By Robert Milligan and Joshua Salinas

The Computer Fraud and Abuse Act (“CFAA”) remains a potent weapon for employers to use against disgruntled employees who steal company data. The Sixth Circuit in U.S. v. Batti, No. 09-2050, 2011 WL 111745 (6th Cir. 2011)recently upheld the criminal conviction of an employee who allegedly accessed, copied, and leaked confidential information that belonged to his employer’s CEO. The court also awarded the employer restitution for private security investigation costs, despite parallel government investigations. Unfortunately, the court provided no clues into its position regarding the hotly contested “without authorization” interpretation that has split the circuits.

Luay Batti worked in the IT department of Campbell-Ewald, a Michigan advertising company. While employed, Batti allegedly obtained without authorization confidential information that belonged to Campbell-Ewald’s CEO. Six months later, Batti met with Campbell-Ewald’s General Manager to complain about the IT department’s management. Batti also allegedly provided the General Manager a copy of the CEO’s files to reveal the weaknesses in the company’s computer security. Campbell-Ewald fired Batti and contacted the police.

The FBI conducted an investigation into the alleged security breach. Subsequently, Campbell-Ewald hired a security investigation firm and obtained legal advice from outside counsel regarding the alleged security breach.

Butti was convicted for violating the CFAA. The district court awarded Campbell-Ewald $47,565 in restitution for the security firm’s investigation and advice from counsel.

One of the issues Batti raised on appeal was whether Campbell-Ewald could receive restitution when the government had already conducted an investigation.

The Sixth Circuit affirmed the lower court and ordered restitution. The court emphasized that courts are required to award restitution to reimburse necessary expenses incurred when victims investigate offenses. (18 U.S.C. § 3663A). The court echoed the growing majority  of courts that private investigations are necessary responses to security breaches. Thus, Campbell-Ewald could recover for incurred investigation costs, regardless of whether the government already conducted an investigation. In fact, Campbell-Ewald’s continued surveillance allegedly caught Batti attempting to access the company’s computer server after his termination.

This holding is welcome news for employers and other victims of CFAA violations. The growing majority of courts permit the recovery of investigation costs in CFAA civil suits. As reflected in Batti,  criminal proceedings brought by the government against rogue employees who steal company data may be viable options for employers (provided that they can secure the government’s attention and support) and reduce the need for costly civil suits, particularly where they can receive restitution for their investigation costs.

Yet, the Sixth Circuit provided no insight into how it would rule regarding the current “without authorization” split. Batti did not raise the issue of authorization on appeal and thus the court was not required to discuss it. The facts of the case provided no opportunity for the court to delve into its interpretation of “without authorization.” Batti’s alleged purpose in providing the GM with a copy of the CEO’s files was to show that someone without authorization could obtain this confidential information. On one side of the circuit split, some courts focus on whether the employee was initially authorized to access the stolen data. On the other side, the Seventh and Eleventh Circuits focus on the purpose and intent of the employee’s conduct, which would terminate any previously granted access. Indeed, Batti apparently never had any authorization to access the CEO’s files and thus his alleged conduct constituted “without authorization” under any circuit’s interpretation.

While Batti provides no clear guidance on how it would side in the “without authorization” split, the Court reinforced the employers’ ability to use the CFAA as a viable claim to combat computer security breaches by employees in certain situations.

On January 13, 2011, in Holmes v. Petrovich Development Company, LLC, a California Court of Appeal ruled that emails sent by an employee to her attorney from a company computer were not privileged. 

Read our Seyfarth Shaw Labor & Employment Department’s alert here.   This should be of particular interest in all employee-related cases, including trade secrets and non-compete cases.  As the alert notes:

This case reminds employers of the importance of having a strongly worded and clearly written policy on employee use of employer-provided technology such as computers, email systems and voice mail systems for personal reasons. These policies also should specify that employees have no expectation of privacy in their non-work communications and that all employer-provided technology is subject to monitoring, even if it is password-protected.

