Tag Archives: Employment

Computer Fraud and Abuse Act claim dismissed where plaintiff failed to adequately plead loss or damage

Cost of investigating scope of information loss was not a “damage assessment” as contemplated by the CFAA.

BrokenlaptopPlaintiff sued defendant (a former employee) under the Computer Fraud and Abuse Act (“CFAA”) alleging that defendant intentionally and without authorization accessed plaintiff’s computers, intranet, and email system and sent plaintiff’s confidential customer information to his personal email account. Defendant allegedly used this information when he went to work for a competitor. Plaintiff also alleged that defendant attempted to conceal his actions by deleting the outgoing messages from the work email account.

Defendant moved to dismiss for failure to state a claim. The court granted the motion as to the CFAA claim.

The court found that plaintiff did not (and could not) claim defendant’s conduct caused “damage” within the meaning of the CFAA, because plaintiff did not allege any data were lost or impaired.

On the question of “loss” under the CFAA, the court found that plaintiff failed to allege any facts connecting its purported loss to an interruption of service, loss of data, or even a suspected loss of service or data. Although plaintiff attributed certain losses to “damage assessment and mitigation,” the court found it clear from the complaint that plaintiff’s “damage assessment” efforts were aimed at determining the scope of information defendant emailed to himself and disclosed to his new employer. Plaintiff did not allege it ever lost access to any of the information contained in defendant’s emails, notwithstanding defendant’s attempt to conceal his conduct by deleting the emails.

The court observed:

To be sure, assessing the extent of information illegally copied by an employee is a prudent business decision. But the cost of such an investigation is not “reasonably incurred in responding to an alleged CFAA offense,” because the disclosure of trade secrets, unlike destruction of data, is not a CFAA offense.

Accordingly, in this situation, the costs of investigating defendant’s conduct were not “losses” compensable under the CFAA.

SBS Worldwide, Inc. v. Potts, 2014 WL 499001 (N.D.Ill. February 7, 2014)

Facebook activity did not support claim that employee solicited former employer’s clients

Invidia, LLC v. DiFonzo, 2012 WL 5576406 (Mass.Super. October 22, 2012)

Defendant hairstylist signed an employment agreement with plaintiff that restricted her from soliciting any of plaintiff’s clients or customers for 2 years. Four days after she quit plaintiff’s salon, her new employer announced on Facebook that defendant had come on board as a stylist. One of defendant’s former clients left a comment to that post about looking forward to an upcoming appointment.

stylist

Either before or after she left plaintiff’s employ (the opinion is not clear about this), defendant had become Facebook friends with at least 8 of the customers she served while working for plaintiff.

Plaintiff sued for breach of contract and sought a preliminary injunction. The court denied the motion, in part because plaintiff failed to show evidence that defendant had violated the nonsolicitation provision.

The court found that it did not constitute solicitation of plaintiff’s customers to post a notice on Facebook that defendant was beginning work at a new salon. The court said it would have viewed it differently had plaintiff contacted a client to tell her that she was moving to a new salon, but there was no evidence of any such contact.

As for having clients as Facebook friends, the court noted that:

[O]ne can be Facebook friends with others without soliciting those friends to change hair salons, and [plaintiff] has presented no evidence of any communications, through Facebook or otherwise, in which [defendant] has suggested to these Facebook friends that they should take their business to her chair at [her new employer].

See also, TEKsystems, Inc. v. Hammernick.

Photo courtesy Flickr user planetc1 under this Creative Commons license

Employer not allowed to search for porn on employee’s home computer

In re Jordan, — S.W.3d —, 2012 WL 1098275 (Texas App., April 3, 2012)

Former employee sued her old company for subjecting her to a sexually hostile workplace and for firing her after she reported it. She claimed that she had never looked at pornography before she saw some on the computers at work. During discovery in the lawsuit, the company requested that employee turn over her home computer so that the company’s “forensic computer examiner” could inspect them.

The trial court compelled employee to produce her computer so that the forensic examiner could look for pornography in her web browsing history and email attachments. The employee sought mandamus review with the court of appeals (i.e., she asked the appellate court to order the lower court not to require the production of the hardware). The appellate held that she was entitled to relief, and that she did not have to hand over her computer.

