Providing accurate, timely, and insightful legal commentary
Connectiuct Business Litigation Blog
Commentary on lawsuits and legal issues impacting Connecticut businesses. Authored by experienced business litigation attorney, Kane Bennett of Aeton Law Partners, LLP.
Civil Liability For Computer Crimes In Connecticut
In Connecticut, a person commits a computer crime if there is any violation of the provisions in Connecticut General Statutes 53a-251. This is Connecticut’s computer crime statute. The statute defines criminal conduct under the following categories: Unauthorized access to a computer system Theft of computer services Interruption of computer services Misuse of computer system information Destruction of computer equipment The computer crime statute itself does not provide for a civil cause of action. Instead, a victim of a computer crime may rely on Connecticut General Statutes 52-570b, which permits a civil lawsuit for computer-related offenses. The statute provides a basis for a lawsuit for "an aggrieved person who has reason to believe that any other person has been engaged, is engaged or is about to engage in" conduct that violates the computer crime statute. As part of a computer crime lawsuit, a business may seek a temporary or permanent injunction, restitution, actual damages, unjust enrichment, an order to appoint a receiver who may take property into his possession, or any other equitable relief. Punitive damages may be available if there is a showing of malicious or willful conduct. Further, a victim of computer crime may obtain an award of attorney’s fees and costs. One of the more common types of computer crime or cyber attack is an insider attack with unauthorized access to a computer network. A common example is a disgruntled employee or vendor with some level of access to the computer network of a business that turns into unauthorized use or damaging conduct. The cyber attack might involve theft of confidential or
Computer Fraud and Abuse Act In Connecticut
Previously, I have posted about non-compete agreements and the duty of loyalty for employees. Many times, businesses do not have written contracts to protect confidential and proprietary information from not only competitors and vendors, but also their own employees. Without a contract, the common law of Connecticut concerning breach of fiduciary duty is one of the ways attorneys can seek to protect business clients against improper use of confidential information. Another method for attorneys to seek to protect their clients’ confidential information stored on a computer system or network is through the federal Computer Fraud and Abuse Act (CFAA). The CFAA is largely a criminal statute, but is being used more frequently in civil cases on behalf of businesses faced with loss or theft of confidential and proprietary information and trade secrets. The CFAA, 18 U.S.C. 1030, essentially provides for civil liability for unauthorized access to protected computers with intent to defraud or cause damage. There are civil enforcement provisions that allow private actions for recoverable loss related to prohibited conduct if a series of factors can be proved in court. Recently, Peter J. Toren wrote an excellent article in the New York Law Journal where he detailed methods in which the CFAA might be useful for attorneys to protect client trade secrets and other confidential information. Peter listed the six factors necessary for proof of damages. Peter also noted some of the limitations of the CFAA when it comes to employee theft of trade secrets and described the narrow and broad views taken by different courts when interpreting improper access of
The Standard of Proof in Connecticut for Civil Theft
In Stuart v. Stuart, to be officially released on June 22, 2010, the Connecticut Supreme Court clarified the standard of proof for civil theft cases in Connecticut (download decision here). Prior to this ruling, there was some confusion amongst attorneys and trial courts as to the appropriate standard of proof for a civil theft claim under Connecticut General Statutes section 52-564. Connecticut’s civil theft statute states, in pertinent part: Treble damages for theft. Any person who steals any property of another, or knowingly receives and conceals stolen property, shall pay the owner treble his damages. To successfully allege civil theft, an attorney must plead and prove the elements of larceny under Connecticut General Statutes section 53a-119. The key element that must be established is the taking or withholding of property with the intent to deprive another person of the property. Some examples of successful use of Connecticut’s civil theft statute: Overdrawing on bank accounts Theft of business or corporate property Accepting insurance premium payments in excess of required amounts Defrauding another of bank funds Refusal to return deposit on purchase and sale agreement Wrongful seizure of personal or business property Stealing utilities Depleting business accounts Diverting account receivables The takeaway from the Stuart case is that the cause of action for civil theft remains the same. However, the Connecticut Supreme Court has clarified that an attorney only needs to establish proof of civil theft by a preponderance of the evidence.