Having clear technology policies are also particularly important to protecting trade secrets and other confidential information.

As we have posted previously, there is some question regarding the effective date of Georgia’s Restrictive Covenant Act, O.C.G.A. § 13-8-50 et seq., the statute passed by the Georgia General Assembly in 2009 and authorized by passage of an enabling constitutional amendment in November 2010. The RCA changes Georgia’s legal regime regarding restrictive covenants.  Because of the uncertainty regarding the statute’s effective date (and resulting potential constitutional issues), the General Assembly has been considering a bill – House Bill 30 – that would re-enact the RCA to end any constitutional questions. 

HB 30 also addresses a second issue regarding the RCA. There has been some debate as to the meaning of the provisions of O.C.G.A. § 13-8-56, specifically whether it applies only to in-term covenants. HB 30 revises that section of the non-compete statute by making it clear that the presumptions contained in O.C.G.A. § 13-8-56 apply to in-term and post-term covenants. This provision is important to businesses and employersfor a number of reasons, including that Georgia employers will be permitted to list specific competitors in place of specifying a geographic area in a non-compete restriction. 

On Tuesday, February 22, 2011, the House of Representatives passed HB 30 by a margin of 104 to 58. The bill is now before the Senate. We will continue to monitor the progress of the bill.

            When a defendant, sued by a former employer for misappropriating a manufacturing process that allegedly constituted a trade secret, denies that the process is confidential and files a counterclaim alleging that the plaintiff is engaged in sham litigation in order to stifle competition, is it appropriate for the court to instruct the jury that the evidence shows plaintiff does not have a valid trade secret? In a recent case, the trial judge gave such an instruction which led to a multi-million dollar jury verdict for the defendant. The appeal that followed is reported in Whitesell Int’l Corp. v. Whittaker, 2010 WL 3564841 (Mich. App., Sept. 14, 2010) (affirming the judgment below; 2-1 ruling that the instruction was appropriate), vacated on reconsideration, 2011 WL 165405 (Mich. App., Jan. 18, 2011) (vacating the judgment below and remanding for a new trial; unanimous decision that the instruction was inappropriate).

            The sole manufacturer of interconnected “pierce nuts” filed a trade secret misappropriation lawsuit in Wayne County, Michigan, against an ex-employee who allegedly was using the plaintiff’s manufacturing process in a competing business. Pierce nuts affix materials to sheet metal. 

            Responding to the lawsuit, which was the third one between the parties, the ex-employee successfully moved to dismiss the claim on the ground of res judicata. In a counterclaim for tortious interference with a business relationship and expectancy, he denied that the process was confidential, and he demonstrated that the process was readily visible to plant visitors and was disclosed in detail in an old, expired patent. He also proved that the plaintiff’s employees were not required to sign confidentiality agreements and that no document referred to the process as confidential. Accordingly, he maintained that the plaintiff was engaging in sham litigation which was a “flagrant violation” of the Michigan Antitrust Reform Act and part of an unlawful effort to preserve a monopoly. Insisting that it had acted reasonably in filing the lawsuit, the plaintiff produced witnesses who testified to their understanding that the process was confidential. 

            Immediately prior to the start of deliberations following a 25-day trial, the jury was instructed that the manufacturing process did not constitute a trade secret. Naturally, the jury then decided the counterclaim for the defendant. Including attorneys’ fees and pre-judgment interest, the counterclaimant was awarded more than $8 million.

            The manufacturer appealed with interesting results. Initially, the Michigan Court of Appeals affirmed, 2-1. The dissent insisted that the claim should not have been dismissed on res judicata grounds and that the counterclaim instruction was improper and highly prejudicial. On reconsideration, the panel vacated the judgment and remanded for a new trial, concluding that the dissent had been correct in saying that the judge below should have let the jury decide the trade secret question. However, the ruling in the initial opinion regarding res judicata was left unchanged. The judge who initially had dissented now concurred in the portion of the decision on reconsideration remanding because of the improper trade secret instruction, but he continued to dissent with respect to the reiterated ruling on res judicata.

