Hotel Data Breach Compensation Claims Guide – How Much Compensation Can I Claim? – Amounts For Hotel Data Breach
Whether you’re a hotel guest, or you work for a hotel or chain of hotels, it is likely that they would need to collect and process your personal data. As an employer, they may need your personal information to pay you, and to keep other important employee records. If you’re a guest, they may need to process your personal data to provide you with the services you expect of them, and to take payment for their services. As an organisation that processes and stores personal information, they would need to abide by data protection law to ensure the privacy and security of your data. But what happens if there is a hotel data breach, and your personal information is exposed? Could you claim data breach compensation? And how much could you receive?
We have put together this informative guide to give you information about how you could be affected by a hotel chain data breach. In the sections below, we answer frequently asked questions about hotel data security breaches, such as what hotel data breach penalties could be issued against a hotel that breaches your personal data. We also look at how compensation for a data breach could be calculated and what types of damages you could claim. If you would like further information after reading this guide or are ready to begin a claim with a specialist solicitor from Legal Expert, you can call us for free on 0800 073 8804 and we’d be glad to help you.
Select A Section
- A Guide To Hotel Data Breach Compensation Claims
- What Is A Hotel Guest Data Breach?
- Personal Data Protection In The Hotel Industry
- Examples Of Hotel Data Breach Fines
- Top Hotel Chains In The UK
- How To Report A Hotel Data Breach To The Information Commissioner
- How Hotel Data Breach Victims Could Be Compensated
- Data Protection Breach Compensation Amounts UK
- Could A Specialist Data Protection Breach Solicitor Help Me?
- How Do I Claim For A Hotel Guest Data Security Breach?
- No Win No Fee Hotel Data Breach Compensation Claims
- Contact An Advisor
- Related Guides
- Trends In Data Breaches
When hotels gather your personal data, you would expect them to take steps to protect that data. They should do this so that it does not fall into the wrong hands. But what happens if there is a hotel data breach or a breach of your data protection by a hotel? Would you be eligible for compensation? And how would you go about getting compensation for a GDPR data breach? This guide explains the type of breach that could lead to a claim and explains how personal data should be protected.
In the sections that follow, we take a close look at the types of data breaches that could affect hotel guests and staff, and we explain what compensation you could be eligible for. We also answer common questions about potential hotel data breaches, such as:
- What hotel data breach penalties are there?
- How do you safeguard against data breaches in the hotel industry?
- What did the Marriott Hotel data breach involve?
- Which laws are hotels duty-bound to abide by when protecting personal information?
In addition to all this, we offer guidance on getting help from a data breach lawyer and claiming data breach compensation with our help. We even explain how you could begin a claim with us without having to pay a solicitor until the end of your claim. But this would only happen if the claim was successful.
Before we explain what a data breach is, we should first define what we mean by personal data. According to the Information Commissioner’s Office, such data is information that could be used alone or in combination with other information to identify a natural living person.
Examples Of Personal Data
Personal data could include:
- Customer names
- Credit card details, such as card numbers
- An IP address
- E-mail Addresses
These are just a few examples.
What Could Be Considered A Hotel Data Breach?
Data breaches in the hotel industry could include incidents that are accidental, negligent or malicious. Any data security incident that leads to the loss or theft of data could be considered a breach. In addition, unauthorised or unlawful transmission, alteration, disclosure, processing, storage or loss of availability of personal data could represent a breach.
Examples Of Possible Hotel Data Breaches
There are various incidents that could lead to a data breach, including:
- A hacking
- A bot
- Lack of protection of cloud-held databases
- An error by a member of staff, for example, sending guest data to an unauthorised recipient
- Loss of computer equipment containing personal data
Protecting Personal Data
Hotels could collect process and store lots of personal information relating to their guests and employees. In doing so, they become a data controller, and as such, they are legally bound to protect such data. They should therefore take steps such as only using a secure domain name for bookings, ensuring they have cyber-security provisions in place, such as a firewall, and even protecting physical data by locking filing cabinets in order to ensure no one accesses that data without authorisation. A failure to adequately protect personal data from a breach could lead to hotel data breach penalties. It could also lead to you being eligible to claim compensation for a data breach under the GDPR.
Organisations such as hotels and hotel chains process and store personal data of guests and also their staff. As data controllers, they must comply with data protection law to ensure that personal data held on reservations systems, staff employment systems and payroll systems, whether in the cloud or in filing cabinets is protected. They must adhere to data protection law include the General Data Protection Regulation (GDPR) and the UK’s application of GDPR within the Data Protection Act 2018. There are several principles they must ensure they apply to ensure GDPR compliance, including:
- Accuracy – information must be kept up to date and accurate
- Storage limitation – personal data must be stored only for as long as necessary
- Data minimisation – only the minimum data needed for a purpose should be collected.
