I have often written that our personal information is only as safe and secure as the companies with the worst security measures that hold that information.  While there have been a number of class actions by disgruntled consumers whose information was compromised in preventable data breaches, the federal government has not often taken action against such companies.  However, I am happy to report that recently the Federal Trade Commission  (FTC) settled a legal action it had brought against Marriott International.  Marriott also agreed to pay a 52 million dollar penalty to 49 states and the District of Columbia to settle similar data security allegations.

According to Samuel Levine, the director of the FTC’s Bureau of Consumer Protection, “Marriott’s poor security practices led to multiple breaches affecting hundreds of millions of customers.”

TIPS

As a result of the settlement  Marriott customers can ask for review of their Bonvoy account for unauthorized or suspicious activity and for the restoration of loyalty points lost through unauthorized access to the account.  Marriott is also required to implement a policy to retain personal information for only as long as reasonably necessary to fulfill the purpose for which it was collected.  This is something all companies should do.  Also, the settlement allow customers to request deletion of personal information associated with an email address and/or a loyalty rewards number.  Marriott is also now required to put in place a comprehensive information security program including dual factor authentication, encryption and other safeguards.  Again this is something all companies should be required to do.

If you are not a subscriber to Scamicide.com and would like to free receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”