            As this case illustrates, in trade secret misappropriation litigation a party alleging that a manufacturing process is confidential has an uphill battle to obtain a sustainable directed verdict where there is a dispute concerning whether the process constitutes a trade secret.

An article published yesterday in the Gonzaga Law Review presents an interesting analysis of trade secret litigation in state courts. Authors David S. Alming, Darin W. Snyder, Michael Sapoznikow, Whitney E. McCollum, and Jill Weader published the follow-up article to their article last year concerning trade secret litigation in federal courts. According to the new article, they analyzed 2,077 state appellate court decisions issued between 1995 and 2009 and coded 358 of them for 17 relevant factors.

Here are some interesting findings from their article:

• In more than 90% of trade secret cases in both state and federal courts, the alleged misappropriator was either an employee or business partner of the trade secret owner.
• Just five states account for about half of all trade secret litigation in state appellate courts. California leads the pack (16% of cases), followed by Texas (11%), Ohio (10%), New York (6%), and Georgia (6%).
• State appellate courts affirmed 68% of trade secret decisions and reversed 30% of them.
• State appellate courts favor defendants. Alleged misappropriators (the defendants) prevailed in 57% of cases and trade secret owners (the plaintiffs) prevailed in 41%.
• State courts appear to be a tougher venue for trade secret owners who are suing business partners than for those suing employees. Trade secret owners won 42% of the time on appeal when the owner sued an employee, but only 34% when the owner sued a business partner.
• For decades following its 1939 publication, the Restatement (First) of Torts “was almost universally cited by state courts, and in effect became the bedrock of modern trade secret law.” James Pooley, Trade Secrets § 2.02[1] (2010). Those days are over. Only 5% of the cases in the state study cited the Restatement.
• Unlike federal courts, which cite persuasive authority in more than a quarter of cases, state courts cited persuasive authority in only 7% of cases.
• In contrast to the exponential growth of trade secret litigation in federal courts, trade secret litigation in state appellate courts is increasing, but only in a linear pattern at a modest pace.
• Of all the reasonable measures trade secret owners took, only two statistically predicted that the court would find that this element was satisfied: confidentiality agreements with employees and confidentiality agreements with third parties.

 

By Paul Freehling

The national CPA firm of Mayer Hoffman McCann P.C. (“MHM”), based in Missouri, scored a major victory when the Eighth Circuit Court of Appeals affirmed a trial court’s injunctions and liquidated damages award of $1,369,921 against four former stockholder-employees in Minnesota. The injunctions prohibited them from soliciting MJM’s clients, directed them and their employees to make their office and home computers available to a computer forensic expert, and enjoined them from using (and ordered them to return) MJM’s trade secrets and confidential information. The appellate court’s decision is notable because of its analysis of when non-compete covenants and contractual liquidated damages provisions are enforceable, but also because of the court’s view that non-solicitation agreements are unenforceable.   

In 2005, the individuals executed a Stockholders Agreement pursuant to which they covenanted not to solicit MHM’s clients and customers for two years after leaving MHM’s employ. However, in 2008, immediately after their resignation from MHM, the individuals started a competing firm which proceeded to serve at least 124 MHM clients. 

The covenants were challenged as lacking in consideration, being contrary to Missouri law, and having unenforceable remedy terms. The court discussed and rejected almost every challenge. Mayer Hoffman McCann, P.C. v. Barton, 614 F.2d 893 (8th Cir. 2010).

With regard to consideration, the defendants relied on a 1996 Missouri appellate court decision that invalidated, for lack of sufficient consideration, a non-compete clause contained in a buy-sell agreement. That court, however, was influenced by the absence of a contemporaneous employment contract and the failure of the buy-sell agreement to state that the clause was intended to protect special interests of the buyer.   In the Mayer Hoffman case, the individuals who signed the covenants were employees. Further, the Agreements contained mutual promises, recited that the purpose of the covenants was protection of MHM’s legitimate special interests — its proprietary trade secrets to which the individuals had access — and did not include restrictions greater than fairly required. So, consideration was adequate.

