Seventh Circuit Clarifies how to mtet Injury Requirement of the Computer Fraud and Abuse Act

Employers who encounter the option of pursuing a current or former employee or independent contractor under the Computer Fraud and Abuse Act have at times passed on this option due to the specific injury requirement imposed by the Act. Fortunately, the Seventh Circuit of the U.S. Court of Appeals has recently provided guidance on how to satisfy the injury requirement imposed by the Act so as to avoid the entry of an adverse summary judgment that bars the pursuit of a claim under the Computer Fraud and Abuse Act ("CFAA").

In Modrowski v. Pigatto, No. 11-1327 (7th Cir. April 8, 2013), an employee sued his former employer over events leading to and following his termination as a property manager. The plaintiff alleged that the employer defendants unlawfully withheld his wages, had him incarcerated, and took actions that barred him from accessing his personal Yahoo email account. The employee reportedly merged his personal email account with the email accounts of his employer. After obtaining a temporary restraining order to regain access to his personal emails, the employee found that his personal correspondence, spanning several years, was all gone. The employee  sued the employer defendants and pled a number of state and federal law claims, including a claim that relied on the CFAA. 18 U.S.C. sec. 1030.

The trial court dismissed the employee's claim under the CFAA based on his failure to plead the occurrence of an injury of at least $5,000, as required by the Act. 18 U.S.C. sec. 1030(c)(4)(A)(i)(I); (g). The employee was granted leave to file an amended complaint and proceeded with his case. Later, the employer defendants moved for summary judgment based on the lack of evidence needed to sustain essential elements of the plaintiff's CFAA claim. While faulting the summary judgment response of employee, the Seventh Circuit provided some guidance to all parties on how to satisfy the injury element of the CFAA. One possibility the Court identified, and that the employee had not pursued, was the filing of affidavits from potential business partners who were unable to reach him while he was locked out of his email account. The court also raised the possibility of the employee providing receipts that could have detailed fees he paid to obtain duplicates of lost records on his finances and bills. The court additionally commented that the employee could have submitted an admittedly self-serving, but admissible, affidavit wherein he could have testified about the number of hours he spent to obtain his emails. The employee's failure to pursue any of the potential paths outlined by the court, combined with his decision to rely on his pleadings, led to his defeat on summary judgment, an outcome affirmed on appeal.

For employers, the significance of the Modrowski opinion is that they should consider the possibilities available to meet the monetary injury requirements of the Computer Fraud and Abuse Act carefully, and with some encouragement, given the options specified in this opinion.