Can I Claim Compensation For A Breach Of Data Privacy By Hilton Resorts & Hotels?
In this guide, we discuss what you could do after a potential data breach by Hilton Hotels & Resorts.
Hotels may use our personal information when we’re guests or when we’re employees. It can be used to help the business run. However, they should keep this data secure. If they don’t, it could result in a data breach.
After a personal data breach, you may be eligible to claim compensation if a personal data breach has affected you psychologically or financially.
If you have evidence of a valid claim, call Legal Helpline today on 0161 696 9685. Or make an online enquiry using our data breach claims form. Alternatively, continue reading this guide to learn more about making hotels and resorts data breach claims.
Select A Section
- A Guide On Claims For A Data Breach By Hilton Hotels & Resorts
- What Are Claims For A Data Breach By Hilton Hotels & Resorts?
- What Is Sharing Data With Third Parties?
- Examples Of Data Breaches By Hotel Chains
- Calculating Claims For A Data Breach By Hilton Hotels & Resorts
- What Material And Non-Material Damages Could You Claim?
- How To Get Help From The Information Commissioner
- No Win No Fee Claims For A Data Breach By Hilton Hotels & Resorts
- How To Find The Right Data Breach Solicitor
- How To Claim Compensation After A Data Breach
- Speak To Our Specialist Team
- Hotel Data Breach Claim FAQs
- Where To Learn More
Hilton Hotels & Resorts is a global hotel brand. In addition to Hilton, the company also operates the brands Waldorf Astoria, DoubleTree and Conrad Hotels.
Businesses that process the personal information of people in the EU and UK should comply with the General Data Protection Regulation (GDPR). The GDPR is a European Union legislation, which the Data Protection Act 2018 enacts into our laws.
Under the General Data Protection Regulation, organisations that collect or process personal information are required to do the following:
- Firstly, they have a duty of care towards the personal data they collect. This means that they should safeguard the data.
- Secondly, to do so, the business should have robust hotel data protection systems. For example, investing in staff training and proper data security systems.
There are other rules organisations should follow under the GDPR.
If a hotel data breach occurs, the data breach victims could claim compensation. However, they’d only be able to do so if they can prove they suffered financial loss or mental harm.
Legal Helpline could help. We offer a free legal consultation to anyone with evidence of a justifiable personal data breach claim. Furthermore, you could be connected with a skilled data breach lawyer.
Our advisors are available 24/7 for your convenience and you’re under no obligation to proceed with our services.
Time Limits For Making A Hotel Data Breach Claim
If you wish to claim compensation for a data breach by Hilton Hotels, there is a time limit to do so. Normally you will have six years from the date you gained knowledge of the breach in which to make a data breach claim. On the other hand, if the data breach violated your human rights, you will have one year.
Our advisors can help you understand the time limits.
What is a hotel data breach?
This can begin with a security mishap involving the protection of personal data. A data breach at Hilton Hotels & Resorts can involve data being altered, encrypted, lost or stolen. Or a data breach can involve unauthorised persons being able to access the data, data leaks or data exposure incidents.
So long as your personal data was accessed, destroyed, lost, changed or disclosed without your permission or unlawfully, it could have been subject to a data breach.
Why do hotel data breaches happen?
Unintentional staff errors can lead to data breaches. For example, an employee may accidentally attach a file to a mass email containing another employee’s or customer’s personal data. Therefore, they may be sharing the personal data without permission or a lawful reason. This could breach the General Data Protection Regulation and the Data Protection Act 2018.
Unfortunately, if criminals target the business, a hotel and resort data breach may occur. For instance, cybercriminals sometimes use a technique called hacking to gain access to personal data records.
Hacking is when criminals ‘hack’ or break into a cyber system by exploiting existing weaknesses. Criminals may use the hacked data to commit fraud, identity theft or to hold the company to ransom, for example.
In a hotel data breach, what personal data can be breached?
- Phone numbers
- Email addresses
- Home addresses
- Passport numbers
- Credit card details
- Arrival and departure information.