Several Missouri appellate court opinions identify the types of agreements in which restrictive covenants are permissible. No reported case involved a covenant ancillary to a shareholder’s agreement relating to a professional corporation. But the Eighth Circuit Appeals Court held that since a few decisions upheld covenants in agreements with various kinds of close corporations, and a professional corporation is a type of close corporation, the covenants at issue are enforceable. The two-year covenant was without geographical restrictions, but it was limited to MHM clients who the defendants solicited, and that was held to conform with Missouri law.

The defendants claimed that the non-compete clause failed because MHM had no protectable interest in clients who the individuals had begun servicing before signing the Stockholder Agreements. The court disagreed. MHM had invested money, time and effort in strengthening the pre-existing relationships. The court did concur with the defendants that, under Missouri law, MHM had no protectable interests in the defendants’ co-workers’ continued employment, and so the non-solicitation clause was unenforceable.

The Agreements provided that a violator of the covenant not to compete would owe liquidated damages equal to the sum of MHM’s total billings, for the two years prior to violation of the covenant, to the clients the violators successfully solicited. Overruling the defendants’ contention that the damages clause created an unenforceable penalty, the court held that the clause was valid because an accurate estimate of damages was difficult to make, and two years’ billings was a reasonable forecast of the harm caused by the individuals’ breach of contract. 

The injunctive and monetary award in Mayer Hoffman might be harsher than some courts would have rendered. However, the contract violation here was particularly egregious. In any event, the opinion suggests how to draft enforceable trade secret protection agreements, non-compete covenants, and liquidated damages clauses. The decision shows the horrendous consequences that may be faced by anyone who misappropriates trade secrets and breaches a covenant not to compete. For questions about the Mayer Hoffman case or other trade secret issues, please contact the Trade Secrets team at Seyfarth Shaw.

By Robert Milligan and Joshua Salinas

A Colorado federal district court recently held that the computer forensic investigator costs of investigating Computer Fraud and Abuse Act (CFAA) violations constitute “loss” under the statute. (AssociationVoice, Inc. v. AtHomeNet,Inc.,No. 10-cv-00109-CMA-MEH, 2011 WL 63508 (D.Colo 2011)).  The court echoed the growing trend in circuit and district courts, which permit civil claims under the CFAA absent any damage or interruption of service. Consequently, this decision underscores the viability of asserting CFAA claims in cases involving data theft and the importance of utilizing qualified computer forensic investigators in such cases.  

The plaintiff and defendants in AssociationVoice offered competing web-based software applications for homeowners associations (HOA). The defendants allegedly acted as fictitious HOA customers in order to purchase the plaintiff’s software and access the plaintiff’s password-protected “site admin” areas. In order to access the web site, the defendants also allegedly entered into a Services Agreement, which prohibited the defendants from reverse engineering and copying the plaintiff’s source code or using the plaintiff’s confidential and proprietary information. 

The defendants allegedly copied, reverse engineered, and misappropriated information from the plaintiff’s password-protected site and allegedly added at least forty-four new features to the defendants’ own applications.

The plaintiff filed suit against the defendants, alleging, inter alia, violations of the CFAA, copyright infringement, trade secret misappropriation, and breach of the Services Agreement.

The plaintiff moved for two preliminary injunctions. The plaintiff sought to enjoin the defendants, per the Services Agreement, from providing the defendants’ customers with the allegedly copied, reverse engineered, and misappropriated features. Additionally, the plaintiff sought to enjoin the defendants, pursuant to the CFAA, from further accessing the password-protected “site admin” areas.

The court denied the Services Agreement injunction because the plaintiff did not make a “strong showing” of the four injunction factors to justify altering the status quo. However, the court granted the CFAA injunction.

