Deloitte & Touche LLP v. Carlson, 2011 WL 2923865 (N.D. Ill. July 18, 2011)
Defendant had risen to the level of Director of a large consulting and professional services firm. (There is some irony here – this case involves the destruction of electronic data, and defendant had been in charge of the firm’s security and privacy practice.)
After defendant left the firm to join a competitor, he returned his work-issued laptop with the old hard drive having been replaced by a new blank one. Defendant had destroyed the old hard drive because it had personal data on it such as tax returns and account information.
The firm sued, putting forth a number of claims, including violation of the Computer Fraud and Abuse Act (CFAA). Defendant moved to dismiss for failure to state a claim upon which relief can be granted. The court denied the motion.
Defendant argued that the CFAA claim should fail because plaintiff had not adequately pled that the destruction of the hard drive was done “without authorization.” The court rejected this argument.
The court looked to Int’l Airport Centers LLC v. Citrin, 440 F.3d 418 (7th Cir. 2006) for guidance on the question of whether defendant’s alleged conduct was “without authorization.” Int’l Airport Centers held that an employee acts without authorization as contemplated under the CFAA if he or she breaches a duty of loyalty to the employer prior to the alleged data destruction.
In this case, plaintiff alleged that defendant began soliciting another employee to leave before defendant left, and that defendant allegedly destroyed the data to cover his tracks. On these facts, the court found the “without authorization” element to be adequately pled.
Lalonde v. Lalonde, — S.W.3d —, 2011 WL 832465 (Ky. App., February 25, 2011)
Mother sought appellate review of the lower court’s order that awarded primary physical custody of her daughter to the child’s father. The mother argued, among other things, that the court improperly considered Facebook photos showing her drinking. This was not good because her psychologist had testified that alcohol would have an adverse effect on the medication she was taking for bipolar disorder. (Seems like there’s no shortage of cases involving drinkin’ photos on social media.)
The court rejected the mother’s assertion that the photos should not be considered as evidence. She argued that because Facebook allows anyone to post pictures and then “tag” or identify the people in the pictures, she never gave permission for the photographs to be published in this manner. The court held that “[t]here is nothing within the law that requires [one’s] permission when someone takes a picture and posts it on a Facebook page. There is nothing that requires [one’s] permission when she [is] “tagged” or identified as a person in those pictures.”
It might be easy to overstate the court’s conclusion here. Some instances of tagging might be part of something actionable. For example, the posting and tagging of photos in the right context might constitute harassment, infliction of emotional distress, or invasion of privacy. Use of another’s photo on the web without permission for commercial purposes might violate that person’s right of publicity. And of course there is the question of copyright as to the uploading of the photo in the first place — if the person appearing in the photo owns the copyright (e.g., it’s a self-portrait) there is the risk of infringement. But it’s interesting to see the court appear to validate ordinary tagging.