- Purpose limitation – personal data must only be used for specified purposes
- Transparency and fairness and lawfulness
- Accountability – organisations must show they are compliant
- Integrity & confidentiality – organisations must never risk the security, integrity or confidentiality of personal data
Under Section 168 of the Data Protection Act 2018, those suffering non-material or material harm due to a breach of GDPR could be eligible for data breach compensation.
There was a huge hotel data breach fine issued to a hotel chain. The Marriott Hotel data breach fine totalled £18.4 million. It was the result of an estimated 339 million guest records having been breached. During the course of the investigation, it was found that the breach was initiated by a cyber attack. The attack was on a guest reservation database in 2014. However, the breach was identified in 2018.
The hotel chain data breach was said to include information such as names, passport numbers, addresses, phone numbers and arrival/departure information. The Information Commissioner’s Office found that Marriott failed to put in place appropriate organisational or technical measures to protect the processing of such data on its systems, which is a requirement of GDPR.
There are a variety of different hotel chains in the UK that could process and store personal information of their guests. According to a YouGov poll, popular UK hotels include:
- Premier Inn
- Holiday Inn
- Best Western Hotels
- Four Seasons Hotel
- Sheraton Hotels and Resorts
- Haven Holidays
- Mercure Hotels
- Crowne Plaza
- Park Plaza Hotels & Resorts
No matter whether you’ve been harmed financially or emotionally by a hotel data breach we could help. We could check your eligibility to make a claim and provide you with a specialist solicitor who could assist with your case.
If you’re looking to claim for a hotel guest data security breach, you could deal directly with the hotel in question. However, it may be wise to have a solicitor represent your case. That way if any of your claims are disputed they will know how to put a counter argument forward.
The ICO advise victims of a data breach to put their data breach report in writing to the organisation, giving details about how the breach occurred, and what the effects were. In addition, it would be a wise idea to give them a reasonable timeframe within which to respond to your request. If they do not respond to your satisfaction or you don’t hear back from them, you could consider escalating your complaint to the Information Commissioner’s Office. The ICO could then investigate your report and they may even choose to issue hotel data breach penalties to the hotel. These penalties could include a hotel data breach fine.
Under GDPR, and its application in the Data Protection Act 2018, victims of a data breach could claim for both non-material and material damage.
Material damage – this is the quantifiable financial damage caused by a breach. It could include monies stolen from you or the cost of fraudulent purchases made using your credit card details, for example.
Non-material damage – this is damage that could be more difficult to put a price to. It could include loss of privacy and emotional distress.
In 2015, a legal precedent was set in Vidal-Hall and others v Google Inc  – Court of Appeal, when a judge presiding over the case said compensation awards for psychological and psychiatric harm should be considered without suffering any financial loss. Injuries caused by data breach claims should be compensated for at the same rate as personal injuries.
When calculating compensation for a GDPR data breach, evidencing how the breach has affected you is vital. While evidencing material damages could involve paperwork such as bank statements and bills, evidencing psychological harm may require a medical report. During your claim, you may be assessed by an independent medical expert. They could assess how the breach has affected you psychologically and put together a report to evidence your injuries. This could also be used to come to an appropriate value for your claim.
While assessing how much compensation could be appropriate, solicitors could look at the Judicial College Guidelines. This is a publication that gives guideline payout amounts for different injuries. We’ve included figures from the publication in the table below to give you a rough idea of how much compensation claimants could achieve for different levels of psychological injury.
