XML 42 R12.htm IDEA: XBRL DOCUMENT v3.19.3
Commitments and Contingencies
 9 Months Ended
Sep. 30, 2019
Commitments and Contingencies Disclosure [Abstract]  
Commitments and Contingencies COMMITMENTS AND CONTINGENCIES
Guarantees
We present the maximum potential amount of our future guarantee fundings and the carrying amount of our liability for our debt service, operating profit, and other guarantees (excluding contingent purchase obligations) for which we are the primary obligor at September 30, 2019 in the following table:
($ in millions)
Guarantee Type
 
Maximum Potential Amount of Future Fundings
 
Recorded Liability for Guarantees
Debt service
 
$
53

 
$
6

Operating profit
 
192

 
105

Other
 
11

 
3

 
 
$
256

 
$
114


Our guarantees listed in the preceding table include $47 million of guarantees that will not be in effect until the underlying properties open and we begin to operate the properties or certain other events occur.
Contingent Purchase Obligation
Sheraton Grand Chicago. We granted the owner a one-time right, exercisable in 2022, to require us to purchase the leasehold interest in the land and the hotel for $300 million in cash (the “put option”). If the owner exercises the put option, we have the option to purchase, at the same time the put transaction closes, the fee simple interest in the underlying land for an additional $200 million in cash. We accounted for the put option as a guarantee, and our recorded liability at September 30, 2019 was $57 million.
Data Security Incident
Description of Event
On November 30, 2018, we announced a data security incident involving unauthorized access to the Starwood reservations database (the “Data Security Incident”). Working with leading security experts, we determined that there was unauthorized access to the Starwood network since 2014 and that an unauthorized party had copied information from the Starwood reservations database and taken steps towards removing it. The Starwood reservations database is no longer used for business operations.
Expenses and Insurance Recoveries
We recorded $6 million of expenses and $9 million of accrued insurance recoveries related to the Data Security Incident during the 2019 third quarter, and $198 million of expenses, partially offset by $77 million of accrued insurance recoveries, related to the Data Security Incident during the 2019 first three quarters. Expenses year-to-date primarily included the accrual for the loss contingency related to the Proposed ICO Fine discussed below, along with customer care and legal costs. We recognize insurance recoveries when they are probable of receipt and present them in our Income Statements in the same caption as the related expense, up to the amount of total expense incurred in prior and current periods. We present expenses and insurance recoveries related to the Data Security Incident in either the “Reimbursed expenses” or “Merger-related costs and charges” captions of our Income Statements.
Litigation, Claims, and Government Investigations
Following our announcement of the Data Security Incident, approximately 100 lawsuits were filed by consumers and others against us in U.S. federal, U.S. state and Canadian courts related to the incident. All of the U.S. cases have been consolidated and transferred to the U.S. District Court for the District of Maryland, pursuant to orders of the U.S. Judicial Panel on Multidistrict Litigation (MDL). The plaintiffs in the U.S. and Canadian cases, who generally purport to represent various classes of consumers or other individuals, generally claim to have been harmed by alleged actions and/or omissions by the Company in connection with the Data Security Incident and
assert a variety of common law and statutory claims seeking monetary damages, injunctive relief, costs and attorneys’ fees, and other related relief. Among the U.S. cases consolidated in the MDL proceeding is a putative class action lawsuit that was filed against us and certain of our current officers and directors on December 1, 2018, alleging violations of the federal securities laws in connection with statements regarding our cybersecurity systems and controls, and seeking certification of a class of affected persons, unspecified monetary damages, costs and attorneys’ fees, and other related relief. The MDL proceeding also includes two shareholder derivative complaints that were filed on February 26, 2019 and March 15, 2019, respectively, against the Company, certain of its officers and certain of the members of our Board of Directors, alleging, among other claims, breach of fiduciary duty, corporate waste, unjust enrichment, mismanagement and violations of the federal securities laws, and seeking unspecified monetary damages and restitution, changes to the Company’s corporate governance and internal procedures, costs and attorneys’ fees, and other related relief. We dispute the allegations in the lawsuits described above and intend to defend vigorously against such claims. We have filed motions to dismiss several of the cases covered by the MDL proceeding, but the cases generally remain at an early stage. There has been some consolidation of the Canadian cases, with seven cases now pending across five provinces, and we expect there could be further consolidation in the future. In addition, in April 2019, we received a letter purportedly on behalf of a shareholder of the Company (also one of the named plaintiffs in the putative securities class action described above) demanding that our Board of Directors take action against the Company’s current and certain former officers and directors to recover damages for alleged breaches of fiduciary duties and related claims arising from the Data Security Incident. The Board of Directors has constituted a demand review committee to investigate the claims made in the demand letter, and the committee has retained independent counsel to assist with the investigation. The committee’s investigation is ongoing.
In addition, numerous U.S. federal, U.S. state and foreign governmental authorities are investigating, or otherwise seeking information and/or documents related to, the Data Security Incident and related matters, including Attorneys General offices from all 50 states and the District of Columbia, the Federal Trade Commission, the Securities and Exchange Commission, certain committees of the U.S. Senate and House of Representatives, the Information Commissioner’s Office in the United Kingdom (“ICO”) as lead supervisory authority in the European Economic Area, and regulatory authorities in various other jurisdictions. On July 9, 2019, we announced that the ICO had communicated its intent to issue a fine in the amount of £99 million against the Company in relation to the Data Security Incident (the “Proposed ICO Fine”). In the 2019 second quarter, we recorded an accrual in the amount of the Proposed ICO Fine for this loss contingency. We present the accrual (which totaled $122 million at September 30, 2019) in the “Accrued expenses and other” caption of our Balance Sheets and the related expense in the “Merger-related costs and charges” caption of our Income Statements. In late August 2019, we submitted a written response to the ICO vigorously defending our position, which we had the right to do before the amount of the fine is finally determined and the fine can be issued by the ICO. To date, we have not received from the ICO a final notice of determination or fine. Following the Data Security Incident, the ICO also notified us that it had opened an investigation into the Company’s online privacy policy and related practices and an investigation into the Company’s handling of data subject access requests. These investigations are separate from the ICO’s investigation related to the Data Security Incident and the Proposed ICO Fine does not relate to either of these separate investigations.
While we believe it is reasonably possible that we may incur additional losses associated with the above described proceedings and investigations, it is not possible to estimate the amount of loss or range of loss, if any, in excess of the amounts already incurred that might result from adverse judgments, settlements, fines, penalties, or other resolution of these proceedings and investigations based on the stage of these proceedings and investigations, the absence of specific allegations as to alleged damages, the uncertainty as to the certification of a class or classes and the size of any certified class, if applicable, and/or the lack of resolution of significant factual and legal issues.