Search form

New Florida Law Offers Employers Leverage Against Employees’ Unauthorized Access of Data, Files

By Joseph J. Lazzarotti and Mendy Halberstam
  • August 11, 2015

Effective October 1, 2015, Florida’s Computer Abuse and Data Recovery Act (Sections 668.801- 668.805, Florida Statutes) (CADRA) provides a new remedy to employers and other businesses that suffer harm or loss due to unauthorized access to their computers or to information stored on their computers.

CADRA provides a civil cause of action for businesses actually harmed by an individual who knowingly, and with intent to cause harm, obtains information from a covered computer without authorization. In addition to monetary remedies and injunctive relief, CADRA allows a successful employer or business to recover attorney’s fees.

While criminal hacking and data breaches by third parties can occur and are the subject of extensive publicity, CADRA was passed to help businesses and employers respond to “inside jobs,” that is, unauthorized access to data by employees.

How it Works

Protection under CADRA requires the business’s computer to be a “protected computer” and access has been effectuated by someone who is not an “authorized user.” This means that a business cannot seek protection for its data if the business does not take reasonable measures on its own to protect the data.

The law comes into play only if the information taken from a “protected computer” is taken “without authorization.” While it is unclear whether an employee who has the authority to access certain data at the time the data is accessed violates CADRA if they exceed their authority, it is clear that any authorized access terminates upon cessation of employment. Moreover, the owner of the information can expressly revoke an otherwise-authorized person’s access if the employee goes outside the scope of authority.

Litigation Use

In litigation with employees, employers often discover that current or former employees retain information from the employer’s computer systems. For example, employees may email files and other company documents to their personal email addresses. In addition, employees can print from company computers sensitive or even routine documents and bring them home.

CADRA and its remedies and attorney’s fees provisions provide an opportunity for forward-thinking employers to gain leverage against their employees by counterclaiming against any employee who improperly takes employer data with them upon termination and fails to return such company data. An effective CADRA claim allows an employer to recover or offset the fees it expends seeking relief for a CADRA violation.

However, coverage under CADRA is not automatic. Employers first must put reasonable measures in place (“technological access barriers”) to restrict access to company computer data. Companies also should have clear policies spelling out what constitutes authorized access, what conduct is deemed improper and unauthorized access, and when the right to access is revoked.

Similarly, employers should monitor carefully any violation of their data access policies and make it clear that employees will be disciplined for any violations. Finally, companies should address violations in a consistent manner, and train human resources and IT personnel to spot possible violations and know how to respond when a violation occurs.

Employers should consider reviewing and revising their handbooks and policies and implement an effective data access policy and appropriate technological access barriers. Please contact a Jackson Lewis attorney if you have any questions.

©2015 Jackson Lewis P.C. This Update is provided for informational purposes only. It is not intended as legal advice nor does it create an attorney/client relationship between Jackson Lewis and any readers or recipients. Readers should consult counsel of their own choosing to discuss how these matters relate to their individual circumstances. Reproduction in whole or in part is prohibited without the express written consent of Jackson Lewis.

This Update may be considered attorney advertising in some states. Furthermore, prior results do not guarantee a similar outcome.

Jackson Lewis P.C. represents management exclusively in workplace law and related litigation. Our attorneys are available to assist employers in their compliance efforts and to represent employers in matters before state and federal courts and administrative agencies. For more information, please contact the attorney(s) listed or the Jackson Lewis attorney with whom you regularly work.

See AllRelated Articles You May Like

January 29, 2018

Fitness Industry Workplace Law Update – Winter 2018

January 29, 2018

Welcome to our premiere issue! Our goal is to keep fitness industry clients and contacts informed about employment and labor law issues that may affect your organizations. We hope you find this newsletter valuable and invite you to share it with interested colleagues and contacts. In this issue, we provide a brief summary of hot... Read More

January 24, 2018

2018: The Year Ahead for Employers

January 24, 2018

An executive summary of recent changes in workplace law and a look ahead to 2018. Read More

January 23, 2018

Data Privacy Day: Top 10 for 2018

January 23, 2018

In honor of Data Privacy Day, we provide the “Top 10 for 2018.” While the list is by no means exhaustive, it provides key issues organizations should consider in 2018. 1. Greater Focus on EU Data Protection Requirements Many U.S. organizations mistakenly think the European Union’s data protection requirements do not apply to them.... Read More