The noteworthy aspect of this case is the court’s analysis of the “likelihood of success” factor in granting the plaintiff’s CFAA injunction. 

In order to bring a civil claim under the CFAA, the plaintiff was required to prove that the violations resulted in the loss of at least $5,000 within a one-year period. (18 U.S.C. § 1030(g) and (c)(4)(A)(i)). The parties disputed whether the plaintiff’s hiring of a third-party computer forensic investigator to assist with its investigations constituted a “loss.” Additionally, the defendants argued that the plaintiff could not bring a claim because it suffered no interruption of service. 

The court recognized that the majority of courts find the costs of investigations and responses to security breaches constitute “loss,” regardless of whether service is interrupted. (See, e.g., A.V. v. iParadigms, LLC, 562 F.3d 630, 646 (4th Cir. 2009); EF Cultural Travel BV v. Explorica, Inc., 274 F.3d 577, 584 (1st Cir. 2001); SuccessFactors, Inc. v. Softscape, Inc., 544 F.Supp.2d 975, 980-81 (N.D.Cal. 2008); Res. Ctr. for Indep. Living v. Ability Res., Inc., 534 F.Supp.2d 1204, 2111 (D.Kan. 2008); Patrick Patterson Custom Homes, Inc. v. Bach, 586 F.Supp.2d 1026, 1036 (N.D.Ill 2008); NCMIC Fin. Corp. v. Artino, 638 F.Supp.2d 1042, 1064 (S.D. Iowa 2009)).

The court reasoned that the plain language of “loss” defined in § 1030(e)(11) distinguishes between the costs of responding to CFAA violations and the consequential damages from interruptions of service. In fact, the legislative history of the CFAA indicates that it the statute was designed to address situations in which damage never occurred. The court found this case almost identical to the California district court decision in SuccessFactors. In SuccessFactors, the court held that  when confidential information is obtained, it is necessary for the violated party to discover who has the confidential information, how they accessed it, and what the violators were doing with it. Thus, the defendants’ alleged access of the plaintiff’s protectable confidential information naturally incurred the costs of an investigation. Specifically, the court stated “[i]t, therefore, is not surprising that Plaintiff also had to go to great lengths to uncover Defendants’ identity, as well as to uncover the extent of their unauthorized access and the methods they used. Accordingly, Defendants should not be allowed to complain about the costs Plaintiff incurred in doing so.”

While the court in AssociationVoice followed the growing majority, the Second Circuit and district courts in Florida, Virginia, Connecticut, and Louisiana still require an interruption of service in order to bring a claim under the CFAA. (See, e.g., Nexans Wires S.S. v. Sark-USA, Inc., 166 Fed.Appx. 559, 563 (2d Cir. 2006)).

What does this mean? The CFAA remains a viable option to combat data theft. Although some courts have narrowed the applicability of the CFAA, many courts, like the AssociationVoice court, recognize CFAA claims even where the defendants’ actions do not result in any interruptions of service. Some courts have even extended the “costs to respond” to include investigations into ways to improve security. (See, e. g., JedsonEng’g, Inc., v Spirit Construction Services, Inc., (S.D. Ohio 2010). Accordingly, in order to satisfy the “loss” requirement under the CFAA, make sure that  qualified computer forensic investigators are utilized (in coordination with legal counsel) to respond to and assess the computer breach as soon as your company learns of the data theft.  

 

We informed our readers on March 31, 2009 about Illinois House Bill 4040, titled "Illinois Covenants Not to Compete Act" (link). House Bill 4040 attempted to limit non-compete enforcement to employees or independent contractors who:

  • have substantial involvement in the executive management of the employer’s business;
  • have direct and substantial contact with the employer’s customers;
  • possess knowledge of the employer’s trade secrets and/or proprietary information;
  • possess such unique skills that they have achieved "a high degree of public or industry notoriety, fame, or reputation as a representative of the employer;" or
  • are among the highest paid 5% of the employer’s work force for the year immediately preceding the separation.