Job-specific personal information belonging to hotel employees can also be breached. If a personal data breach has affected you, we can help you claim compensation. Call our claims helpline to speak to an advisor today.
In the UK, the General Data Protection Regulation is practised. This regulation is enacted into law by the Data Protection Act 2018. These laws require organisations that process and collect personal information to protect the public’s data privacy and security.
Those who have their personal information collected or processed are data subjects.
The organisations that decide how and why they’ll use personal data are data controllers.
Data controllers may sometimes use data processors (separate organisations or agencies) to help them process personal information.
Sharing personal data with third parties can be allowed. However, this is only under certain circumstances.
- Firstly, the data controller should obtain consent from a data subject before they collect their personal information.
- Secondly, the business should not share the personal data with a third party unless the data subject has consented. (There are, however, lawful times where a data controller or processor doesn’t need your consent.)
- In addition, the data subject should receive an explanation of why their data is being collected. After that, the company can’t use the data for another purpose, unless in lawful exceptional circumstances.
Unfortunately, instances of hotel chain data breaches have taken place. Let’s look at some examples of hotel and resort data breaches below.
In 2014 and 2015, two incidents involving credit card data breaches took place for the company behind Hilton Hotels. These data breaches were caused by cyberattacks, which targeted cash register computers. Consequently, an estimated 363,000 guests had their credit card details put at risk. As a result of the data breach, the US Government fined Hilton Hotels & Resorts $700,000.
Allegedly, Hilton did not notify the public about the data breaches until November 2015, nine months after the first discovery.
Marriott Hotels has also been fined for committing a data breach. The Information Commissioner’s Office (ICO) is the body that ensures data privacy laws are adhered to in the UK.
They fined Marriott £18.4 million. This was for a data breach that affected 339 million guest records worldwide. The Marriott Hotels data breach affected an estimated 7 million people in the UK.
Do you have proof of a valid claim for suffering following a data breach? Then you may be curious to know how much you could claim. You can use the compensation table below to estimate how much you could receive for non-material damages. This compensates you for any emotional distress, or psychological injuries suffered.
|Type of Psychological Harm Caused||Severity of The Injury||Notes On The Condition||Compensation Estimate|
|Post-Traumatic Stress Disorder||Severe||For the most extreme cases of PTSD with very poor diagnoses.||£56,180 - £94,470|
|Post-Traumatic Stress Disorder||Moderately Severe||The claimant will still have issues but with a better outlook for the future than the above.||£21,730 - £56,180|
|Post-Traumatic Stress Disorder||Moderate||The person will have already made an improvement.||£7,680 - £21,730|
|Psychiatric Damage||Severe||The claimant will have a very poor diagnosis.||£51,460 - £108,620|
|Psychiatric Damage||Moderately Severe||Whilst this claimant may still have problems with relationships, education and work, their prognosis will be much better than the above.||£17,900 - £51,460|
|Psychiatric Damage||Moderate||The claimant will have largely made a recovery and should not have any grossly disabling effects or symptoms which continue.||£5,500 - £17,900|
|Psychiatric Damage||Less Severe||This claimant will have lesser symptoms than the above cases.||Up to £5,500|
In case you are interested, here is some advice about where the compensation amounts above come from. The figures in this table are based on Judicial College guidelines for personal injury compensation payouts. Data breach compensation amounts for non-material damages are in line with these.
Please note, the amount of compensation you receive may vary. What’s more, these compensation estimates do not include any material damages compensation you could claim. Call our claims helpline, and we can estimate how much compensation you could receive.
If you win your data breach claim, you will be paid up to two types of compensation. The first is material damages and the second is non-material damages.
Sadly, criminals may use stolen personal data to target the owner for fraud or identity theft. This can lead to the data breach victim losing money. Therefore, material damages are paid to cover any financial losses caused by the data breach.
Data breaches can also cause emotional distress. For many, personal data breaches are as traumatic as being the victim of a robbery or a violent crime. Especially if sensitive private information was involved like medical information your employer has kept on file.
