Ruling Limits Protection Against Corporate Data Theft

Privacy Lawyer

Due to a recent decision by the Federal Court for the Northern District of California, protection for private information stored on a computer took a hit. The court ruled against the corporation NetApp, which alleged that a contracted third-party accessed its servers and stole trade secrets and then gave that information to one of NetApp’s competitors. Not only did NetApp lose, but the court’s holding that the information NetApp sought to protect was not “property” leads to some troubling ramifications for future victims of cyber-crimes.

NetApp brought suit against the corporation Nimble and Michael Reynolds, an employee of Nimble, claiming unfair competition, trespass to chattels, and violations of the Computer Fraud and Abuse Act (CFAA), among other things. Reynolds had previously worked for a company with which NetApp contracted. NetApp alleged that Reynolds accessed its system to gain confidential and proprietary information, which he then used to lure customers to Nimble, a company that competes directly with NetApp.

The court first found that Nimble was not vicariously liable for Reynolds. None of the theories set forth by NetApp—employer-employee relationship, alter-ego, and conspiracy—were sufficient to hold Nimble liable for Reynolds’s alleged actions.

CFAA Claim

The court then turned to the CFAA charges. The “CFAA imposes liability on whomever:

(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

(B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or

(C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss.[1]

Section 1030(e)(8) defines ‘damage’ as ‘any impairment to the integrity or availability of data, a program, a system, or information.’”[2] NetApp argued that Reynolds damaged it in three ways: by copying and moving its information to an insecure place, by diminishing the information’s value by giving it to a competitor, and by modifying its performance data. The court denied all three arguments.

Copying and moving the information was not ruled as damage under the CFAA[3] because the CFAA was not written to protect computers from the transferring of trade secrets, copying does not cause damage to the “integrity” of the systems, and simply copying does not lead to any sort of destruction of data. NetApp’s second argument that by accessing the information and giving it to a direct competitor Reynolds reduced its value, was also dismissed by the court. The court reasoned that the information retained its integrity (in that it was still the exact same as before) and that it was still fully available to NetApp, which left it outside of the CFAA’s reach. The court applied the same rationale to NetApp’s third argument that Reynolds modified its performance data and dismissed that argument as well.

Trespass to Chattels

NetApp also accused Reynolds of trespass to chattels (taking of personal “things”), the chattels being NetApp’s information on its servers including training materials and internal company documents and forms. NetApp claimed Nimble could use all of those materials without investing time and money (as NetApp did) to create them. The court ruled that NetApp failed to show any positive law[4] that gave it a propriety interest in those materials, and thus dismissed the trespass to chattels claim.

Unfair Competition

Finally, NetApp alleged unfair competition against Nimble based on the competing company’s attempt to draw NetApp employees to Nimble and using NetApp employees to help acquire the information from NetApp’s servers. Unfair competition requires a separate “nucleus of facts” from the trespass to chattels and trade secrets claims, and the court was suspect that NetApp sufficiently plead a different set of facts. The court ultimately ruled that NetApp’s pleadings were too vague to determine whether or not California trade secret law or federal copyright law preempted NetApp’s claims, and it rejected the claims.

NetApp also alleged unfair competition against Reynolds himself. The court again found that federal copyright law and California trade secret law preempted some of the claims. However, the court denied the Defendants’ motion to dismiss saying that some of NetApp’s claims may not be preempted and could possibly be heard.

In the end, NetApp was, practically speaking, completely defeated by the ruling. While not binding precedent, the ruling is a scary one for companies trying to protect their electronic and online services. The most worrisome ruling being that NetApp’s seemingly proprietary information was not supported by positive law and thus unprotected by many anti-theft laws. Only time will tell if this interpretation finds a solid footing elsewhere.

[1] NetApp, Inc. v. Nimble Storage, Inc., 2015 U.S. Dist. LEXIS 11406, 38 (N.D. Cal. Jan. 29, 2015) (citing 18 U.S.C. § 1030(a)(5)).

[2] Id. (citing 18 U.S.C. § 1030(e)(8)).

[3] By this court. However, the court did acknowledge that there is a split opinion amongst courts. Id. at 43-44.

[4] NetApp argued that it had a copyright interest in the materials, but the court was unconvinced.

Extra, Extra!
Recent Posts

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Copyright

The holders of copyrights for newspapers, magazines, books, and other publications are involved in numerous legal battles with owners of AI modules over alleged copyright infringement. The plaintiff copyright owners claim that the AI large language modules have been trained on huge quantities of copyrighted materials without permission and — most importantly — without payment. […]

Read more about Does the AI-Copyright Legal Fight Represent a National Security Threat?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Corporate

The owners of most small, closely-held businesses negotiate and sign some form of an “Owner’s Agreement.” An important part of such Agreements is the “Buy-Sell” provisions. These are often some of the most difficult to negotiate. The gist of the buy-sell part of the Owners’ Agreement is to establish the rules for what happens if […]

Read more about How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Status on Social Media Moderation Statutes and Cases

Status on Social Media Moderation Statutes and Cases

Internet Law

Social media content moderation by technology platforms was one of the “hot” legal topics in 2023-2024. Three States — California, Texas, and Florida — passed different statutes to either require more content moderation (California) or to limit such moderation (Texas and Florida). All the statutes, in one way or another, demanded more transparency and information […]

Read more about Status on Social Media Moderation Statutes and Cases

Put Revision Legal on your side