The appellate court found that the lower court failed to consider an appropriate protective order that would limit inspection to uncover specifically-sought information in a particular form of production. In this case, the company had merely asked for the hardware without informing employee of the exact nature of the information sought. And the company provided no information about the qualifications of its forensic examiner. Though the trial court tried to limit the scope of the inspection with carefully chosen wording, the appellate court found that was not sufficient to protect the employee from the risks associated with a highly intrusive search.

Photo credit: Jakob Montrasio (CC BY 2.0)

Teacher fired over Facebook post gets her job back

Court invokes notion of “contextual integrity” to evaluate social media user’s online behavior.

Rubino v. City of New York, 2012 WL 373101 (N.Y. Sup. February 1, 2012)

The day after a student drowned at the beach while on a field trip, a fifth grade teacher updated her Facebook status to say:

After today, I am thinking the beach sounds like a wonderful idea for my 5th graders! I HATE THEIR GUTS! They are the devils (sic) spawn!

Three days later, she regretted saying that enough to delete the post. But the school had already found out about it and fired her. After going through the administrative channels, the teacher went to court to challenge her termination.

The court agreed that getting fired was too stiff a penalty. It found that the termination was so disproportionate to the offense, in the light of all the circumstances, that it was “shocking to one’s sense of fairness.” The teacher had an unblemished record before this incident, and what’s more, she posted the content outside of school and after school hours. And there was no evidence it affected her ability to teach.

But the court said some things about the teacher’s use of social media that were even more interesting. It drew on a notion of what scholars have called “contextual integrity” to evaluate the teacher’s online behavior:

[E]ven though petitioner should have known that her postings could become public more easily than if she had uttered them during a telephone call or over dinner, given the illusion that Facebook postings reach only Facebook friends and the fleeting nature of social media, her expectation that only her friends, all of whom are adults, would see the postings is not only apparent, but reasonable.

So while the court found the teacher’s online comments to be “repulsive,” having her lose her job over them went too far.

Employer did not violate employee’s privacy by accessing personal laptop

Sitton v. Print Direction, Inc., — S.E.2d —, 2011 WL 4469712 (Ga.App. September 28, 2011)

A Georgia court held that an employee using a personal laptop to conduct business for a competitor did not have an invasion of privacy claim when his employer busted him at work using the laptop to send email.

Plaintiff-employee worked for a printing company. His wife also owned a printing business. On the side, plaintiff would broker printing jobs, sending them to his wife’s company. He would bring his own laptop to work and use that to conduct business for his wife’s company while at work for his employer.

One day, the boss came into plaintiff’s office (apparently when plaintiff was not in the room) and saw that the computer screen on plaintiff’s computer showed a non-work related email account, with messages concerning the brokering of print jobs to the wife’s company. The boss printed out the email messages.

Plaintiff sued, claiming, among other things, common law invasion of privacy and violation of a provision of the Georgia Computer Systems Protection Act. The case went to trial, and plaintiff lost. In fact, he ended up having to pay almost $40,000 to his employer on counterclaims for breach of loyalty. Plaintiff sought review of the trial court’s decision. On appeal, the court affirmed.

The appellate court affirmed the trial court’s finding that the boss’s access to plaintiff’s computer did not constitute common law invasion of privacy based upon an intrusion upon plaintiff’s seclusion or solitude, or into his private affairs. The court held that the boss’s activity was “reasonable in light of the situation” because:

  • He was acting in order to obtain evidence in connection with an investigation of improper employee behavior,
  • The company’s interests were at stake, and
  • He had “every reason” to suspect that plaintiff was conducting a competing business on the side, as in fact he was.

To bolster this holding, the court cited from a Georgia Supreme Court case that said, “[T]here are some shocks, inconveniences and annoyances which members of society in the nature of things must absorb without the right of redress.”

Former employer’s trade secret claim under inevitable disclosure doctrine moves forward

Copying of employer computer files central to trade secrets claim

Mobile Mark, Inc. v. Pakosz, 2011 WL 3898032 (N.D.Ill. September 6, 2011)

Defendant used to work for plaintiff. Before he left that organization to work for a competitor, he allegedly accessed plaintiff’s computer system and copied proprietary information to a laptop that plaintiff had loaned him. He then allegedly transferred the proprietary data to a number of external storage devices, and then installed and repeatedly ran a “Window Washer” program on the laptop to delete files and other data in order to conceal his activities.

