British Airways and Marriott International must put customers before profits

Kingsley Hayes MD Hayes Connor

Kingsley Hayes, Managing Director, Hayes Connor Solicitors

By Legal Futures’ Associate Hayes Connor Solicitors

Fourteen months after GDPR came into effect, the Information Commissioner’s Office (ICO) has shown its muscle announcing £multi-million fines for British Airways and Marriott International in the same week.

The ICO has given a clear message to businesses: protect customers’ personal information or face extensive penalties. The international giants must be held accountable and not place profits above customer care say data breach specialists at Hayes Connor.

Kingsley Hayes, managing director at data breach and cybersecurity specialist Hayes Connor Solicitors, said: “All eyes have been on the ICO since GDPR came into effect and this week it has rightly announced weighty fines against two international giants to show that it means business.

“Hayes Connor is representing in excess of 500 clients with data breach claims against both British Airways and Marriott International so the cost of their poor cybersecurity and data protection measures do not stop with the ICO fines.

“Interestingly, both BA and Marriott have quickly responded by saying that they will appeal the ICO’s decision and size of the penalties. Marriott International has announced it will be bringing in a magic circle firm to defend its appeal.

“This sends a poor message to customers who have been affected by its data breach. Whether they have suffered actual, or potential, financial loss and for some, psychological injury, both Marriott and British Airways should be demonstrating that they care that they have failed in their data protection duties.

“Rather than hiring top tier lawyers to reduce the fines, or avoid paying them at all, British Airways and Marriott should be reassuring their customers that they take data protection seriously. They should be demonstrating a greater investment in the appropriate measures to prevent a repeat of these incidents but instead, have chosen to spend significant sums in order to protect their profits.

“The Information Commissioner’s Office has stated that it may consider ringfencing some of the monies collected from fines to defend its decisions. It will be interesting to see how this develops. In the meantime, the message sent by both British Airways and Marriott International this week is that profits supersede protecting customer data.”

Hayes Connor is also engaged in High Court Litigation against Ticketmaster following its notification of a large scale data breach last year. This is the first of the high profile, high volume and value, cases to be in the High Court post GDPR.

The ICO pronouncement on the Ticketmaster investigation is imminent. At a hearing in Liverpool High Court this week, HHJ Pearce provided an order of the Court for the case to move forward this year to start to establish the liability of Ticketmaster to its customer base.

Hayes Connor Solicitors is also currently representing more than 200 claimants against Dixons Carphone. It is anticipated that the ICO will soon announce the size of the fine faced by the owner of high street brands including Currys and PC World following its data breach.

For more information about Hayes Connor Solicitors, visit the website at


Associate News is provided by Legal Futures Associates.
Find out about becoming an Associate


Loading animation