The Fourth Circuit’s opinion last week in In re Marriott International, Inc., — F.4th —-, No. 21-1802 (4th Cir. Apr. 21, 2022), could prove useful to companies facing data breach class actions.  Following a data breach of the Starwood guest reservation system, Marriott investors brought securities claims alleging that the purported failure to disclose vulnerabilities in Starwood’s IT systems rendered certain public statements false or misleading.

For example, the investors argued that Marriott’s statement that “the integrity and protection of customer, employee, and company data is critical to us as we use such data for business decisions and to maintain operational efficiency” was misleading because it gave the “impression that Marriott was securing and protecting the customer data acquired from Starwood.”  The district court rejected this argument after finding that the challenged statements “did not assign a quality to Marriott’s cybersecurity that it did not have.”

The Fourth Circuit affirmed.  It rejected the investors’ reliance on district court cases holding that statements describing the strength of security measures may be false if the measures are actually deficient because “Marriott made no such representation.”  Instead, the Fourth Circuit agreed with the district court that a statement about the importance a company places on data security is not a representation about the quality or effectiveness of its security measures.  The Fourth Circuit also acknowledged that “[t]he fact that a company has suffered a security breach does not demonstrate that the company did not place significant emphasis on maintaining a high level of security.”  This case is an important precedent for dismissing complaints alleging false statements concerning data security.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Amy Heath Amy Heath

Amy Heath is a class action and commercial litigator who helps the world’s leading companies in the technology, consumer products, and other sectors navigate their most significant disputes. She has had exceptional success with early dispositive motions, distilling complex arguments to show why…

Amy Heath is a class action and commercial litigator who helps the world’s leading companies in the technology, consumer products, and other sectors navigate their most significant disputes. She has had exceptional success with early dispositive motions, distilling complex arguments to show why claims should not proceed. A former intelligence analyst, Amy brings the same sound strategic judgment, analytical rigor, attention to detail, efficiency, and commitment to client service to her practice of law.

Amy frequently litigates matters involving privacy, wiretap, contract, consumer protection, fraud, unfair competition, antitrust, and intellectual property claims. She has significant experience throughout the litigation lifecycle, including developing strategies to coordinate litigation across jurisdictions, including multidistrict litigation; briefing dismissal, class certification, and summary judgment motions; effectively navigating joint defense groups; and drafting and arguing appeals.

Amy also regularly counsels clients on the strategic considerations related to arbitration agreements. She drafts and revises arbitration clauses and class action waivers in terms of service, including to mitigate mass arbitration risk.

Before joining the firm, Amy clerked for the Honorable Michelle T. Friedland of the United States Court of Appeals for the Ninth Circuit and the Honorable Lucy H. Koh, then of the United States District Court for the Northern District of California. Amy maintains an active pro bono practice that focuses on direct services for individual clients.

Before practicing law, Amy served as an intelligence analyst at CIA, where she was a regular contributor to the President’s Daily Brief.

Read more about Amy HeathEmail
Show more Show less