Plaintiff sued, putting forth several claims, including a claim of misappropriation of trade secrets under the Illinois Trade Secrets Act, 765 ILCS 1065/2. Defendant moved to dismiss. The court denied the motion.

One of the bases for plaintiff’s trade secret misappropriation claim was that defendant, by going to work for a competitor, would inevitably disclose the proprietary information he had obtained while working for plaintiff. Looking to Illinois law, the court noted that “[i]nevitable disclosure is not assumed when an employee has general information in his head as a result of working for a company.” But “where evidence exists that the employee copied the employer’s confidential information, it leads to the conclusion of inevitable disclosure.”

CFAA violation where employee’s access to work computer violated fiduciary duty to employer

Plaintiff former employer sued defendant former employee for violation of the Computer Fraud and Abuse Act, 18 U.S.C. 1030, alleging that defendant, while still in the employ of plaintiff, accessed confidential business information and destroyed other important data. Defendant moved to dismiss the CFAA claim. The court denied the motion.

Defendant had argued that the complaint failed to establish that access to the work computer was had without authorization. He assserted that plaintiff did not allege that at any time while defendant was employed by plaintiff his access to his work-issued computer was restricted, or that plaintiff ever told him that he was no longer permitted to access the computer.

But the plaintiff had alleged that defendant’s access violated the fiduciary duty defendant owed. The court held that under Int’l Airport Ctr., L.L.C. v. Citrin, 440 F.3d 418, 420–21 (7th Cir.2006), allegations of a breach of duty are enough to properly allege that defendant lost his authorization to access his company computer.

Compare this holding (and Citrin) with the Ninth Circuit’s holding in LVRC Holdings v. Brekka.

Employee did not violate Computer Fraud and Abuse Act by checking Facebook and personal email at work

Lee v. PMSI, Inc., 2011 WL 1742028 (M.D.Fla., May 6, 2011)

Former employee sued the company she used to work for alleging pregnancy discrimination. The company countersued under the Computer Fraud and Abuse Act (“CFAA”) alleging that the former employee violated the CFAA by using her work computer to access Facebook and check her personal email. She moved to dismiss the counterclaim, and the court granted the motion. The court found that the company failed to allege that its computer system was damaged by plaintiff’s internet usage, and plaintiff was alleged only to have accessed her own information, not that of the employer.

Plaintiff failed to show that Facebook pics supported hostile workplace claim

Jabbar v. Travel Services, Inc., 2010 WL 3563112, (D.Puerto Rico September 10, 2010)

Plaintiff sued her former employer for racial discrimination. The court granted summary judgment in favor of the employer, finding there was not enough evidence to go to trial on plaintiff’s claim. Plaintiff asked the court to reconsider the judgment against her. The court held its ground.

One of the assertions that plaintiff made was that someone from work had posted a discriminatory comment on a Facebook photo taken at a company outing.

The court found there was no evidence apart from plaintiff’s own deposition testimony that the company’s official policy was to upload photos to Facebook. And there was no evidence as to who owned the Facebook account in question.

So the court found no basis to overturn its earlier determination that plaintiff failed to establish a prima facie case of employment discrimination.

Nefarious LinkedIn use finally makes it to the courts

TEKsystems, Inc. v. Hammernick, No. 10-99819 (D. Minn., Filed 3/16/2010). [Link to Complaint (PDF)]

Here is an interesting lawsuit that is bound to convince some employers that social media is causing the sky to fall (to the extent they’re not thinking that already).

Minnesota, showing roads and major bodies of water
Image via Wikipedia

An IT headhunting company that does business in the Twin Cities area of Minnesota has filed suit against a former recruiter-employee for breach of her noncompetition agreement. The complaint says that she violated that agreement when she connected on LinkedIn with 20 of the candidates her old firm was working with.

One thing that’s missing from the allegations is when the defendant made these allegedly improper LinkedIn connections. Did she already have them as connections when she left the plaintiff’s employment or did she invite them to connect after she left? The distinction seems like it would be relevant.

No doubt this case should get some attention due to the novelty of the allegations, namely, that the defendant used a social networking site to break the law. But as thinking persons, we should be careful not to sensationalize these facts. When you stop and think about it, how does the fact that the defendant may have used LinkedIn really differentiate the case from one in which she would have used a more conventional form of communication to solicit?

[Thanks to Paul Cherner at the HR Counsel blog for alerting me to this case. More coverage at the Delaware Employment Law Blog and Portfolio.com]