Ruling Limits Protection Against Corporate Data Theft

Privacy Lawyer

Due to a recent decision by the Federal Court for the Northern District of California, protection for private information stored on a computer took a hit. The court ruled against the corporation NetApp, which alleged that a contracted third-party accessed its servers and stole trade secrets and then gave that information to one of NetApp’s competitors. Not only did NetApp lose, but the court’s holding that the information NetApp sought to protect was not “property” leads to some troubling ramifications for future victims of cyber-crimes.

NetApp brought suit against the corporation Nimble and Michael Reynolds, an employee of Nimble, claiming unfair competition, trespass to chattels, and violations of the Computer Fraud and Abuse Act (CFAA), among other things. Reynolds had previously worked for a company with which NetApp contracted. NetApp alleged that Reynolds accessed its system to gain confidential and proprietary information, which he then used to lure customers to Nimble, a company that competes directly with NetApp.

The court first found that Nimble was not vicariously liable for Reynolds. None of the theories set forth by NetApp—employer-employee relationship, alter-ego, and conspiracy—were sufficient to hold Nimble liable for Reynolds’s alleged actions.

CFAA Claim

The court then turned to the CFAA charges. The “CFAA imposes liability on whomever:

(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

(B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or

(C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss.[1]

Section 1030(e)(8) defines ‘damage’ as ‘any impairment to the integrity or availability of data, a program, a system, or information.’”[2] NetApp argued that Reynolds damaged it in three ways: by copying and moving its information to an insecure place, by diminishing the information’s value by giving it to a competitor, and by modifying its performance data. The court denied all three arguments.

Copying and moving the information was not ruled as damage under the CFAA[3] because the CFAA was not written to protect computers from the transferring of trade secrets, copying does not cause damage to the “integrity” of the systems, and simply copying does not lead to any sort of destruction of data. NetApp’s second argument that by accessing the information and giving it to a direct competitor Reynolds reduced its value, was also dismissed by the court. The court reasoned that the information retained its integrity (in that it was still the exact same as before) and that it was still fully available to NetApp, which left it outside of the CFAA’s reach. The court applied the same rationale to NetApp’s third argument that Reynolds modified its performance data and dismissed that argument as well.

Trespass to Chattels

NetApp also accused Reynolds of trespass to chattels (taking of personal “things”), the chattels being NetApp’s information on its servers including training materials and internal company documents and forms. NetApp claimed Nimble could use all of those materials without investing time and money (as NetApp did) to create them. The court ruled that NetApp failed to show any positive law[4] that gave it a propriety interest in those materials, and thus dismissed the trespass to chattels claim.

Unfair Competition

Finally, NetApp alleged unfair competition against Nimble based on the competing company’s attempt to draw NetApp employees to Nimble and using NetApp employees to help acquire the information from NetApp’s servers. Unfair competition requires a separate “nucleus of facts” from the trespass to chattels and trade secrets claims, and the court was suspect that NetApp sufficiently plead a different set of facts. The court ultimately ruled that NetApp’s pleadings were too vague to determine whether or not California trade secret law or federal copyright law preempted NetApp’s claims, and it rejected the claims.

NetApp also alleged unfair competition against Reynolds himself. The court again found that federal copyright law and California trade secret law preempted some of the claims. However, the court denied the Defendants’ motion to dismiss saying that some of NetApp’s claims may not be preempted and could possibly be heard.

In the end, NetApp was, practically speaking, completely defeated by the ruling. While not binding precedent, the ruling is a scary one for companies trying to protect their electronic and online services. The most worrisome ruling being that NetApp’s seemingly proprietary information was not supported by positive law and thus unprotected by many anti-theft laws. Only time will tell if this interpretation finds a solid footing elsewhere.

[1] NetApp, Inc. v. Nimble Storage, Inc., 2015 U.S. Dist. LEXIS 11406, 38 (N.D. Cal. Jan. 29, 2015) (citing 18 U.S.C. § 1030(a)(5)).

[2] Id. (citing 18 U.S.C. § 1030(e)(8)).

[3] By this court. However, the court did acknowledge that there is a split opinion amongst courts. Id. at 43-44.

[4] NetApp argued that it had a copyright interest in the materials, but the court was unconvinced.

Extra, Extra!
Recent Posts

Can I Trademark a Non-English Word or Phrase in the U.S.?

Can I Trademark a Non-English Word or Phrase in the U.S.?

Trademark

Yes, as long as the proposed trademark meets the other requirements for registration. U.S. trademark laws do not require that only the English language can be used for trademarks. However, whatever the language, trademarks must meet the legal requirements, including functionality, distinctiveness, uniqueness, etc. For example, every trademark must function as a trademark in that […]

Read more about Can I Trademark a Non-English Word or Phrase in the U.S.?

California’s Age-Appropriate Design Code Act Declared Wholly Unconstitutional

California’s Age-Appropriate Design Code Act Declared Wholly Unconstitutional

Internet Law

In a new ruling, a California federal judge has declared the entirety of California’s Age-Appropriate Design Code Act (“CAADCA”) to be unconstitutional. Cal. Civ. Code §§ 1798.99.28 et seq. See media report here and the Opinion here. The case is Netchoice, LLC. v. Bonta, Case No. 22-cv-08861-BLF (US N.Dist. Cal, March 13, 2025). The CAADCA […]

Read more about California’s Age-Appropriate Design Code Act Declared Wholly Unconstitutional

Put Revision Legal on your side