Search form

New Florida Law Offers Employers Leverage Against Employees’ Unauthorized Access of Data, Files

By Joseph J. Lazzarotti and Mendy Halberstam
  • August 11, 2015

Effective October 1, 2015, Florida’s Computer Abuse and Data Recovery Act (Sections 668.801- 668.805, Florida Statutes) (CADRA) provides a new remedy to employers and other businesses that suffer harm or loss due to unauthorized access to their computers or to information stored on their computers.

CADRA provides a civil cause of action for businesses actually harmed by an individual who knowingly, and with intent to cause harm, obtains information from a covered computer without authorization. In addition to monetary remedies and injunctive relief, CADRA allows a successful employer or business to recover attorney’s fees.

While criminal hacking and data breaches by third parties can occur and are the subject of extensive publicity, CADRA was passed to help businesses and employers respond to “inside jobs,” that is, unauthorized access to data by employees.

How it Works

Protection under CADRA requires the business’s computer to be a “protected computer” and access has been effectuated by someone who is not an “authorized user.” This means that a business cannot seek protection for its data if the business does not take reasonable measures on its own to protect the data.

The law comes into play only if the information taken from a “protected computer” is taken “without authorization.” While it is unclear whether an employee who has the authority to access certain data at the time the data is accessed violates CADRA if they exceed their authority, it is clear that any authorized access terminates upon cessation of employment. Moreover, the owner of the information can expressly revoke an otherwise-authorized person’s access if the employee goes outside the scope of authority.

Litigation Use

In litigation with employees, employers often discover that current or former employees retain information from the employer’s computer systems. For example, employees may email files and other company documents to their personal email addresses. In addition, employees can print from company computers sensitive or even routine documents and bring them home.

CADRA and its remedies and attorney’s fees provisions provide an opportunity for forward-thinking employers to gain leverage against their employees by counterclaiming against any employee who improperly takes employer data with them upon termination and fails to return such company data. An effective CADRA claim allows an employer to recover or offset the fees it expends seeking relief for a CADRA violation.

However, coverage under CADRA is not automatic. Employers first must put reasonable measures in place (“technological access barriers”) to restrict access to company computer data. Companies also should have clear policies spelling out what constitutes authorized access, what conduct is deemed improper and unauthorized access, and when the right to access is revoked.

Similarly, employers should monitor carefully any violation of their data access policies and make it clear that employees will be disciplined for any violations. Finally, companies should address violations in a consistent manner, and train human resources and IT personnel to spot possible violations and know how to respond when a violation occurs.

Employers should consider reviewing and revising their handbooks and policies and implement an effective data access policy and appropriate technological access barriers. Please contact a Jackson Lewis attorney if you have any questions.

©2015 Jackson Lewis P.C. This Update is provided for informational purposes only. It is not intended as legal advice nor does it create an attorney/client relationship between Jackson Lewis and any readers or recipients. Readers should consult counsel of their own choosing to discuss how these matters relate to their individual circumstances. Reproduction in whole or in part is prohibited without the express written consent of Jackson Lewis.

This Update may be considered attorney advertising in some states. Furthermore, prior results do not guarantee a similar outcome.

Jackson Lewis P.C. represents management exclusively in workplace law and related litigation. Our attorneys are available to assist employers in their compliance efforts and to represent employers in matters before state and federal courts and administrative agencies. For more information, please contact the attorney(s) listed or the Jackson Lewis attorney with whom you regularly work.

See AllRelated Articles You May Like

November 8, 2017

How Cybersecurity Lapses Hurt Auto Dealerships and What Dealerships Can Do

November 8, 2017

Automobile dealerships’ cybersecurity vulnerabilities can drive away customers, according to a survey by auditing firm Total Dealer Compliance. Automotive News said the survey of 200 dealerships in five states found that: Nearly 84 percent of consumers would not buy another car from a dealership that had a data security breach... Read More

October 23, 2017

Illinois Nursing Home Faces Employee Class Action Based on State Biometric Privacy Act

October 23, 2017

Alleging that mandatory daily biometric fingerprint scans violate employees’ privacy rights under the Illinois Biometric Information Privacy Act (BIPA), employees of Paramount of Oak Park Rehabilitation & Nursing Center, LLC, have filed a putative class action against the nursing home. The BIPA requires companies that collect and... Read More

October 4, 2017

Retail Industry Workplace Law Update – Fall 2017

October 4, 2017

Oregon Enacts Scheduling Legislation Oregon has become the first U.S. state to regulate employer scheduling practices in the retail, food service, and hospitality industries. Read full article… States Strengthen Protections for Pregnant Workers Employers should plan to comply with changes to Connecticut, Massachusetts, and... Read More