Do alleged violations of the Computer Fraud and Abuse Act, Stored Communications Act, and Wiretap Act committed by a company’s Regional Manager make the company liable?
No, as long as the Regional Manager was not acting on behalf of the company.
On October 19, 2012, the United States Court of Appeals for the Fifth Circuit issued its ruling in Larson v. Hyperion Int’l Technologies, L.L.C., No. 12-50102 (5th Cir. 2012) in which it affirmed the district court’s granting of a Motion to Dismiss Larson’s Complaint. Larson (pro se) sued Hyperion alleging that Hyperion’s Regional Manager, Frank Stephenson, acquired his personal and private communications, including emails, medical records, and attorney-client communications which he then faxed to a third party, all without Larson’s knowledge or authorization, by using Hyperion’s fax machine and fax cover pages for the transmissions. Larson sued Hyperion for violating the Computer Fraud and Abuse Act, Stored Communications Act, and Wiretap Act, among other things. Following the district court’s dismissal, Larson appealed pro se.
The Fifth Circuit observed that the Computer Fraud and Abuse Act, Stored Communications Act, and Wiretap Act statutes all “expressly require intentional interception or publication of electronic communications” by the defendant. The Complaint in this case alleged that Stephenson intentionally violated each of these statutes but, because there was no showing that Stephenson was acting on behalf of Hyperion (the defendant), dismissal of those claims was proper.
Takeaway: If you are going to sue a company for violating the Computer Fraud and Abuse Act, Stored Communications Act, or Wiretap Act, you must also be prepared to plead and prove that the intentional actions of the individuals committing the wrongful acts were acting on behalf of the company.
If you have any questions about pursuing or defending claims under the CFAA or the ECPA, please feel free to contact me to discuss.
Shawn E. Tuma (469.635.1335 / firstname.lastname@example.org)
- Does “Authorization” Matter? (secureconsulting.net)
- No Computer Fraud and Abuse Act violation for taking over former employee’s LinkedIn account (internetcases.com)
- Experts question guilty verdict for AT&T ‘hackers’ (networkworld.com)