United States District Court, M.D. Florida, Tampa Division
GROW FINANCIAL FEDERAL CREDIT UNION, a Federally Chartered Credit Union, Plaintiff,
GTE FEDERAL CREDIT UNION d/b/a GTE FINANCIAL, a Federally Chartered Credit Union, and ERICA PIERSON HOLLIDAY a/k/a Erica Pierson, an individual, Defendants.
S. MOODY, JR. UNITED STATES DISTRICT JUDGE
CAUSE comes before the Court upon Defendants' Motions to
Dismiss (Dkts. 15, 16) and Plaintiff's Response in
Opposition (Dkt. 24). Upon review, the Court concludes that
Defendants' motions should be granted in part and denied
lawsuit, Plaintiff Grow Financial Federal Credit Union
(“Grow Financial”) is suing its competitor,
Defendant GTE Federal Credit Union d/b/a GTE Financial, and
Grow Financial's former employee Erica Pierson Holliday,
who is now employed by GTE Financial. Grow Financial alleges
that Holliday, while still employed by Grow Financial, sent
Grow Financial's trade secrets and
confidential/proprietary information to GTE Financial.
Financial alleges the following claims against Holliday: the
Federal Computer Fraud and Abuse Act (“CFAA”)
(Count I); the Florida Computer Abuse and Data Recovery Act
(“CADRA”) (Count II); and common law breach of
duty of loyalty (Count VIII). Grow Financial alleges the
following claims against both Defendants: misappropriation of
trade secrets under the Federal Defendant Trade Secrets Act
(“DTSA”) (Count III) and the Florida Uniform
Trade Secrets Act (“FUTSA”) (Count IV); tortious
interference with advantageous business relationships (Count
V); conversion (Count VI); common law unfair competition
(Count VII), and civil conspiracy (Count IX).
and GTE Financial now move to dismiss all of the claims for
failure to state a claim under Rule 12(b)(6) of the Federal
Rules of Civil Procedure. As explained below, the Court
grants the motions to the extent that it dismisses the claims
against Holliday under the CFAA and the CADRA. The Court also
dismisses the claim of tortious interference with
advantageous business relationships based on Grow
Financial's withdrawal of this claim.
Rule of Civil Procedure 12(b)(6) allows a court to dismiss a
complaint when it fails to state a claim upon which relief
can be granted. When reviewing a motion to dismiss, a court
must accept all factual allegations contained in the
complaint as true. See Erickson v. Pardus, 551 U.S.
89, 94 (2007) (internal citation omitted). It must also
construe those factual allegations in the light most
favorable to the plaintiff. See Hunt v. Aimco Properties,
L.P., 814 F.3d 1213, 1221 (11th Cir. 2016) (internal
citation omitted). To withstand a motion to dismiss, the
complaint must include “enough facts to state a claim
to relief that is plausible on its face.” Bell Atl.
Corp. v. Twombly, 550 U.S. 544, 570 (2007). A claim has
facial plausibility “when the plaintiff pleads factual
content that allows the court to draw the reasonable
inference that the defendant is liable for the misconduct
alleged.” Ashcroft v. Iqbal, 556 U.S. 662, 678
(2009). Pleadings that offer only “labels and
conclusions, ” or a “formulaic recitation of the
elements of a cause of action, ” will not do.
Twombly, 550 U.S. at 555.
CFAA provides a cause of action for the improper access to
protected computers. See 18 U.S.C. §1030, et.
seq. As it relates to this case, the statute provides that
“[w]hoever - (2) intentionally accesses a computer
without authorization or exceeds authorized access, and
thereby obtains” information from a protected computer
is subject to liability. Id. at 1030(a)(2). Holliday
argues that Grow Financial does not allege any facts
demonstrating that she exceeded her authorized access. The
term, “exceeds authorized access” is defined in
the CFAA as “access to a computer with authorization
and to use such access to obtain or alter information in the
computer that the accesser is not entitled to obtain or
alter.” Id. at 1030(e)(6). Here, Grow
Financial alleges that access to the subject information was
necessary for Holliday to perform her job duties. Grow
Financial contends that Holliday improperly used or disclosed
the information that she accessed when she provided it to GTE
Financial while she was still employed at Grow Financial.
But, as this Court has previously held, an improper use of
data is not tantamount to exceeding authorization under the
CFAA. See Maintenx Mgmt., Inc. v. Lenkowski, No.
8:14-cv-2440-T-30MAP, 2015 WL 310543, *2-*3 (M.D. Fla. Jan.
25, 2015) (“The facts put forth by Maintenx support the
notion that Lenkowski misused data he obtained from
Maintenx's computers, not that he somehow exceeded his
seemingly unfettered access.”).
this Court's prior holding in Lenkowski is not
addressed in the parties' briefs, Lenkowski is
consistent with the majority view in this circuit that
applies a narrow definition of “exceeds authorized
access.” See Enhanced Recovery Co., LLC v.
Frady, No. 3:13-cv-1262-J-34JBT, 2015 WL 1470852, *5-*7
(Mar. 31, 2015) (listing cases). As the court explained in
Enhanced Recovery, “[q]uite simply, without
authorization means exactly that: the employee was not
granted access by his employer. Similarly, exceeds authorized
access simply means that, while an employee's initial
access was permitted, the employee accessed information for
which the employer had not provided permission.”
Court sees no reason to depart from its reasoning in
Lenkowski or from the majority view. Notably, if the
Court were to apply the CFAA to an employee like Holliday,
who allegedly divulged trade secrets that she was actually
permitted to access, or who violated computer usage policies,
the Court would be taking the CFAA beyond “its original
purpose of targeting computer hackers.” Enhanced
Recovery 2015 WL 1470852 at *8 (citations omitted).
Under this broad interpretation, the CFAA would be
potentially violated each time an employee ...