Lawrence Del Rossi and Joshua Rinschler Publish Article on an ‘Awkward Theory’ of Personal Liability for Supervisory Employees Under the NJLAD

Associates Lawrence J. Del Rossi and Joshua D. Rinschler’s article, Aiding and Abetting Your Own Conduct – An ‘awkward theory’ of personal liability for supervisory employees under the N.J. Law Against Discrimination (NJLAD), was published in the July 16, 2012 edition of the New Jersey Law Journal.  Their article takes a look at what is becoming a common practice in wrongful discharge cases brought under the NJLAD where terminated employees are not only suing their employer, but also naming as an individual defendant the supervisor who made the decision to terminate.  Their complete article appears below.

Aiding and Abetting Your Own Conduct – New Jersey Law Journal – Larry Del Rossi and Joshua Rinschler – 7-16-12

 

 

Is Your Electronic Information Protected from Employees Under the CFAA? Maybe So, Maybe Not…

In WEC Carolina Energy Solutions LLC v. Miller, 2012 WL 3039213 (4th Cir) decided July 26, 2012, the Fourth Circuit sided with the Ninth Circuit in deciding that the Computer Fraud and Abuse Act (“CFAA”) does not apply to employees and former employees who were authorized to access the employer’s electronic information.  The decision stands in contrast to the position taken by the Seventh Circuit in Int’l Airport Ctrs., LLC v. Citrin, 440 F.3d 418, 420–21 (7th Cir.2006).  The Fourth Circuit rejects the interpretation of the CFAA taken by the Seventh Circuit, which interprets the CFAA much more broadly.  The Seventh Circuit concludes that an employee’s misappropriation of electronic information from his employer is a breach of the employee’s duty of loyalty that immediately terminates his agency relationship and with it his authority to access the laptop, because the only basis of his authority had been that relationship.

WEC Carolina Energy Solutions Inc. argued that its former employee violated the CFAA’s ban on access “without authorization” by taking files from his work computer to a rival company.  The employer had argued in the District Court that by misappropriating the information, Miller voided his agreement with the company, and, therefore, he was no longer permitted to access his computer under the CFAA.  The District court rejected that interpretation of the CFAA and the Fourth Circuit affirmed.  In so ruling the Court “ adopt[s] a narrow reading of the terms “without authorization” and “exceeds authorized access” and hold[s] that they apply only when an individual accesses a computer without permission or obtains or alters information on a computer beyond that which he is authorized to access.”

The Fourth Circuit, like the Ninth and Seventh Circuits, found the crux of the issue presented to be “the scope of ‘without authorization’ and ‘exceeds authorized access,’” but the Fourth Circuit finds the Ninth Circuit argument in United States v. Nosal, 676 F.3d 854, 863 (9th Cir.2012) (en banc), the better interpretation of “authorization” as being “that an employee is authorized to access a computer when his employer approves or sanctions his admission to that computer.  Thus, he accesses a computer ‘without authorization’ when he gains admission to a computer without approval.  Similarly, we conclude that an employee ‘exceeds authorized access’ when he has approval to access a computer, but uses his access to obtain or alter information that falls outside the bounds of his approved access.  Notably, neither of these definitions extends to the improper use of information validly accessed.  (citations omitted.)”  Unlike the Ninth Circuit, however, which was willing to find that a CFAA violation could be established where an employee exceeded his authority under a company access policy, the Fourth Circuit ruling is even more restrictive than the Ninth Circuit’s view.  The Fourth Circuit “adopt[s] a narrow reading of the terms ‘without authorization’ and ‘exceeds authorized access’ and hold that they apply only when an individual accesses a computer without permission or obtains or alters information on a computer beyond that which he is authorized to access.”

Given that the CFAA has both criminal and civil liability the Fourth Circuit chose to strictly construe the language.  Even “under the Nosal panel’s approach, because [the employee] obtained information ‘in a manner’ that was not authorized (i.e., by downloading it to a personal computer), he nevertheless would be liable under the CFAA. See § 1030(a)(2)(C).  Believing that Congress did not clearly intend to criminalize such behavior, we decline to interpret ‘so’ as ‘in that manner.’”  The bottom line—the Fourth Circuit approach, “reject[s] an interpretation of the CFAA that imposes liability on employees who violate a use policy, choosing instead to limit such liability to individuals who access computers without authorization or who obtain or alter information beyond the bounds of their authorized access.”

While the lines of the split in Circuits has become more defined with WEC Carolina Energy Solutions LLC, predicting what the Supreme Court will do with that split is another story.  My money is on Judge Posner’s interpretation in International Airport Centers, partly because he is a brilliant jurist and I practice in the Seventh Circuit, but mostly because that is the interpretation that expands an employer’s arsenal of protections against cheating employees.  However, until the fat lady [U.S. Supreme Court] sings employers should continue to draft and implement a computer access and use policy for its employees that assumes that a well drafted policy violated by an employee can be enforced under the CFAA, so long as the employer can demonstrate $5,000 in damages to the employer resulted from the employee’s actions.