|Type of Injuries||How Severe Is Your Injury||Approximate Compensation Bracket|
|Post-traumatic stress disorders/PTSD||Severe||£56,180 to £94,470|
|Post-traumatic stress disorders/PTSD||Moderately severe||£21,730 to £56,180|
|Post-traumatic stress disorders/PTSD||Moderate||£7,680 to £21,730|
|Post-traumatic stress disorders/PTSD||Less severe||£3,710 to £7,680|
|Psychological injury (General)||Severe||£51,460 to £108,620|
|Psychological injury (General)||Moderately severe||£17,900 to £51,460|
|Psychological injury (General)||Moderate||£5,500 to £17,900|
|Psychological injury (General)||Less severe||£1,440 to £5,500|
Many people prefer to have legal support when claiming compensation. If you’d prefer to use a data breach lawyer to help you make your claim, there are certain benefits to doing so, including:
- Not having to put together any complex paperwork
- Being assured that you were claiming for everything you could be eligible for
- Not having to negotiate compensation by yourself
- Having support should your case go to court (although many cases settle outside of court)
When it comes to finding a solicitor, you’ll find there are lots of firms out there offering similar services. So why choose us? Here at Legal Expert, we have years of experience in helping fight for compensation for a wide variety of claims and great reviews too. Our expert advisors could offer you a free, no-obligation case check, and answer any questions you might have. If we feel you could have a valid claim, we could provide you with a No Win No Fee solicitor. They could fight for the maximum compensation possible on your behalf. Our expert advisors are only a call away. Why not get in touch to start your claim today?
Call our advisors today and they can assist you with any data breach claim questions you may have. You should take care to explain how the breach has affected you and provide any evidence you have. They will assess your case for free. If they think you could be owed compensation they could appoint a No Win No Fee solicitor to work on your behalf.
If you’re looking for a data breach solicitor to help you claim compensation for a hotel guest data breach, you may worry about what legal fees you’d need to pay. With No Win No Fee claims, you don’t pay your solicitor anything upfront to start your claim. And what’s more, you’d only pay your solicitor if they obtain a compensation payout for you.
The No Win No Fee Claims Process
Making a claim under a No Win No Fee Agreement is relatively straightforward:
- Your solicitor would send the agreement to you, containing details of the small, legally capped success fee you’d pay them out of your compensation payout.
- If you agree with the terms of the agreement, you sign and send it back, and your solicitor starts work on your case.
- When they have negotiated a payout for you, they would deduct their success fee, and the balance would be for your benefit.
But What Happens If There’s No Compensation?
If there’s no compensation, you don’t pay a success fee to your solicitor. Nor do you pay any costs your solicitor incurred while fighting your case. Want to know more? We have put together a useful guide to help you. Or if you prefer, you could call our team with any questions.
If you think you’ve suffered harm from a hotel data breach in 2020, 2021 or even earlier than that, we could help. We could offer you a no-obligation free-of-charge eligibility check to see if you could be eligible to claim compensation. Our advisors could answer any questions you might have about making a claim for a breach of data protection and could provide you with a solicitor to help you start your claim. To get in touch, simply:
- Call our expert team on 0800 073 8804
- E-mail firstname.lastname@example.org
- Use our Live Chat service
- Or complete our contact form and we’ll call you back.
Assistance For Claims For Data Loss – You might be looking to make a claim because an organisation has lost your personal data. If so, this guide could help.
GDPR Breach Distress– You can learn how to claim for data breach distress in this guide.
My Employer Breached My Data– Take a look at this guide for more information on claiming against an employer that has breached your data protection.
Data Protection ICO Guidance – This guide offer advice on how organisations can comply with data protection law.
IPsec & Data Protection – The National Cyber Security Centre also offers some advice regarding the use of IPsec to establish a VPN (virtual private network), which could help protect data.
The Cyber Security Breaches Survey conducted in 2020 revealed that not only has the cyber attack become a more frequent incident, but that cyberattacks have evolved in nature. According to the report:
- A staggering 46% of businesses reported cybersecurity attacks or breaches
- Even 26% of charities experienced a cyber-attack or breach in the same period
- Large businesses reported the highest number of attacks at 75%, while 68% of medium-sized businesses reported breaches
- 19% of those who were attacked lost money or data because of the attack
FAQs On Hotel Guest Data Breaches
Was I Affected By The Marriott Data Breach?
If you are worried that you might have been affected by the Marriott hotel data breach, you should check whether the company has emailed you to tell you. If you cannot see an e-mail informing you that your data has been compromised, you could make a subject access request to the hotel to ask them about whether your information has been breached. There is also a page on the hotel’s website that you could submit a request through.
What Caused The Marriott Data Breach?
It appears to be a cyberattack.
How Do Hackers Breach Databases?
Hackers use a variety of methods to breach databases. Some use automated bots that look for vulnerabilities in websites so that they can find targets to exploit. They could then use a computer virus, worms, phishing attacks, ransomware, DDoS attacks to exploit, steal or leak private information.
What Is The Difference Between A Breach And An Incident?
Not all security incidents are data breaches. A security incident could include a situation where a hacker gains access to systems but does not gain access to personal information. A data breach is when a security incident leads to personal data being breached.
Written By Jefferies
Edited By Melissa.