Problem
Beginning in 2014, malware infected the reservation system of Starwood Hotels, which included Sheraton, W Hotels, Westin, Le Meridien, Four Points by Sheraton, Aloft and St. Regis. Then, in 2016, Marriott Hotels acquired Starwood. In November 2018, Marriott discovered and revealed the four-year hacking campaign that attacked Starwood's reservation database. A total of 383 million guests were eventually determined to have been affected. The data breach related in the theft of names, addresses, phone numbers, credit card information, email addresses, and millions of unencrypted passport numbers. The Data Breach has arguably subjected Starwood to legal liability both in the US (data breach and breach notification laws) and in the EU (the EU General Data Protection Regulation -GDPR). In your initial post, please answer both of the following questions:
• Choosing either a US state data breach law or the EU GDPR (check our reading materials and PowerPoint slides, the links below, and ncsl.org for descriptions of applicable law) and explain how it applies or has already been applied to Starwood for its data security breach.
• Using your best judgment, what would you recommend to create and maintain an infrastructure that would most robustly and effectively protect against future breaches and the liabilities resulting from those breaches? Include any specifics you may be familiar with such as hardware and software recommendations, compliance with specific US and international laws, industry best practices, and any appropriate third-party vendor solutions.
The response must include a reference list. Using Times New Roman 12 pnt font, double-space, one-inch margins, and APA style of writing and citations.