We're celebrating 10 Days of Membership! Today's Gift: $20 off your professional membership with promo 10DAYS20OFF
Training, policies and tools to help HR prevent and respond to harassment claims.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Develop your HR competencies and knowledge in-person in 12 U.S. cities or virtually.
#SHRM18 will expand your perspective – on your organization, on your career, and on the way you approach HR. Join us in Chicago June 17-20, 2018
A Texas federal court found that an employer that deleted personal and work-related data stored on a former employee’s smart phone was not liable for damages under the Electronic Communications Privacy Act (ECPA) or the Computer Fraud and Abuse Act (CFAA).
Saman Rajaee worked in the residential home construction industry for more than 12 years, collecting numerous business contacts in the process. In January 2012, Design Tech Homes Ltd hired him to provide sales and marketing services. As part of his job, Rajaee used his personal smart phone to access to Design Tech’s server and calendar and to email customers.
In February of 2013, Rajaee gave notice that he would be resigning in two weeks and was immediately terminated. Design Tech’s network administrator remotely wiped Rajaee’s phone, restoring it to factory settings and deleting all the data, both personal and work-related.
Rajaee sued Design Tech, alleging violations of the ECPA and CFAA, misappropriation of confidential information, violation of the Texas Theft Liability Act, negligence, and conversion. He claimed he lost more than 600 business contacts collected during the course of his career, family contacts, family photos, business records, irreplaceable business and personal photos and videos and numerous passwords. Design Tech filed a motion for summary judgment.
Relying on a holding by the 5th U.S. Circuit Court of Appeals that information that an individual stores to his hard drive or cell phone is not in electronic storage under the ECPA, the trial court found that the personal data that Rajaee stored on his phone was not protected by the law and dismissed his claim.
The trial court explained that under the CFAA, Rajaee was required to show that he suffered a loss of $5,000. Rajaee claimed he lost pictures, videos, and texts that were worth much more than $5,000. Design Tech, however, argued that the CFAA only covers losses defined as "any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.” The court agreed, finding Rajaee did not produce evidence of any costs he incurred to investigate or respond to the deletion of his data. It also ruled that the losses and damages for which he did produce evidence did not arise from an "interruption of service.” The trial court found that Rajaee did not offer evidence sufficient to raise a genuine issue of material fact that he sustained $5,000 in cognizable "loss" under the CFAA and dismissed his claim.
Rajaee’s remaining causes of action for misappropriation of confidential information, violation of the Texas Theft Liability Act, negligence, and conversion all arose under and allege serious issues of Texas law. Because the court’s jurisdiction was based on federal question jurisdiction, it declined to exercise supplemental jurisdiction over the remaining state law claims.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Become a SHRM Member
SHRM’s HR Vendor Directory contains over 3,200 companies