[BreachExchange] Fourth Circuit Holds Statements About Importance of Data Security Not Actionable
Matthew Wheeler
mwheeler at flashpoint-intel.com
Mon May 2 09:31:58 EDT 2022
https://www.insideclassactions.com/2022/04/29/fourth-circuit-holds-statements-about-importance-of-data-security-not-actionable/
The Fourth Circuit’s opinion last week in In re Marriott International,
Inc., — F.4th —-, No. 21-1802 (4th Cir. Apr. 21, 2022), could prove useful
to companies facing data breach class actions. Following a data breach of
the Starwood guest reservation system, Marriott investors brought
securities claims alleging that the purported failure to disclose
vulnerabilities in Starwood’s IT systems rendered certain public statements
false or misleading.
For example, the investors argued that Marriott’s statement that “the
integrity and protection of customer, employee, and company data is
critical to us as we use such data for business decisions and to maintain
operational efficiency” was misleading because it gave the “impression that
Marriott was securing and protecting the customer data acquired from
Starwood.” The district court rejected this argument after finding that
the challenged statements “did not assign a quality to Marriott’s
cybersecurity that it did not have.”
The Fourth Circuit affirmed. It rejected the investors’ reliance on
district court cases holding that statements describing the strength of
security measures may be false if the measures are actually deficient
because “Marriott made no such representation.” Instead, the Fourth
Circuit agreed with the district court that a statement about the
importance a company places on data security is not a representation about
the quality or effectiveness of its security measures. The Fourth Circuit
also acknowledged that “[t]he fact that a company has suffered a security
breach does not demonstrate that the company did not place significant
emphasis on maintaining a high level of security.” This case is an
important precedent for dismissing complaints alleging false statements
concerning data security.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220502/b8c90a7f/attachment.html>
More information about the BreachExchange
mailing list