Companies claiming that an employee accessed their computer system, took confidential information, and later used it on a competitor’s behalf often want to sue under the federal Computer Fraud and Abuse Act. But even if CFAA covers this scenario — and there is a lot of debate over whether it does — there is another sticking point: What are the damages for an alleged violation?
A decision by the U.S. District Court for the Southern District of New York, Schatzki et al v. Weiser Capital Management (2012), illuminates this issue. The court said that the only damages recoverable are economic damages (damages that flow from an injury to the computer system itself) and not consequential damages from the alleged theft of the information, such as lost profits.
Here is the drill: Did the unlawful access damage the data or the system itself? CFAA covered. Did the unlawful access require the company to identify evidence of the breach and determine the need for remedial measures to the network? CFAA covered. Did the unlawful access require the company to hire consultants and lawyers to get the information back from the employee who allegedly took it? Not CFAA covered.
The opinion ran down these scenarios, with the last being the allegations before it. So, motion to amend complaint denied, and CFAA claim dismissed.