House Bill 4040 also attempted to change Illinois law by:

  • eliminating an employer’s ability to enforce a non-competition covenant if the employer failed to notify the new employee two weeks prior to the first day of his employment that a covenant not to compete is required, or if the covenant is not accompanied by a "material" advancement, promotion, bonus or compensation increase;
  • creating a rebuttable presumption that a non-competition covenant is invalid if the covenant exceeds one year, the geographic restrictions in the covenant cover areas beyond which the former employee provided services "during the one year preceding his termination;" or if the covenant concerns personal services activities that the employee did not perform during the "one year preceding termination of their employment;"
  • forbidding a court, if it chooses to modify an existing covenant, from imposing a damages award for the employee’s original breach of the covenant; 
  • instructing a court to interpret any attorneys’ fees provision found in a non-competition covenant to allow either the employer or the employee to recover their attorneys’ fees
  • empowering the court to award attorneys’ fees to the employee if, through a declaratory judgment action brought by the employee, the court declares the non-competition covenant unenforceable.

House Bill 4040 was introduced by Representative Rosemary Mulligan (Republican – 65th District) and never made it out of committee. Hence, the Bill terminated when the Illinois House of Representatives concluded its session. However, Representative Jil Tracy (Republican – 93rd District) introduced a bill identical to House Bill 4040 on January 12, 2011. Representative Mulligan became a co-sponsor of Representative Tracy’s bill, House Bill 0016, on February 4th. So far, House Bill 0016 has not attracted significant public attention or traction in the Illinois House. Nevertheless, we will continue to monitor House Bill 0016 and any other actions the Illinois House or Senate may undertake with respect to non-competition agreements or trade secrets.

On January 20, 2011, Massachusetts State Representatives Lori Ehrlich, William Brownsberger, and Alice Hanlong Peisch re-filed the Massachusetts non-compete bill, aptly entitled “An Act Relative to Noncompetition Agreements.”  The bill was originally submitted in late 2009 as House No. 1799, and since that time has undergone significant review, comment, and revision.  While much of the bill remains the same, its sponsors made changes to address several concerns the business community had expressed about particular provisions.  There is no current timeline for a vote on the bill, but we do expect there to be ample opportunity to provide additional input.

What Remains the Same As the Prior Bill?

The bill applies to non-compete agreements in the context of employment, including forfeiture for competition agreements (agreements that impose adverse financial consequences if an employee engages in competitive activities).  However, the bill specifically excludes non-solicitation agreements (both of customers and employees); non-compete agreements outside the employment context, such as those that are executed in the sale of a business; forfeiture agreements (agreements that impose adverse financial consequences as a result of termination regardless of whether the employee engages in competitive activities); and agreements not to reapply for employment.  The bill does not apply to non-disclosure or confidentiality agreements. 
In essence, the bill codifies the existing common law rules, which provide that non-compete agreements are enforceable only if they are reasonable in duration, geographic reach, and scope of proscribed activities necessary to protect the employer’s trade secrets, confidential information, or goodwill, and are consonant with public policy.  In addition, the bill does not change current Massachusetts law permitting courts to reform or modify unreasonable non-compete agreement provisions.

The bill requires non-competes to be in writing, signed by both parties, and “to the extent reasonably feasible,” they must be provided to the employee at least seven business days in advance of employment.  If the agreement is executed after the commencement of the employment relationship, the employee must be provided with notice and “fair and reasonable” consideration (beyond continued employment).

The bill restricts non-compete agreements to one year, except for “garden leave” clauses (agreements by which the employer agrees to pay the employee during the restricted period), which may last up to two years. 

The bill mandates the payment of attorneys’ fees to employees if a court refuses to enforce “a material restriction or reforms a restriction in a substantial respect,” or if it finds that the employer acted in bad faith.  Attorneys’ fees are not mandated, however, if a particular provision is “presumptively reasonable,” as defined by the statute, or if the employer made “objectively reasonable efforts to draft the rejected or reformed restriction so that it would be presumptively reasonable,” even if a court refuses to enforce or reforms the provision.  An employer may be entitled to its legal fees if it prevails only if they are otherwise permitted by statute or contract, the agreement is presumptively reasonable, the non-compete was enforced, and the employee acted in bad faith.

What Has Changed From the Prior Bill?

Perhaps the most significant change in the current version of the bill is that it no longer restricts the use of non-compete agreements to employees making more than $75,000 per year.  Instead, the bill calls for courts to consider the economic circumstances of, and economic impact on, the employee.  This is important because there are many companies doing business in the Commonwealth, oftentimes start-ups, that employ individuals who are paid less than $75,000 per year, but who are otherwise provided with potentially lucrative equity interests, stock options, or the like.  The departure of these employees to a competitor can cripple a start-up company and can even cause hardship to well-established companies that may utilize these other types of non-monetary compensation and pay key employees less than $75,000.  This salary benchmark was also a concern for companies that employ part-time or seasonal employees, and staffing agencies, to name a few, which may not meet the $75,000 salary benchmark in a calendar year.    

Another change in the bill relates to the award of mandatory attorneys’ fees to employees.  While this provision remains in the bill, as discussed above, an employer can avoid paying fees if the court determines that it undertook “objectively reasonable efforts to draft the rejected or reformed restriction so that it would be presumptively reasonable,” even if unsuccessful.  This provision, however, does not provide clear guidance to employers as to the parameters of such “objectively reasonable efforts,” and remains a significant departure from existing law that litigants pay their own attorneys’ fees, win or lose.

Like some other states, including California, the bill, in its prior and current versions, explicitly rejects the inevitable disclosure doctrine (which holds that even in the absence of an enforceable non-compete agreement, a former employee may be prevented from working for a competitor based on the expectation that the employment would inevitably lead to the disclosure of trade secrets or confidential information of the former employer).  The newest version of the bill, however, recognizes that employers may nevertheless protect themselves using other laws and agreements, including applicable trade secrets laws and non-disclosure agreements.   

Other changes from the last version of the bill include: (a) non-competes executed after the commencement of employment no longer must be accompanied by a 10% increase in salary to be presumptively reasonable; now, they must simply be supported by “fair and reasonable consideration”; (b) non-compete agreements no longer need to be separate documents; (c) garden leave clauses are permitted; and (d) the scope of restrictions placed on forfeiture agreements has been limited.

Finally, it is important to note that the bill is not retroactive, and will not apply to agreements entered into before January 1, 2012.

Seyfarth Shaw plans to monitor and participate in the legislative process and will report on the status and evolution of this bill on our blog, Trading Secrets, at www.tradesecretslaw.com.  If you have any questions or would like to provide input on the bill, please contact the Seyfarth Shaw attorney with whom you work or any Trade Secrets, Computer Fraud & Non-Compete attorney on our website (www.seyfarth.com/tradesecrets). Click here for Seyfarth Shaw’s Management Alert on the bill.

By Robert Milligan and Joshua Salinas

Wrongfully accessing someone’s personal email account may cost you $1,000 per unauthorized access, even if that person suffers no injury or loss. In Pure Power Boot Camp v. Warrior Fitness Boot Camp, 2010 WL 5222128 (S.D.N.Y. 2010), a New York district court permitted the recovery of statutory damages under the Stored Communications Act (SCA) (18 U.S.C. § 2707(a)) without proof of actual damages sustained.

Lauren Brenner allegedly hired former U.S. Marines Ruben Belliard and Alex Fell to work as “drill instructors” at her Pure Power Boot Camp physical fitness center. While still employed at Pure Power, Belliard and Fell allegedly made plans to open a competing boot camp style physical fitness center. Belliard and Fell left Pure Power, and shortly thereafter opened Warrior Fitness Boot Camp.

