The Privacy Enforcement Podcast

FTC v. Marriott (2024)

Listen Later

In this episode, I dive into the FTC's enforcement action against Marriott, issued on October 9, 2024. (Link to case)

Below are my key takeaways from this enforcement action:

  1. Due Diligence for Mergers: Ensure thorough due diligence on data security when acquiring a new company.
  2. Implement Reasonable Data Security Policies: Companies should adopt security measures addressing common vulnerabilities across their assets.
    • Start with a security framework or hire a third-party assessor if budget allows to evaluate internal systems for vulnerabilities.
    • Flag systems storing sensitive information to enforce and maintain robust security protocols.
    • Accurate Privacy Policy Representation: Make sure your privacy policy aligns with actual security practices.
      • Avoid using absolute terms like “industry standard” or “the best.”
      • Instead, provide a realistic overview of security practices without overpromising.
        • ...more
        View all episodesView all episodes
        Download on the App Store
        The Privacy Enforcement PodcastBy Christopher Smith