Taking of Confidential Info Alone Not “Loss” Under CFAA

Posted byShawn E. Tuma 9 Comments on Taking of Confidential Info Alone Not “Loss” Under CFAA

Under the Computer Fraud and Abuse Act (“CFAA”), an employee’s mere taking of confidential information, without more, does not constitute a “loss” as required by the statute.

On March 28, 2011, the United States District Court for the Eastern District of Wisconsin entered on Order in Direct Supply, Inc. v. Pedersen, No. 10-C-0278 (E.D. Wis. 2011), granting Pedersen’s Motion to Dismiss for failure to state a valid claim under the CFAA. Direct Supply sued Pedersen, its former employee, alleging that during his employment Pedersen had taken confidential information and gave it to a third party, purportedly to later extort Direct Supply. Direct Supply alleged that it

incurred loss of at least $5,000 in a one-year period as a result of Pedersen’s unauthorized possession, access, and copying of Direct Supply’s proprietary information.” (Order p. 4).

The court found that allegation alone did not adequately state a “loss” which the CFAA defines as:

any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.” (Order p. 3).

Accordingly, the court determined than an employee’s unauthorized accessing, copying, and possessing confidential information–without more–does not constitute a loss to the employer under the CFAA.

Published by Shawn E. Tuma

Shawn Tuma is an attorney who is internationally recognized in cybersecurity, computer fraud and data privacy law, areas in which he has practiced for nearly two decades. He is a Partner at Spencer Fane, LLP where he regularly serves as outside cybersecurity and privacy counsel to a wide range of companies from small to midsized businesses to Fortune 100 enterprises. You can reach Shawn by telephone at 972.324.0317 or email him at stuma@spencerfane.com.

Join the Conversation

9 Comments

  1. Pingback: Former Employee’s Deletion of Data Could be “Loss” Under Computer Fraud and Abuse Act « Shawn E. Tuma, J.D.
  2. Pingback: Computer Fraud and Abuse Act Can Prohibit Employee From Deleting Emails « Shawn E. Tuma, J.D.
  3. Pingback: Is the Value of Confidential Information Different From Copyrighted Material Under the Computer Fraud & Abuse Act? « Shawn E. Tuma, J.D.
  4. Pingback: Basic Elements of a Computer Fraud and Abuse Act – “Fraud” Claim « Shawn E. Tuma, J.D.
  5. Pingback: New “Employment” Computer Fraud and Abuse Act case … but with a twist! « Shawn E. Tuma, J.D.
  6. Pingback: Bye Bye Brekka–Hello Nosal: Ninth Circuit Warms-up to Intended-Use Theory of “Access” Under the Computer Fraud and Abuse Act « Shawn E. Tuma, J.D.
  7. Pingback: Facebooking at Work Does Not Violate Computer Fraud and Abuse Act « Shawn E. Tuma, J.D.
  8. Pingback: Barter Services and Attorney Costs May Qualify As “Loss” Under Computer Fraud and Abuse Act « Shawn E. Tuma
  9. Pingback: Kate Gosselin Sues Jon Gosselin for Violating the Computer Fraud and Abuse Act–Did She Adequately Plead a “Loss”? | Shawn E. Tuma

Leave a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from Business Cyber Risk

Subscribe now to keep reading and get access to the full archive.

Continue reading