Re: Bafflingly Shameful
"As bafflingly shameful as BA’s ‘get away near Scott-free’ knuckle rap."
Unpopular opinion - I think Marriott have been punished harshly for this.
The only Marriott business decision that lead to this disclosure was purchasing Starwood Group, and once discovered, they handled the disclosures in a responsible way helping customers where possible. From my understanding of this case from following it over the years, at every step of the way they have tried to do the right thing for those affected by past decisions, aside from admitting legal responsibility which I assume is for legal purposes in various jurisdictions. Unless I've missed something, they have ticked all of the boxes that they could other than discovering the breaches pre-acquisition. From an IT/Security/risk management perspective, Marriott employees that did not work for the Starwood Group likely did everything possible to comply with data security requirements.
What would have happened if Starwood Group hadn't been acquired? It would have been a much smaller company so the fines would have likely been much less given Marriott Group was around 10x the size of Starwood Group.
If we punish companies heavily for making the right decisions, why should we expect them to keep making the right decisions? Marriott would have been better off doing the minimum and spend the money fighting to reduce the size of the fine....
Biting the hand that feeds IT