Cheryl Orr and Heather Sager Contribute Articles to The Recorder’s Special Issue on Privacy

Partners Cheryl Orr and Heather Sager contributed articles in today’s special section on Privacy in The Recorder.  Cheryl’s article, Employer’s BYOD dilemna, looks at the issues and approaches employers are taking as employees use dual devices, i.e. one device for both work and personal use.  Heather’s article, Why can’t we be ‘friends’?, looks at what companies need to know when drafting their social media policies.  Copies of both articles are available via this link.

New Jersey District Court Allows Plaintiff to Proceed to Trial on Claim of Unlawful Discharge, Dismisses Claims of Handicap and Discrimination

The New Jersey District Court in St. Cyr v. Brandywine Senior Living LLC, recently granted summary judgment to the employer dismissing the plaintiff’s causes of action for handicap and race discrimination, but allowed the plaintiff to go to trial on her claim that she was unlawfully discharged in violation of the FMLA in retaliation for asking for a medical leave of absence because she was fired only two days before the leave of absence was to begin.  In granting summary judgment on the claim of handicap discrimination, the court determined that the plaintiff, who suffered from arthritis, was not “handicapped” under the NJLAD because the condition, which  was alleviated with medication, did not interfere with her ability to perform her job, and because she never asked for an accommodation for the condition.  The court rejected her claim of race discrimination based on her admission that the only evidence implicating racial animus was the fact that she was fired for watching the BET Network on television during working hours.  The court noted that the plaintiff, who had previously been placed on probation for poor performance and was on final warning, was replaced by an African American employee and had failed to show the legitimate reason given for her discharge was pretextual.  Despite that finding, however, and despite the fact that the employer had granted the plaintiff’s request for a medical leave of absence, the court denied summary judgment on the claim of retaliatory discharge under the FMLA based only on the determination that the timing of the discharge – only two days before her FMLA leave was to begin – was “unusually suggestive” of retaliatory motivation.  The court did not explain how the timing could be suspect if that was when the plaintiff was found watching television instead of doing her job, and if there was no evidence that the proffered reason was pretextual.

New Jersey District Court Denies Employer’s Motion to Dismiss Plaintiff’s Cause of Action After Employee’s Supervisor Gains Unauthorized Access to Employee’s Facebook Account

In Ehling v. Monmouth-Ocean Hospital Service Corp., the District Court in New Jersey recently denied the employer’s motion to dismiss the plaintiff’s cause of action for invasion of privacy in connection with a supervisor having gained unauthorized access to her private Facebook account.  The plaintiff nurse, who was also the union president at the hospital, had posted comments on her Facebook wall about the news story out of Washington, D.C. in 2009 concerning the killing of a security guard at the Holocaust Museum by a white supremacist in which she expressed her opinion or rant that the paramedics in D.C. should have let the shooter die rather than help him after he was shot during the incident:  “He survived [and] I blame the DC paramedics.  I want to say 2 things to the DC  medics.  1.  WHAT WERE YOU THINKING?  and 2.  This was your opportunity to really make a difference!  WTF!!!!  And to the other guards…. go to target practice.”  The supervisor apparently wanted access to plaintiff’s Facebook comments because of her leadership role with the union, and convinced a co-worker to give him access to her private account so he could copy her postings. When he saw the comments about the D.C. incident he sent a copy to the State Board of Nursing suggesting that it represented an improper disregard for patient safety.

On the employer’s motion to dismiss the invasion of privacy claim on the grounds that there can be no expectation of privacy with respect to Facebook postings, the court decided that the question whether the plaintiff had a reasonable expectation of privacy was for a jury to decide based on the circumstances, including the number of “friends” who had access to her Facebook wall where the plaintiff claimed that she had restricted access to her friends but did not provide access to any supervisors or members of management.  The court did not address the separate question whether a rant expressing an opinion about a news report could be considered an expression of one’s “private affairs” subject to protection under invasion of privacy law, and did not address the fact that Facebook specifically includes in its Privacy Policy a disclaimer to the effect that there is no guarantee of privacy and that users make postings at their own risk inasmuch as anyone with access can copy or share comments with anyone they choose.

Federal Judge Rules for Nurses in Multi-Million Dollar Class Action for Unpaid Overtime

A federal judge in Pennsylvania has signed off on a multi-million dollar settlement of a class action lawsuit for unpaid overtime brought by registered nurses against a number of hospitals affiliated with the Lehigh Valley Hospital and Health Network.  The nurses claimed in their lawsuit, which was filed in January 2010, that the Hospitals violated the FLSA and Pennsylvania wage law by paying them on a per-shift basis, failing to compensate them for reporting early or remaining on duty after their shifts ended, and also failing to pay for work performed during lunch periods or while attending training.  The $4.5 million settlement provides more than $2.5 million to the more than 2,000 nurses who joined in the lawsuit.  This is a significant development for hospitals and other health care providers who pay nurses on a per-shift basis.  While Pennsylvania and New Jersey have enacted statutes which prohibit mandatory overtime for nurses, the laws allow nurses to volunteer for extra hours and to work overtime in emergencies or unforeseen circumstances.  Nurses are entitled to overtime pay in such circumstances whenever they work more than 40 hours in a week.

©2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy