Shawn E. Tuma

Is Key Claim Missing from Pastor’s Lawsuit Over Wife’s Nude Pics Emailed to Swinger Site?

In Computer Fraud, Computer Fraud and Abuse Act, Cyber Trial Law, Texas Computer Crimes, Texas Computer Crimes Cases on December 3, 2016 at 4:45 pm

Should a claim for [YOU GUESS] have been included in this lawsuit? See my thoughts below and share your thoughts.

The Allegations Behind the Lawsuit

A legal team led by Gloria Allred made news by suing Toyota (and others) on behalf of a Frisco, Texas pastor and his wife, Tim  and Claire Gautreaux, alleging that a Toyota salesman emailed nude pictures of Claire to a swingers’ website from Tim’s phone while in his possession to confirm a preapproval offer that was on an app.

According to the Dallas Morning News, Matt Thomas, a salesman for Texas Toyota of Grapevine, emailed the pictures in January 2015 when the couple went in to purchase a car. Tim had a financing app on his phone that had pre-approval information and Matt Thomas took the phone out of Tim and Claire’s presence to confirm the information. It was at this time that he is claimed to have emailed the nude pictures of Claire to a swingers’ website, which Tim subsequently discovered.

After discovery, the Gautreauxs’ reported it to law enforcement authorities and, according to news reports,  Thomas has been charged criminally: “The details are outlined in the criminal complaint against Thomas, who is charged with computer security breach. His case is pending with the Tarrant County District Attorney’s Office.” The Dallas Morning News reports he was arrested for this crime in November 2015.

The Gautreauxs’ Lawsuit

On December 1, 2016, the Allred legal team filed Plaintiffs’ Original Petition in the lawsuit styled Tim and Claire Gautreaux v. Grapevine Imports, LLC d/b/a Texas Toyota of Grapevine, Toyota Motor North America, Inc. and Matt Thomas, Cause No. DC-16-15336, Dallas County, Texas, asserting 6 causes of action for the following:

  • Negligent Hiring, Supervision, Training, and Retention
  • Intrusion upon Seclusion
  • Violation of Texas Deceptive Trade Practices Act
  • Breach of Contract
  • Negligence
  • Public Disclosure of Private Facts

 

Do You See Anything Missing?

For regular readers of this blog, do you see anything missing? Especially in light of the purported criminal charge pending against Thomas for “computer security breach”?

The Claim that Was Not Alleged: Texas Harmful Access By Computer Act

Where is the claim for Harmful Access by Computer Act (HACA), Chapter 143 of the Texas Civil Practice and Remedies Code, which provides a civil cause of action, attorney’s fees, and perhaps exemplary damages for violations of the criminal offense of Breach of Computer Security, Section 33.02 of the Texas Penal Code?

Do you believe this is a proper case to at least make a claim for violations of HACA?

For an initial examination, take a look at these two posts:

For a more in-depth examination, take a look at pages 26 – 31 of this article that I published in July 2016: Federal Computer Fraud and Abuse Act and Texas Computer Crime Statutes

 

Should There Also be a CFAA Claim Here?

Now, what do you think about whether this is an unauthorized access case that should be brought under the Computer Fraud and Abuse Act, taking into account that the Gautreauxs’ “investigated” and discovered what happened without the need for third-party forensics or remediation? Does the following article change your analysis? Dang! “Loss” of Opportunity to Decide Interesting CFAA Issue, But “Loss” Analysis is Good Too

Come on, leave me a comment and give me your thoughts on this interesting case!

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Home Depot Data Breach Shareholder Derivative Suit Against Directors Fails

In Corporate Governance, Data Breach on December 1, 2016 at 11:09 am

Will Home Depot be the one to "get it"?Officers and directors of companies that have had data breaches have become targets of litigation through shareholder derivative claims since the consumer class-action claims have had a difficult time making it past the causation of harm threshold. Those officers and directors may now sigh in relief, if only briefly, following a November 30, 2016, ruling by the District Court in the Home Depot Shareholder Derivative Litigation dismissing the shareholders’ claims against the officers and directors. (Court’s Order)

The general theory of data breach shareholder derivative claims is that when a company has a data breach, the damages to the value of the company begin to accrue at the time of the breach (or, discovery of the breach) through expenses such as response and remediation costs and litigation costs, as well as diminution in brand value, all of which then reduces the value of the shareholders’ investment in the company thereby causing harm to the shareholders. Because the officers and directors consciously failed to act in the face of known risks to prevent those risks, the theory goes, they breached their duties of care and loyalty to the company and should be held responsible for such losses.

In the Home Depot ruling, the court found that the plaintiff did not meet their burden of proving the officers and directors “consciously failed to act in the face of a known duty to act” which the court called an “incredibly high hurdle for the plaintiff to overcome” and remarked that it was “not surprising that they failed to do so.”

This is a little simplistic and should not be taken as a “Get Out of Jail Free” pass for many reasons, including that the Court’s Order was 30 pages and there are more nuanced cybersecurity, corporate, and shareholder derivative issues that will be examined more closely in a future post. But for now, this at least one ray of hope for officers and directors looking for a reason to sleep a little better tonight.

Enjoy it while you can, it won’t last forever …

______________________

Shawn Tuma (@shawnetuma) is a business lawyer with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Partner at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Complimentary SecureWorld Webinar – 2016 Breaches: Lessons Learned

In Cyber Generally, Cybersecurity Law, Media, NYDFS Cybersecurity Requirements on November 29, 2016 at 10:17 pm

You are welcome to attend a complimentary SecureWorld webinar with these featured presenters:

  • Erich Kron, Security Awareness Advocate, KnowBe4
  • Aliki Liadis-Hall, Director of Compliance, North American Bancard
  • Craig Spiezle, Executive Director & President, Online Trust Alliance
  • Shawn Tuma, Cybersecurity & Data Privacy Partner, Scheef & Stone, LLP

The webinar qualifies for CPE Credits, and will take place on Wednesday, November 30 at 12 pm CST but if you are unable to attend, you can access the recording as well.

You can learn more about, and register for, the webinar at this LINK.

%d bloggers like this: