Webp obet4mfl3vbaup8fsk43jd3s83xx
Lina Khan, chair of the Federal Trade Commission | https://www.ftc.gov/about-ftc/commissioners-staff/lina-m-khan

FTC finalizes order mandating data security measures for Marriott and Starwood

ORGANIZATIONS IN THIS STORY

The Federal Trade Commission (FTC) has finalized an order requiring Marriott International, Inc. and its subsidiary Starwood Hotels & Resorts Worldwide LLC to implement a comprehensive data security program. This decision comes after charges that the companies failed to provide adequate data security, leading to three significant breaches affecting over 344 million customers globally.

In a complaint announced in October, the FTC accused Marriott and Starwood of misleading consumers by claiming they had reasonable data security measures in place. The complaint highlighted that these failures allowed malicious actors to access vast amounts of personal information from hundreds of millions of consumers, including passport details, payment card numbers, and loyalty numbers.

The order mandates that Marriott and Starwood establish a robust information security program to protect customer data. It also requires them to retain personal information only as long as necessary and provide a link on their website for U.S. customers to request deletion of personal information associated with their email or loyalty rewards account number. Additionally, Marriott must review loyalty rewards accounts upon customer request and restore any stolen loyalty points.

The companies are prohibited from misrepresenting how they handle consumers' personal information or the extent of their privacy protections.

Following two public comments, the Commission voted 3-0-2 in favor of approving the final order and sending responses to the commenters. Commissioners Ferguson and Holyoak abstained from this matter.

The FTC's mission is to promote competition while protecting and educating consumers. They emphasize that they will never demand money or make threats, nor promise prizes. Consumers can learn more about various topics at consumer.ftc.gov or report fraudulent activities at ReportFraud.ftc.gov.

ORGANIZATIONS IN THIS STORY