Texas: Personal Data Stored on Employee’s Personal Phone Not Protected

By SHRM Online Staff Jan 5, 2015
Reuse Permissions

A Texas federal court found that an employer that deleted personal and work-related data stored on a former employee’s smart phone was not liable for damages under the Electronic Communications Privacy Act (ECPA) or the Computer Fraud and Abuse Act (CFAA).

Saman Rajaee worked in the residential home construction industry for more than 12 years, collecting numerous business contacts in the process. In January 2012, Design Tech Homes Ltd hired him to provide sales and marketing services. As part of his job, Rajaee used his personal smart phone to access to Design Tech’s server and calendar and to email customers.

In February of 2013, Rajaee gave notice that he would be resigning in two weeks and was immediately terminated. Design Tech’s network administrator remotely wiped Rajaee’s phone, restoring it to factory settings and deleting all the data, both personal and work-related.

Rajaee sued Design Tech, alleging violations of the ECPA and CFAA, misappropriation of confidential information, violation of the Texas Theft Liability Act, negligence, and conversion. He claimed he lost more than 600 business contacts collected during the course of his career, family contacts, family photos, business records, irreplaceable business and personal photos and videos and numerous passwords. Design Tech filed a motion for summary judgment.

Relying on a holding by the 5th U.S. Circuit Court of Appeals that information that an individual stores to his hard drive or cell phone is not in electronic storage under the ECPA, the trial court found that the personal data that Rajaee stored on his phone was not protected by the law and dismissed his claim.

The trial court explained that under the CFAA, Rajaee was required to show that he suffered a loss of $5,000. Rajaee claimed he lost pictures, videos, and texts that were worth much more than $5,000. Design Tech, however, argued that the CFAA only covers losses defined as "any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.” The court agreed, finding Rajaee did not produce evidence of any costs he incurred to investigate or respond to the deletion of his data. It also ruled that the losses and damages for which he did produce evidence did not arise from an "interruption of service.” The trial court found that Rajaee did not offer evidence sufficient to raise a genuine issue of material fact that he sustained $5,000 in cognizable "loss" under the CFAA and dismissed his claim.

Rajaee’s remaining causes of action for misappropriation of confidential information, violation of the Texas Theft Liability Act, negligence, and conversion all arose under and allege serious issues of Texas law. Because the court’s jurisdiction was based on federal question jurisdiction, it declined to exercise supplemental jurisdiction over the remaining state law claims.

Rajaee v. Design Tech Homes, Ltd., S.D. Texas, No. H-13-2517 (Nov. 11, 2014).
Reuse Permissions


Join SHRM's exclusive peer-to-peer social network

Join Today

Job Finder

Find an HR Job Near You


Find the Right Vendor for Your HR Needs

SHRM’s HR Vendor Directory contains over 3,200 companies

Search & Connect