Are civil remedies available in Florida for unauthorized access to computer systems?
Updated: Jan 23, 2019
Florida's Computer Abuse and Data Recovery Act (CADRA), codified at § 668.801, Fla. Stat., et. seq., is Florida's Data Protection Law, and has similarities to its federal counterparts the Stored Communications Act (“SCA”), 18 U.S.C. §§ 2701, et seq., and the Computer Fraud and Abuse Act (“CFAA”), 28 U.S.C. §§ 1030, et seq., which will be explored in a later blog post. CADRA is intended to provide a civil remedy for those who suffer damages as a result of unauthorized access to their computer systems. It is important that business owners operate with knowledge of the requirements imposed by CADRA, so that they are entitled to relief under CADRA if a violation occurs. If CADRA applies, a business owner can obtain relief in the form of attorney's fees, as well as money damages, including lost profits, profits gained by the defendant, and/or economic damages.
§ 668.803, Fla. Stat., provides that a person is liable if he or she “(1) [o]btains information from a protected computer without authorization and, as a result, causes harm or loss; (2) [c]auses the transmission of a program, code, or command to a protected computer without authorization and, as a result of the transmission, causes harm or loss; or; (3) [t]raffics in any technological access barrier through which access to a protected computer may be obtained without authorization . . . ." § 668.803, Fla. Stat. (emphasis added). Either the owner, operator or lessee of the protected computer, or the owner of the information stored on the protected computer who uses the information in the operation of a business, can bring a cause of action under CADRA. A plaintiff must allege that a defendant acted “knowingly and with intent to cause harm or loss[.]” Therefore, the primary considerations under this statute are: (1) was the computer protected; (2) was the defendant authorized; (3) what damages were incurred; and (4) what was the defendant's intent.
In order to properly assert a cause of action under CADRA, a plaintiff must allege that a “Protected Computer” was accessed, which requires that “the stored information, programs, or code can be accessed only by employing a technological access barrier.” § 668.802, Fla. Stat. “'Technological access barrier'” means a password, security code, token, key fob, access device, or similar measure. § 668.802, Fla. Stat. If the computer in question is not a "Protected Computer," then CADRA affords no relief. Whether or not a computer can be categorized as a protected computer is critical, and business owners seeking to protect themselves should ensure that their systems are sufficiently secured from unauthorized users.
Importantly, § 668.802, Fla. Stat., defines “authorized user” as including: “a director, officer, employee, third-party agent, contractor, or consultant of the owner, operator, or lessee of the protected computer or the owner of information stored in the protected computer if the[y are] . . . given express permission by the owner, operator, or lessee of the protected computer or by the owner of information stored in the protected computer to access the protected computer through a technological access barrier." Such permission, however, is terminated upon revocation by the owner, operator, or lessee of the protected computer or by the owner of information stored in the protected computer, or upon cessation of employment, affiliation, etc. § 668.802, Fla. Stat. Thus, in order for an employee, officer, director, etc., to be protected by the safety net afforded by the definition of "authorized user," they must have express permission to access the protected computers, and this permission can be revoked, and automatically ends once their employment terminates.
A business owner would be wise to ensure that sensitive data is kept appropriately protected on secure computers, to which only employees who actually need such data and information have authorized access. A Company's employment manual and/or contracts can expressly detail which devices certain categories of employees are authorized to access, and limit authorization where necessary and appropriate. That way, if an employee who has no reason to access certain information or data decides to abscond with or utilize same, the employer has a remedy available to obtain redress for their damages.
An action under CADRA is only one of various causes of action which may be available under similar circumstances. If you have been the victim of unauthorized access to your computer systems, or have been accused of violating CADRA, it is important that you seek counsel as to the various civil causes of action, or defenses, that may be available to you. CADRA, among various other civil causes of action, may be available as between a husband and wife in a divorce proceeding. Jeffrey Law, PA, stands ready to assist! Contact us today at (305) 222-7921 or Office@RSJLegal.com.
Robert Stone Jeffrey, Esq., is an attorney admitted to the Florida Bar in 2010, the United States District Court for the Middle District of Florida, the United States District Court for the Southern District of Florida, and the Supreme Court of the United States. Mr. Jeffrey has experience handling complex and high asset family law disputes, and has authored chapters in various publications relating to Florida family law. Mr. Jeffrey is currently a member of the Family Law Section of the Florida Bar Rules and Forms Committee. More information about Mr. Jeffrey, and Jeffrey Law, PA, can be found at www.rsjlegal.com. Mr. Jeffrey has been awarded an AV Rating by Martindale-Hubbell (2017 - 2019), as "Peer Rated For Highest Level of Professional Excellence." Robert was awarded a 10/10 rating by Avvo.com, and various client reviews can be accessed through that platform. See https://www.avvo.com/attorneys/33134-fl-robert-jeffrey-3341362.html.
This Website is made available for educational purposes only, and is only intended to give you general information and a general understanding of the law, not to provide specific legal advice, or any legal advice whatsoever. By using this Website and reading this Blog you understand and agree that there is no attorney-client relationship between you and the Blog and/or Website publisher. By using this Website and reading this blog you understand and agree that any statements on the Blog are solely opinions of the author(s). This Website and/or Blog should not and cannot be used as a substitute for competent legal advice from an attorney licensed in your state or jurisdiction. The hiring of a lawyer is an important decision that should not be based solely upon advertisements.