Vehicle Valuation Services v. DiMaria, et al., 2013 WL 5587089 (N.D. Ill. Oct. 10, 2013)

Posted byShawn E. Tuma Leave a comment on Vehicle Valuation Services v. DiMaria, et al., 2013 WL 5587089 (N.D. Ill. Oct. 10, 2013)

Vehicle Valuation Services v. DiMaria, et al., 2013 WL 5587089 (N.D. Ill. Oct. 10, 2013)

Defendants are former employees of Plaintiff; Plaintiff’s primary allegation is against Defendant DiMaria who resigned his employment. Plaintiff recovered e-mails from his computer showing he had e-mailed himself confidential and proprietary business information belonging to Plaintiff, which all Defendants used in starting a competing business.

Plaintiff sued Defendant DiMaria for violating § 1030(a)(5)(A) of the Computer Fraud and Abuse Act, which is somewhat unique for these types of cases. Typically employers sue for access violations but this section is a transmission violation where someone “knowingly causes the transmission of a program, information, code or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer.”

It is integral to this particular transmission claim that the protected computer sustain damage, which means “any impairment to the integrity or availability of data, a program, a system, or information.” 18 U.S.C. § 1030(e)(8). The damage must be adequately pleaded. In this case Defendants’ Motion to Dismiss was granted because all the Plaintiff did was recite the elements of the claim, without more elaboration:

Plaintiff alleges that Defendant “Darren DiMaria intentionally caused damage without authorization to one or more protected computers then owned by VVS.” But that allegation is insufficient, as it is no more than recitation of an element of the CFAA. Nowhere else in the Complaint does Plaintiff allege that its data has been lost or damaged. Nor does Plaintiff allege expenses related to business interruption. Plaintiff complains that data was copied and has not been returned, but copying or downloading business information is not “damage” to a protected computer under the CFAA.

The complaint must provide factual content that shows that Plaintiff has suffered the type of damage contemplated by the statute–some harm to “data, a program, a system, or information.” Because it does not do so, it fails to state a claim upon which relief can be granted. (internal citations omitted).

Published by Shawn E. Tuma

Shawn Tuma is an attorney who is internationally recognized in cybersecurity, computer fraud and data privacy law, areas in which he has practiced for nearly two decades. He is a Partner at Spencer Fane, LLP where he regularly serves as outside cybersecurity and privacy counsel to a wide range of companies from small to midsized businesses to Fortune 100 enterprises. You can reach Shawn by telephone at 972.324.0317 or email him at stuma@spencerfane.com.

Leave a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from Business Cyber Risk

Subscribe now to keep reading and get access to the full archive.

Continue reading