Fell alleged that after he left, Benner, or someone from Pure Power, accessed his personal e-mail account and printed e-mails from his personal Gmail, Hotmail, and Warrior Fitness accounts. Fell had left his username and password information saved on Pure Power computers, which allowed access to his email accounts. The emails revealed that Belliard and Fell allegedly copied Pure Power documents, stole Pure Power customers, and shredded their non-compete agreement.

Benner allegedly read these emails and Pure Power Boot Camp brought claims against Belliard and Fell, which included claims for breach of their non-compete agreements and theft of Pure Power’s business model, customers, and documents.

Fell counterclaimed against several parties, including Brenner and Pure Power, alleging that the unauthorized access of Fell’s account violated the SCA and entitled him to statutory and punitive damages, as well as attorneys’ fees.

A significant issue in this case was whether Fell could recover statutory damages under the SCA, even though he failed to allege or prove actual damages. In fact, Fell confirmed in his deposition that he sought only statutory and punitive damages.

On summary judgment, the court held that proof of actual damages is not required to recover under the SCA. The interesting aspect of this case was the court’s departure from the holding in Van Alstyne v. Elec. Scriptorium, Ltd.,560 F.3d 199 (4th Cir. 2009), the only federal appellate decision to analyze this issue. Van Alstyne required proof of actual damages in order to recover the $1,000 statutory damages under SCA. Van Alstyne based its decision on Doe v. Chao, 540 U.S. 614 (2004), where the Supreme Court required proof of actual damages for recovery under the Privacy Act. However, the Pure Power court criticized Van Alstyne’s analysis because the SCA and Privacy Act have different purposes, language construction, and legislative histories.

Indeed, according to the court, an overwhelming majority of jurisdictions decided after Doe permit recovery of statutory damages under the SCA absent actual damages. This has been applied to unauthorized access of employee’s email accounts (Cedar Hill Assocs., Inc. v. Paget, No. 04cv0557, 2005 WL 3430562 (N.D. Ill. 2005)), restricted websites (In re Hawaiian Airlines, Inc., 355 B.R. 225 (D.Haw. 2006)), and social media accounts (Pietrylo v. Hillstone Restaurant Group, No. 06-5754, 2009 WL 3128420 (D.N.J. 2009)).

The court, however, rejected Fell’s argument that each e-mail that was accessed constituted a separate $1000 violation under the SCA. The court found that, because the period over which the emails were accessed was relatively short (a nine day period), and because there was no evidence indicating the specific number of times each account was accessed, it was appropriate to aggregate the intrusions with respect to each individual e-mail account and find that there had been four independent violations of the SCA  –one violation for each unauthorized access of an electronic communications facility, which allowed access to electronic communications while still in electronic storage.  The court also rejected Fell’s request for punitive damages at this stage in the proceedings because the court was unable to determine as a matter of law which party accessed the email accounts, and the surrounding circumstances, and therefore, there was no basis upon which to decide whether punitive damages were appropriate. The court also rejected Fell’s request for attorneys’ fees as premature because the court was presently unable to determine which of the parties named in the counterclaim was liable for the four violations of the SCA.

The Pure Power court’s affirmation of some employee privacy rights and the removal of the actual damages hurdle to a SCA claim have several implications for employers and management. First, increased attention must be given when dealing with employee personal e-mail and social network accounts. The decision does not impair the ability to monitor employee web activity or work provided email accounts, provided that the employer has clear policies articulating that employees have no expectation of privacy. However, extra care must be given to employee personal accounts, particularly when the employee saves login information on the computer and the login information is used to access the employee’s personal accounts. Employers should not engage in such conduct. 

In Pure Power, the access of Fell’s email accounts created a cause of action to recover statutory damages for Fell, where the employer may have a solid non-compete/unfair competition suit against the employee. Perhaps more detrimental to employer Pure Power Boot Camp, the court also excluded the highly relevant emails demonstrating alleged employee disloyalty from evidence. Finally, the ability to recover statutory damages without proof of actual damages, as well as punitive damages and attorney fees, may provide an incentive for employees and their counsel to pursue SCA claims against current and former employers.