Skip to content

Detailed narrative of event

Detailed Narrative of Events

(Extended Documentation for Firefighters’ Pension Fund of the City of Kansas City Trust Fund v. Sorenson et al. (Del. Ch. 2021) Case Study)

Table of contents

  1. Overview
  2. Factual background (Starwood reservation database incident)
  3. Derivative complaint and demand futility
  4. Court of Chancery opinion (April 2021)
  5. Governance implications (Caremark-adjacent themes)

Overview

Plaintiffs brought derivative claims against Marriott directors and officers, alleging breach of fiduciary duty in connection with cybersecurity oversight and disclosure around the Starwood reservation database incident and related M&A diligence questions. The Delaware Court of Chancery issued an opinion in April 2021 addressing demand futility and whether plaintiffs adequately pled oversight failures under Delaware fiduciary standards.

The decision is widely discussed as a Caremark-adjacent data security governance reference for boards and security leaders—linking incident severity to board information flows and good faith oversight.

Factual background (Starwood reservation database incident)

Public materials describe a 2018 disclosure that an unauthorized party had copied information from the Starwood guest reservation database, affecting a very large number of guest records. The incident raised questions about due diligence, integration of acquired systems, and escalation of cybersecurity risk to the board during and after the Starwood acquisition.

Derivative complaint and demand futility

Derivative plaintiffs generally must demand that the board bring suit unless demand is futile because a majority of directors face disabling conflicts or cannot exercise independent judgment in responding to the demand. Plaintiffs argued demand futility based on oversight and red flags theories tied to cybersecurity risk.

Court of Chancery opinion (April 2021)

The Court of Chancery analyzed whether plaintiffs met Rule 23.1 pleading standards for derivative claims and whether the complaint supported a reasonable doubt as to director independence or disinterest for demand purposes, alongside oversight theories. Practitioners should read the opinion (Firefighters’ Pension Fund of the City of Kansas City Trust Fund v. Sorenson, C.A. No. 2019-0963 (Del. Ch.), available via Delaware courts) for precise holdings and footnoted reasoning.

Governance implications (Caremark-adjacent themes)

The opinion contributes to the modern board cybersecurity dialogue: risk escalation, committee charters, expert briefings, and minutes that reflect good faith processes—not merely post hoc reactions after an incident. Security teams use such decisions to align IR reporting lines, materiality judgments, and disclosure coordination with legal and finance.

© 2026 Yi Zhang. Licensed under the MIT License.
Last updated: 2026 April 17 9:37 AM