Marriott might soon face a stiff penalty for the massive November 2018 data breach. The UK’s Information Commissioner’s Office plans to fine the hotel chain £99,200,396 (about $123.7 million) for allegedly violating the EU’s General Data Protection Regulation through the incident. Marriott didn’t conduct “sufficient due diligence” when it bought Starwood, according to the regulator, and “should also have done more” to improve security.
More tech companies are about to face congressional scrutiny. Leaders from Amazon, Apple, AT&T, Charter and Google are scheduled to testify before a US Senate panel at a data privacy hearing on September 26th. Senators will grill the companies on their existing approaches to privacy, how Congress can press for “clear privacy expectations” and how firms will adapt to stricter requirements like the European Union’s GDPR and the California Consumer Privacy Act.