Source - Privacy and Data Security Alert | January 2020

Chicago’s Data Breach Lawsuit Against Marriott Survives Motion to Dismiss

A court has rejected Marriott International, Inc.’s motion to dismiss the City of Chicago’s data breach lawsuit filed in response to Marriott’s data breach. Chicago’s primary claim is that Marriott violated the city’s consumer protection ordinance damaging Chicagoans who relied on safely inputting their information into Marriott’s website. Additionally, the city asserts it has experienced a decline in revenue because residents and tourists refrain from staying at Marriott hotels operated in Chicago due to the breach. Marriott argued that Chicago’s ordinance is preempted by the Illinois state constitution, but the court held that state lawmakers must explicitly include language in state laws to successfully preempt city ordinances. Chicago is seeking an injunction that requires Marriott to increase its data security safeguards and pay a fine of up to $10,000 for each day Marriott violated the ordinance.

TAKEAWAY

Chicago’s lawsuit represents a successful example of a growing trend of municipalities taking action on behalf of their residents in privacy litigation.

Read more in the full January issue of the Privacy and Data Security Client Alert.