Will Your Data Loss Be Covered By Insurance?
I always recommend that businesses implement a plan for data loss, security breach, and privacy related to electronically stored information. As additional protection, I also typically recommend that businesses investigate additional insurance coverage. In particular, business owners with risk should investigate insurance coverage for first and third party claims arising out of a loss of data, security breach, or technology errors. These insurance plans are sometimes referred to as cyber liability or technology errors insurance. I have posted about these insurance plans in the past. By obtaining the proper data loss insurance coverage, a business should be able to make an insurance claim for its own losses and, at the same time, have protection from lawsuits following a data loss incident. However, after reading a recent article by Jaikumar Vijayan from Computerworld.com, I suppose the critical words here are "should" and "proper" as it relates to insurance coverage for a data loss incident. Jaikumar wrote an article about a Colorado insurance company that filed a lawsuit to deny responsibility for the University of Utah’s 2008 security breach and data loss totaling $3.3 million in costs. Colorado Casualty Insurance filed a declaratory judgment lawsuit in the United States District Court of Utah (Download complaint here). The University of Utah utilized a third party vendor, Perpetual Storage, Inc., for data storage concerning data on 1.7 million patients over 16 years at university hospitals and clinics. According to the lawsuit, the University of Utah incurred 3.3 million in costs to remedy the security breach and made a claim for reimbursement to Perpetual Storage. In turn, Perpetual Storage referred the matter to Colorado Casualty, its liability insurer. In response to Perpetual
Wondering Where The Line Is On Internet Privacy – – Just Watch Facebook
My firm receives many calls from new or existing businesses with Internet privacy questions. Many calls come from e-commerce businesses, start ups, or businesses that want to utilize information gathered from users accessing their Web sites. Some business owners have ideas or concepts that test the limit on use of user profiles, preferences, and content. The question becomes, just what are the limits for user expectations on privacy? Take Facebook for example. Facebook has a reported 400 million users. Facebook is constantly in the headlines over its privacy policies and security settings related to its user’s profile information. Whether it is a class action lawsuit in California or the recent $10 million settlement for its Beacon program, you can count on Facebook to have dealt with any number of privacy issues in litigation. Recently, another lawsuit has been filed over Facebook’s "opt out" setting concerning the instant personalization feature. Wendy Davis on Online Media Daily reported on the story. This feature automatically shares user information with three outside companies, Microsoft Docs, Pandora, and Yelp. The lawsuit was filed in U.S. District Court in Rhode Island for violation of the Stored Communications Act (Download here). By my count, Facebook has been sued at least 30 times in Federal court in recent years. In the Internet privacy area, Facebook tests the outer limits of what is acceptable for privacy rights and user expectations. When Facebook makes a change or tries something new, everyone pays attention. As a result, Facebook’s privacy policies get vetted by 400 million users, numerous industry and trade groups, leading technology blogs like TechCrunch, and even the federal government.
Laticrete Responds To 50 Million Dollar Verdict
Following my post about the Dur-A-Flex v. Laticrete jury verdict, I received a statement from Laticrete’s CEO, David Rothberg. You can read the full statement here. Mr. Rothberg stated that he is "extremely disappointed in the verdict." He added that the jury finding against Laticrete was "absolutely baseless." He left no secret as to Laticrete’s post trial plans as he says the company intends a vigorous defense on appeal. Trial counsel for Laticrete, Elizabeth Stewart, confirmed to me today that Laticrete does expect to appeal. She commented that no decisions have been made yet on which issues Laticrete will raise on appeal. Attorney Stewart had no further comments on the case. One of the most intriguing aspects to the appeal in this case is that Judge Eveleigh presided over the trial. Judge Eveleigh has a very good reputation as a trial court judge. In addition, he is now set to take a seat on the Connecticut Supreme Court. I do not know yet what potential grounds might exist for the appeal, but I can say it seems very likely Judge Eveleigh considered the potential appellate issues in this case very closely. Stay tuned. I expect there will be additional posts on this case.
About CTBL
Connecticut Business Litigation is the most well-read litigation blog in the state of Connecticut. Founded by Attorney Kane Bennett in 2009, a pioneer in Attorney Marketing in the state of connecticut