Marriott Hotel
Marriott Hotel
Photo by Roberto Machado Noa/LightRocket via Getty Images

If you hadn’t heard, Marriott announced a massive data breach over the weekend.  And it took no time at all for lawmakers on Capitol Hill to call on Congress to pass data privacy and security protections in order to safeguard your personal data.  I’d like to start with this question – are we surprised?  Given everything that has happened with Facebook this year, are we at all surprised that there is a call for these kinds of protections?  And it’s not just about Facebook – although they are a bit of a cautionary tale.  In general, people need to have their privacy protected.  And if we can’t rely on companies to look after it on their own, something needs to happen.

As you’re probably well aware, Marriott revealed that hackers had compromised the guest reservation database for its Starwood division.  The hack affected as many as 500 million guests who had made reservations at its Sheraton, W Hotels, Westin, Le Meridien, Four Points by Sheraton, Aloft and St. Regis branded hotels up until Sept. 10 of this year.  As a result, lawmakers in Washington responded almost immediately by calling for federal legislation that would protect consumer data and hold companies accountable for how they handle the data.

Sen. Mark Warner, who is vice chair of the Senate Intelligence Committee and co-founder of the Cybersecurity Caucus, said such mega-breaches have become way too common, and he cautioned the public and their elected officials against accepting the trend as the new normal.

“We must pass laws that require data minimization, ensuring companies do not keep sensitive data that they no longer need,” he said in a statement. “And it is past time we enact data security laws that ensure companies account for security costs rather than making their consumers shoulder the burden and harms resulting from these lapses.”

Two more Democrats, including Senator Ed Markey from Massachusetts, agreed with Warner. Markey said, “checking into a hotel should not mean checking out of privacy and security protections. He then urged Congress to pass a consumer privacy and data security law that would require companies to “adhere to strong data security standards” and ensures they “only collect the data they actually need to service their customer.”

Richard Blumenthal of Connecticut was another Democrat to take this stance.  He had previously criticized the Federal Trade Commission during an oversight hearing for not doing enough to stop these kinds of data breaches.  He also feels that Congress needs to step in. Further, he’s criticizing Marriott for not taking the original threat seriously enough, which of course, turned into an attack.

Marriott is just the latest in a long and growing list of companies to announce that personal data had been stolen.  But lawmakers are saying its time for companies to take on responsibility for how they handle consumer data.  I think that regulations around data privacy is the next step in this lengthy saga that continues to perpetuate.  I mean, how else can you stop this kind of risky bleed?