The Consumer Fraud and Abuse Act, 18 U.S.C. §1030 (CFAA) is a federal statute that imposes criminal penalties and provides for a civil cause of action against individuals who obtain information from a computer by intentionally accessing the computer without authorization or by exceeding authorized access. The statute has been used to criminally prosecute and bring civil actions for damages and losses against employees who have misappropriated their employers’ trade secrets or other confidential information. Those damages and losses may include attorneys’ fees expended by the employer to investigate violations of the statute. In its recent opinion in Van Buren v. United States, the United States Supreme Court resolved a disagreement among the lower federal courts over the scope of the CFAA’s “exceeds authorized access” clause. Does an employee with authorized access to his employer’s computers “exceed authorized access” only when accessing specific computer files the employee has not been authorized to access, or does the employee also “exceed authorized access” when accessing files for which the employee has authorization, but uses the information for an unauthorized purpose? In Van Buren, the Supreme Court ruled in favor of the more limited scope of the “exceeds authorized access” clause. Background When employed as a police officer in Georgia, Nathan Van Buren was the target of an...
Tagged: Electronic Communications
SDNY Expands Interpretation of “Possession, Custody, or Control” – Orders Adverse Inference Against Company for Spoliation of Text Messages by Non-Party, Independent Contractor on Personal Phone
In Van Zant, Inc. v. Pyle, et al., 270 F. Supp. 3d 656 (S.D.N.Y. 2017), the Southern District of New York ordered an adverse inference against Los Angeles-based Cleopatra Entertainment LLC (“Cleopatra”), based on the conduct of its independent contractor and non-party to the case, Jared Cohn (“Cohn”). Cohn had been hired by Cleopatra to write and direct a motion picture about the 1977 plane crash that killed two members of the Southern rock band Lynyrd Skynyrd. During the film’s production, Cleopatra and Cohn enlisted the aid of Lynyrd Skynyrd drummer Artimus Pyle (“Pyle”), who, along with other surviving band members (and the estates of deceased members), was party to a 1988 Consent Order that set limits on the permissible use of the Lynyrd Skynyrd name; the likenesses, names, and biographical material of its members; the band’s history; and related items. The Consent Order also detailed the respective parties’ rights to royalties from Lynyrd Skynyrd music, merchandise, and other proceeds, and prohibited the parties from “implicitly or through inaction authoriz[ing] the violation of the terms [of the agreement] by any third party.” Pyle initially did not make Cleopatra aware of the Consent Order, but plaintiffs (also parties to the 1988 Consent Order) sent Cleopatra a copy, along with a cease and desist letter, after learning...
NLRB Rules Employees “Presumptively Permitted” to Use Employer Email Systems for Statutorily Protected Communications
On December 11, 2014, in Purple Communications, Inc. and Communications Workers of America, AFL-CIO, Cases 21-CA-095151, 21-RC-091532, and 21-RC-091584, the National Labor Relations Board (the “Board” or “NLRB”) held that “employee use of email for statutorily protected communications on nonworking time must presumptively be permitted by employers who have chosen to give employees access to their email systems.”
A New Jersey Federal Court Holds that the Stored Communications Act Applies to “Wall Posts” on Facebook
The Federal Stored Communications Act, 18 U.S.C. § 2701, et seq. (“SCA”), makes it unlawful to, among other things, “intentionally access without authorization a facility through which an electronic communication service is provided.” Violators are subject to imprisonment and fines, and the statute expressly authorizes a civil action for damages, injunctive relief and attorneys fees. A federal court in New Jersey has now held that the statute may apply to those who access information posted by a Facebook account holder on his or her Facebook “wall.” The defendant-employer in the case, Monmouth-Ocean Hospital Service Corp. (“MONOC”), was able to avoid liability under the SCA because the plaintiff could not establish that her employer violated the “without authorization” component of the statute. Ehling v. Monmouth-Ocean Hospital Service Corp. But the case puts employers on notice that they must tread carefully in this area.
Pennsylvania Court Orders Plaintiff to Disclose Facebook and MySpace Passwords, User Names, and Log in Names to Defendant
A Pennsylvania trial court recently became one of a growing number of courts to rule that a plaintiff’s non-public Facebook and MySpace postings are discoverable. On May 19, 2011, in Zimmerman v. Weis Markets, Inc., No. CV-09-1535, 2011 WL 2065410 (Pa. Comm. Pl. May 19, 2011) the Court of Common Pleas of Pennsylvania granted the defendant’s motion to compel the plaintiff, a former employee of the defendant, to disclose his Facebook and MySpace passwords, user names and log in names. Notably, the Court reasoned that because the plaintiff voluntarily posted all of the pictures and information on his Facebook and MySpace sites, he had no reasonable expectation of privacy to the postings although the posts were on non-public pages.
The highly publicized “Facebook firing” case, brought by the National Labor Relations Board (NLRB) and discussed in a November 12, 2010 post in the Employment Law Alert, ended with a settlement announced on February 7, 2011. According to the Complaint, American Medical Response of Connecticut Inc. (“AMR”) terminated an employee for criticizing her boss on her Facebook account.
Employers wanting to prohibit damaging communications from being made about them by employees through blogging and rapidly evolving social media such as Facebook, Twitter, and LinkedIn should be aware of a recent National Labor Relations Board (NLRB) Complaint against American Medical Response of Connecticut, Inc. asserting that two of the more common employer restrictions on employee blogging and social media communications constitute unfair labor practices and are, therefore, unlawful. In its News Release, the NLRB pointed to two of the provisions in the company’s blogging and internet posting policies as being unlawful under Section 7 of the National Labor Relations Act (NLRA).
Relevance. Scienter. Prejudice. These three themes permeated a roundtable discussion entitled “Legal Hold Best Practices after Victor Stanley II, Pension Committee and Rimkus” during Gibbons Fourth Annual E-Discovery Conference on October 28, 2010, at Gibbons headquarters in Newark, New Jersey. A distinguished panel discussed legal hold best practices and lessons learned from recent decisions, including proactive measures and creative strategies for companies of all sizes to meet their e-discovery obligations. E-discovery preservation obligations have been a critical issue in employment litigation since Judge Scheindlin’s groundbreaking opinion in Zubulake v. UBS Warburg (in which the defendant/employer was sanctioned for failing to preserve documents in a sex discrimination case brought under Title VII).