against Marriott Interna…

Description

Initiated FTC action against Marriott International and Starwood Hotels & Resorts Worldwide over alleged multiple data breaches

Scope

Complete timeline of this policy change