If a particularly traumatic data breach incident occurs, the person may suffer from psychological injuries such as depression or develop an anxiety disorder. Consequently, the individual may need therapy to come to terms with their trauma.
Non-material damages are paid out to compensate victims of data breaches for any distress suffered.
If you have proof that you are owed compensation for a data protection breach, we can help. Call our claims helpline to speak to an advisor. If we believe that you are owed compensation, we could connect you with our panel of solicitors to handle your claim.
If a personal data breach takes place and risks the freedoms and rights of data subjects, the data controller is supposed to notify the Information Commissioner’s Office within 72 hours. If there is a delay, the company is supposed to provide an explanation for this.
The organisation should also notify the individuals whose rights and freedoms are risked. They should do this without undue delay.
If you’re affected by a personal data breach, we recommend you first raise your concerns with the organisation. The ICO has a helpful guide on raising concerns. After that, if you are dissatisfied with the response, you could contact the ICO to report the data breach.
The ICO could investigate the data breach and potentially issue a fine. However, please be aware that you should contact the ICO within three months of your last contact with the organisation. This is because any decisions the ICO makes may be affected by delays in reporting.
It’s not essential for you to contact the ICO if you’d like to seek compensation. The ICO can’t directly help with this. However, if you reach out to our advisors, they could.
As the name suggests, with a No Win No Fee claim, you won’t have to pay a solicitor’s fee unless your claim is successful. Instead, you would sign a Conditional Fee Agreement (the formal wording of ‘No Win No Fee agreement’).
Why do some people prefer making a No Win No Fee claim?
- You don’t have to pay an upfront solicitor’s fee.
- There are no ongoing solicitor fees.
- The success fee (the fee you pay if your claim wins) is limited by law. It would be a small percentage of the overall compensation.
To see if you could begin a No Win No Fee claim, call Legal Helpline today.
Legal Helpline will be happy to connect you with our panel of solicitors to help you manage your data breach claim. Why is it advantageous to use the services of a solicitor?
- A data breach solicitor can value what your claim is worth to try and ensure that you won’t be short-changed.
- In addition, a solicitor will try to negotiate with the company so you receive the optimal amount of compensation you deserve.
- Our panel of solicitors offer No Win No Fee agreements for all claims they accept.
To see if you can begin your claim for a personal data breach, call Legal Helpline today. Our advisors will speak to you in-depth and if they can help you, they could connect you to our panel of lawyers.
Our panel won’t waste anyone’s time. If they can see you don’t have a valid claim, they’ll be honest and offer their advice. However, if you do have a favourable claim, they could take your case on and do the legal legwork to help you receive the compensation you deserve.
Please use the contact details below to enquire.
- Contact us by telephone on 0161 696 9685.
- Make an online enquiry.
- Or use our Live Support widget to chat with an advisor right now.
Now let’s answer some frequently asked questions about data breaches.
What is a data breach lawsuit?
A data breach lawsuit is when an individual sues a company or organisation for breaching their personal data privacy. If successful, the claimant receives compensation.
How could a data breach impact you?
Unfortunately, if you are the victim of a data breach, you may suffer emotional distress. What’s more, criminals may use the data to target you for theft or fraud. This can cause you to lose money.
Can I be compensated for financial losses?
Yes, you can claim back any financial losses as material damages. That is providing you can prove your losses through documentation such as bills and credit scores.
What is malware in a data breach?
Malware is malicious software that can be used to access a computer system. Types of Malware can include the following:
- Spyware: This is used to wrongfully access a computer to steal data.
- Malicious bots: These are internet robots that hackers use to take over a computer system.
- Ransomware: This is malware that blocks access to data unless a ransom is paid.
- Rootkits: These are computer viruses that allow criminals to remotely control computers.
If this guide has been helpful, you may also wish to read these guides:
A government guide to data protection
Thank you for reading our guide exploring what you could do after a potential data breach by Hilton Hotels & Resorts.
Written by HC
Edited by RV