By: Marie Dickson
Generally, international law typically overrides state law. “[T]he modern view is that customary international law in the United States is federal law and its determination by the federal courts is binding upon the state courts.” The conclusive authority of the United States Supreme Court to determine and interpret international law for all courts in the United States derives from the character of that law as federal law.” Further, it is important to note that any sort of decision maker for the United States may treat customary international law as the substantial source of the rule that the decision maker applies.
However, the act of selecting, interpreting, and applying it as the authoritative act in that domestic forum, not the acts of the international community, creates the custom. As mentioned in the court case Graham v. Florida, “the Court has treated the laws and practices of other nations and international agreements as relevant to the Eighth Amendment.” This is not because those norms are binding or controlling. This is because, “the judgment of the world’s nations that a particular sentencing practice is inconsistent with basic principle of decency demonstrates the Court’s rationale has responded reasoning to support it.”
Marriott International, Inc. is a Delaware corporation that is headquartered in Bethesda, Maryland. It was founded in 1927, and it is one of the “largest hospitality companies in the world.” In total, Marriott International, Inc. operates over 6,900 hotels and lodging facilities. In 2015, Marriott acquired Starwood Hotels and Resorts Worldwide, Inc. Together, both Marriott and Starwood have more than 5,500 hotels and 1.1 million rooms worldwide.
In the fall of 2018, Marriott International, Inc discovered a data security breach. This security breach exposed the personal information of up to 500 million guests. Specifically, the cyberattack was perpetrated through the database reservation site of “Starwood Hotels and Resorts.” Marriott acquired “Starwood Hotels and Resorts” in 2014. Various stockholders and consumer actions then took place after the security breach.
The lawsuit that was brought against Marriott International, Inc. was for breaches of fiduciary duties. The defendants, in this suit, were executives and Marriott’s directors, for failing to conduct due diligence of Starwood’s cybersecurity technology, breached their fiduciary duty. The holding in this case, was that the demand, “was not excused because none of the director defendants faces a substantial likelihood of liability on a non-exculpated claim. They name two reasons why.
First, plaintiff’s claims regarding specifically the pre-acquisition due diligence are time barred. Second, none of the directors face a substantial likelihood of liability under Caremark. Meaning, the plaintiff failed to prove the following of the defendants: turn a blind eye to known compliance violations, failure to undertake their oversight responsibilities, or consciously failing to remediate cybersecurity failures. The final and last reason was that the plaintiff’s claim was sufficiently based on “unmet notification requirements that were unsupported by allegations of bad faith.”
Generally, cybersecurity laws become a high risk of various companies across the nations of the world. Regarding cybersecurity, specifically, Marriott’s Board ranked cybersecurity as a primary risk facing the Company. Precisely, the Complaint describes how the Board and Audit Committee were “routinely apprised” on cybersecurity risks and mitigation, provided with annual reports on the Company’s Enterprise Risk Assessment that specifically evaluated cyber risks with auditors.
In conclusion, the Marriott International, Inc. board retained its ability to assess whether or not they want to pursue litigation. The Court of Chancery grants the motion to dismiss. “The defendants’ Motion to Dismiss is granted and the Complaint is dismissed pursuant to Court of Chancery Rule 23.1.”
Moreover, another way of further illustrating the supplemental approach—acknowledge international law customarily is self-executing. By being self-executing, it does not need to be specifically invoked by a governmental authority before it is applied to circumstances.
About the Author
The author is Marie Dickson, graduate of Mount St. Mary’s University in May of 2020 and played division one lacrosse. She majored in German with minors in business and education. She went to law school beginning in August of 2020. She is expected to graduate in May of 2023. Marie is interested in various types of law, including torts, personal injury, civil, corporate, and international law.
 Restatement § 111(1), note 3; § 9:3.
 Restatement § 112, comment a.
 Harold G. Maier, The Authoritative Sources of Customary International Law in the United States; 10 Mich. J. Int’l L. 450, 459 (Spring 1989); see U.S. v. Schiffer, 836 F. Supp. 1164, 1170 (E.D. Pa. 1993); judgment aff’d, 31 F.3d 1175 (3d Cir. 1994).
 Maier, supra note 3, at 459; see U.S. v. Schiffer, 836 F. Supp. 1164, 1170 (E.D. Pa. 1993); judgment aff’d, 31 F.3d 1175 (3d Cir. 1994).
 Graham v. Florida, 560 U.S. 48, 82 (2010).
 Amended Complaint at ¶19, Firemen’s Retirement System of St. Louis v. Sorenson, No. 2019-0965-LWW, 2021 WL 4593777 (Del. Ch. Oct. 5, 2021).
 Id. at ¶49.
 Id. at ¶¶19, 69.
 Id. at ¶¶ 1, 104.
 Firemen’s Retirement System of St. Louis, 2021 WL 4593777, at *2.
 Id. at *1.
 Id. at *13.
 Id. at *1.
 Firemen’s Retirement System of St. Louis, 2021 WL 4593777, at *1.
 Firemen’s Retirement System of St. Louis, 22021 WL 4593777, at *1.
 Id. at *2.
 E.g., Amended Complaint, supra note 8, at ¶¶ 100, 118.
 See Amended Complaint, supra note 8, ¶¶ 118-130; see supra notes 6-10 (describing ongoing updates to directors on information protection and cybersecurity).
 Firemen’s Retirement System of St. Louis, 22021 WL 4593777, at *7.
 Id. at *51.
 See Louis Henkin, International law as Law in the United States, 82 Mich L. Rev. 1555, 1562 (1984).