Monthly Archives: May 2010
New York District Court Permits CFAA Case Against Ex-Employee
In Marketing Technology Solutions, Inc. v. Medizine LLC, 2010 WL 2034404 *6-7 (S.D.N.Y. May 18, 2010) the court denied the defendant’s motion to dismiss the CFAA claim for stealing trade secrets from the company computer. Medizine, the employee’s new employer, argued that the employee, Daniel Brandt, could not have accessed his former employer’s computer without authorization or in excess of authorization “because of the broad access Brandt had as an employee.” Id. at *7. Relying on the First Circuit’s decision in EF Cultural Travel BV v. Explorica, Inc., 274 F.3d 577, 581-84 (1st Cir. 2001), the court held that “[i]n … [ Continue reading ]
Narrow Interpretation of CFAA’s Jurisdictional “Loss” Requirement
A district court in Illinois last week granted summary judgment to a defendant on a Computer Fraud and Abuse Act (“CFAA”) claim by narrowly interpreting the jurisdictional “loss” prerequisite under the CFAA to require a showing that the computer was “impaired” or “suffered an interruption of service.” Von Holdt v. A-1 Tool Corp., 2010 WL 1980101 *12 (N.D. Ill. May 17, 2010). The CFAA is the federal computer crime statute that provides for a private right of action for someone “who suffers damage or loss” as a result of a violation of the statute. Title 18, U.S.C. § 1030(g). Von … [ Continue reading ]
How Do You Sue an Unknown Hacker?
The question was answered this week by a federal district court in Connecticut in the case of GWA, LLC v. Cox Communications, Inc. and John Doe, 2010 WL 1957864 (D.Conn. May 17, 2010). When the company computer is hacked, the only evidence that is usually available on the hacked computer to identify the hacker is the Internet Protocol (“IP”) address left behind by the hacker. The IP address is a unique number assigned to every computer connected to the Internet by an Internet Service Provider (“ISP”) through which the computer connects to the Internet. Armed with the identity of owner … [ Continue reading ]
Pennsylvania District Court adopts Brekka
The Magistrate Judge in Consulting Professional Resources, Inc. v. Concise Technologies LLC, 2010 WL 1337723 (W.D. Pa. March 9, 2010) held that the CFAA does not apply to an employee who removed trade secret protected data from the company computer and provided it to a competitor immediately prior to leaving her employer to become employed by that competitor. The court recognized that “[t]he Court of Appeals for the Third Circuit has not taken a position on the “unauthorized access” debate, but it has recognized the trend among employers to employ the “CFAA’s civil remedies to sue former employees and their … [ Continue reading ]
U.S. Companies Misrepresenting EU Data Protection Directive Safe Harbor Compliance Risk Federal Trade Commission Enforcement Action
U.S. companies that transfer personal data from the European Economic Area (i.e., the 27 Member States of the European Union (EU) and Iceland, Liechtenstein and Norway) (EEA) to the United States, and misrepresent that they have self-certified under the Safe Harbor framework, risk Federal Trade Commission (FTC) enforcement action under Section 5 of the Federal Trade Commission Act. EU Data Protection Directive By way of background, a company that transfers personal data from the EEA to the United States must comply with the EU Data Protection Directive (95/46/EC). Personal data means information about any identified or identifiable natural person (e.g., … [ Continue reading ]
Joint Databases – Is Your Competitively Sensitive Data Protected?
A recent federal district court decision refusing to grant summary judgment to a defendant in a Computer Fraud and Abuse Act (“CFAA”) case highlights the importance of clearly delineating one’s rights in accessing a database that contains data owned by more than one party.
