HILTON CASE STUDY-LEGAL RISK

The term "international business" describes the exchange of products and services on a global scale.
Additionally, known as the globalization of trade, the surroundings of an international company
hosting their business transactions is referred to the international business environment (Clear Tax,
2022) A variety of factors are involved in an international business environment, including political
risks, cultural differences, financial risks, and legal and taxes concerns. As the international business
environment is vital to a nation's economy, it is imperative that those in managerial positions focus
on its components. Legal risks are defined as harm, or any loss suffered by a business as a result of
neglect in compliance with business-related laws (Legal Leadership, 2022). It can appear at any point
in a business transaction. Legal risks could play a crucial part in an international business, given the
presence of legal laws and legislations set by countries in order to run business fair and square whilst
breaching those laws could be of potential penalty and also the risk of losing business.

As business these days involves technology to an extent where it plays a crucial role in international
business, in contradiction it has many legal functions and rules assisting it, which means not abiding
by those rules would mean questioning the legitimacy of a business thus involving legal risks. Hilton
thereby suffered two data breaches that occurred in 2014 and 2015, in which it exposed over
363,000 customers credit card details. This cyber attack was caused by a malware that was installed
in the hotel’s systems that targeted credit card data in which the data was transmitted to a host
computer outside the hotels networking system (Reuters, 2017). However, Hilton's issues persisted
after then. The corporation didn't disclose the first breach for nine months, and this is unacceptable
given that victims' information may have been exploited for identity theft and other negative effects.
The fact that sensitive information was leaked this relates to compliance risks, risk associated with
non-compliance with laws, corporate regulations, and industry best practices is referred to as
compliance risk (Solve Xia, 2019). Financial loss and legal repercussions are possible outcomes.

Furthermore, the General Data Protection Regulation (GDPR) went into effect in 2018 in response to
data breaches that have been rising and becoming more frequent. The GDPR will impose severe
fines up to tens of millions of euros on those who break its privacy and security criteria (GDPR EU,
2020). In a time when more people are entrusting their personal data with cloud services and
breaches are occurring on a daily basis, Europe is signalling with the GDPR its tough stance on data
privacy and security. In particular for small and medium-sized businesses, GDPR compliance is a
frightening proposition due to the regulation's scale, scope, and relative lack of specifics (SMEs). As a
result, there are several data duties, and compliance with them is crucial. By doing so, the
compliance risks described above would be expanded even more, amplifying the ramifications for
Hilton's legal concerns.

In addition to it, the loss of 363,000 customers personal data is co related to their privacy being
invaded, this could result in reputational risk which emphasises a lot on legal risks in international
business, Reputational risk may result from security threats or ethics and integrity transgressions
including fraud, bribery, and corruption (both physical and cyber) (Parizo, 2019). Depending on
where a corporation conducts business and the cultural perceptions of those foreign countries about
a certain reputational risk incident, they can have a bigger or lower impact on international
commercial transactions. Information technology companies, for instance, are concerned about
privacy issues since people in different places have quite varied ideas about what constitutes
privacy. Risks to a company's reputation can damage its reputation and result in significant revenue
loss. However, companies can reduce any potential reputational risk in the future by enhancing their
reputation and enhancing their image now. By coordinating strong company principles with ethical
and socially responsible business behaviour, a positive reputation can be retained over time.
Implementing a successful corporate social responsibility program is one method to do this. The
phrase "corporate social responsibility" refers to commercial operations involving socially beneficial
projects (Deloitte, 2019). Furthermore, in the case of Hilton, they could have been proactive with an
effective incident plan or making sure they assess their problem at hand thoroughly in order to come
up with a solution.

 Measures to be taken by business in order to avoid or handle such incidents faced by Hilton

Make sure security professionals perform technical audits vigilance on important systems and
procedures of the target business to determine if and what kinds of security flaws exist in link to
network and data security, security in general, including physical security, safety concerns.

Examine any previous cyberattacks or data breaches, security breaches, what information and
systems were infected, how the target including whether they reacted obeyed all relevant
regulations requirements. 

If past occurrences have occurred, consider what current and potential liabilities and hazards be
connected to such occurrences and crafts guarantees, representations, and special indemnities to
take care of these issues.

As it has been stated legal risks can be very decisive in the running of an organisation as it could
affect the business as a whole, in accordance to the case of Hilton the implementation of GDPR has
been a key factor as Hilton as an organisation was able to understand and be more responsible of
holding personal data and what the cost would be if mishandled, furthermore this being an
eyeopener to many of the organizations in the hospitality industry therefore they could implement
the necessary precautions to prevent such events from occurring again.

Reference List
Clear Tax, (2022) International Business Environment, clear Tax. Available at:
https://cleartax.in/s/international-business-environment (Accessed: November 2, 2022).

Legal's role in managing legal risk (2022) The Centre for Legal Leadership. Available at:
https://www.legalleadership.co.uk/knowledge/delivering-services/managing-the-function/legals-
role-in-managing-legal-risk/ (Accessed: November 1, 2022).

Stempel, J. (2017) Hilton to pay $700,000 over credit card data breaches, Reuters. Thomson Reuters.
Available at: https://www.reuters.com/article/us-hilton-wrldwide-settlement-idUSKBN1D02L3
(Accessed: October 31, 2022).

What is GDPR, the EU's new Data Protection Law? (2020) GDPR.eu. Available at:
https://gdpr.eu/what-is-gdpr/ (Accessed: October 30, 2022).

Parizo, C. (2019) Managing legal and reputational risk in international business transactions, Business
Class: Trends and Insights | American Express. Available at: https://www.americanexpress.com/en-
gb/business/trends-and-insights/articles/managing-legal-reputational-risks-during-international-
business-transactions/#:~:text=Reputational%20risks%20can%20tarnish%20a,governments%20that
%20pass%20those%20laws. (Accessed: October 29, 2022).
Solve, X. (2019) What is compliance risk and how to manage IT. Available at:
https://www.solvexia.com/blog/what-is-compliance-risk-and-how-to-manage-it (Accessed: October
29, 2022).

Legal risk management (2019) Deloitte. Available at:

https://www2.deloitte.com/global/en/pages/legal/articles/legal-risk-management.html (Accessed:
October 28, 2022).