Fifth Circuit: Employee Taking Data to Work for Competitor Violates Texas Hacking Law

former employee = current data thiefBefore leaving his employment at Merritt Hawkins & Associates (MHA), Larry Gresham allegedly accessed MHA’s computer network and copied 400 of MHA’s proprietary files and then deleted hundreds of files in an attempt to hide his activities. A jury found Gresham’s actions violated the Harmful Access by Computer Act (HACA), Texas unauthorized access law (i.e., “hacking law”). The Fifth Circuit affirmed the jury’s verdict. Merritt Hawkins & Associates, L.L.C. v. Gresham, 2017 WL 2662840 (5th Cir. June 21, 2017).

Here are three key points from this case about the Texas Harmful Access by Computer Act (civil) or Breach of Computer Security (criminal) laws:

  1. An employee may violate HACA / BCS by accessing his employer’s computer system without its “effective consent” (i.e., (a) by using it for a purpose other than that for which consent was given, (b) in violation of a clear and conspicuous prohibition, or (c) in violation of an express agreement) and taking data to use for non-company business related purposes.
  2. An award of $50,000 in damages for the missing and stolen computer files was supported by sufficient evidence, in the following form:
    1. the owner of the company’s testimony that he would have to pay an employee at least $100 an hour to recreate every file that was deleted and that it would be more expensive to search the company’s database to see if any files remained, even though he admitted that it was difficult to calculate the damages, especially for those that were taken but not deleted;
    2. a computer forensics expert testified that he billed the company over $60,000 for his work assessing the damage to its computer system, excluding litigation costs; and
    3. the company’s IT employee testified about the expenses he incurred and the hours he worked trying to restore the computer files.
  3. “A prevailing party on a Harmful Access by Computer claim ‘is entitled’ to attorneys’ fees.” Tex. Civ. Prac. & Rem. Code § 143.002.

See these resources for more information about the Texas Harmful Access by Computer Act and Breach of Computer Security laws:

______________________

Shawn Tuma (@shawnetuma) is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Is Key Claim Missing from Pastor’s Lawsuit Over Wife’s Nude Pics Emailed to Swinger Site?

Should a claim for [YOU GUESS] have been included in this lawsuit? See my thoughts below and share your thoughts.

The Allegations Behind the Lawsuit

A legal team led by Gloria Allred made news by suing Toyota (and others) on behalf of a Frisco, Texas pastor and his wife, Tim  and Claire Gautreaux, alleging that a Toyota salesman emailed nude pictures of Claire to a swingers’ website from Tim’s phone while in his possession to confirm a preapproval offer that was on an app. Continue reading “Is Key Claim Missing from Pastor’s Lawsuit Over Wife’s Nude Pics Emailed to Swinger Site?”

3 Important Points on Computer Use Policies

IMPORTANT POINT #1: YOUR BUSINESS MUST HAVE A COMPUTER USE POLICY IN PLACE

Computer Use Policies (or Acceptable Use Policies, as they are often referred to) are must haves for today’s businesses. Such policies are a foundational component in how a business creates a culture of security with its workforce by establishing expectations on what are and are not permissible ways to use and safeguard the businesses’ digital assets, as well as third parties’ information that it may be holding. Continue reading “3 Important Points on Computer Use Policies”