Grow Financial Federal Credit Union v. GTE Federal Credit Union et al
Filing
25
ORDER: Defendants' Motions to Dismiss 15 16 are granted in part and denied in part as explained herein. Counts I and II of the complaint are dismissed without prejudice to amend these claims within fourteen (14) days of this Order. Cou nt V of the complaint is dismissed per Plaintiff's withdrawal of this claim. If Plaintiff does not file an amended complaint by the deadline stated in paragraph 2 of this Order, Defendants shall file their answers within fourteen (14) days of the expiration of that deadline. Signed by Judge James S. Moody, Jr. on 8/15/2017. (LN)
UNITED STATES DISTRICT COURT
MIDDLE DISTRICT OF FLORIDA
TAMPA DIVISION
GROW FINANCIAL FEDERAL CREDIT
UNION, a Federally Chartered Credit
Union,
Plaintiff,
v.
Case No: 8:17-cv-1239-T-30JSS
GTE FEDERAL CREDIT UNION d/b/a
GTE FINANCIAL, a Federally Chartered
Credit Union, and ERICA PIERSON
HOLLIDAY a/k/a Erica Pierson, an
individual,
Defendants.
ORDER
THIS CAUSE comes before the Court upon Defendants’ Motions to Dismiss
(Dkts. 15, 16) and Plaintiff’s Response in Opposition (Dkt. 24). Upon review, the Court
concludes that Defendants’ motions should be granted in part and denied in part.
BACKGROUND
In this lawsuit, Plaintiff Grow Financial Federal Credit Union (“Grow Financial”)
is suing its competitor, Defendant GTE Federal Credit Union d/b/a GTE Financial, and
Grow Financial’s former employee Erica Pierson Holliday, who is now employed by
GTE Financial. Grow Financial alleges that Holliday, while still employed by Grow
Financial, sent Grow Financial’s trade secrets and confidential/proprietary information to
GTE Financial.
Grow Financial alleges the following claims against Holliday: the Federal
Computer Fraud and Abuse Act (“CFAA”) (Count I); the Florida Computer Abuse and
Data Recovery Act (“CADRA”) (Count II); and common law breach of duty of loyalty
(Count VIII). Grow Financial alleges the following claims against both Defendants:
misappropriation of trade secrets under the Federal Defendant Trade Secrets Act
(“DTSA”) (Count III) and the Florida Uniform Trade Secrets Act (“FUTSA”) (Count IV);
tortious interference with advantageous business relationships (Count V); conversion
(Count VI); common law unfair competition (Count VII), and civil conspiracy (Count
IX).
Holliday and GTE Financial now move to dismiss all of the claims for failure to
state a claim under Rule 12(b)(6) of the Federal Rules of Civil Procedure. As explained
below, the Court grants the motions to the extent that it dismisses the claims against
Holliday under the CFAA and the CADRA. The Court also dismisses the claim of
tortious interference with advantageous business relationships based on Grow Financial’s
withdrawal of this claim.
LEGAL STANDARD
Federal Rule of Civil Procedure 12(b)(6) allows a court to dismiss a complaint
when it fails to state a claim upon which relief can be granted. When reviewing a motion
to dismiss, a court must accept all factual allegations contained in the complaint as true.
See Erickson v. Pardus, 551 U.S. 89, 94 (2007) (internal citation omitted). It must also
2
construe those factual allegations in the light most favorable to the plaintiff. See Hunt v.
Aimco Properties, L.P., 814 F.3d 1213, 1221 (11th Cir. 2016) (internal citation omitted).
To withstand a motion to dismiss, the complaint must include “enough facts to
state a claim to relief that is plausible on its face.” Bell Atl. Corp. v. Twombly, 550 U.S.
544, 570 (2007). A claim has facial plausibility “when the plaintiff pleads factual content
that allows the court to draw the reasonable inference that the defendant is liable for the
misconduct alleged.” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). Pleadings that offer
only “labels and conclusions,” or a “formulaic recitation of the elements of a cause of
action,” will not do. Twombly, 550 U.S. at 555.
DISCUSSION
I.
CFAA
The CFAA provides a cause of action for the improper access to protected
computers. See 18 U.S.C. §1030, et. seq. As it relates to this case, the statute provides
that “[w]hoever - (2) intentionally accesses a computer without authorization or exceeds
authorized access, and thereby obtains” information from a protected computer is subject
to liability. Id. at 1030(a)(2). Holliday argues that Grow Financial does not allege any
facts demonstrating that she exceeded her authorized access. The Court agrees.
The term, “exceeds authorized access” is defined in the CFAA as “access to a
computer with authorization and to use such access to obtain or alter information in the
computer that the accesser is not entitled to obtain or alter.” Id. at 1030(e)(6). Here,
3
Grow Financial alleges that access to the subject information was necessary for Holliday
to perform her job duties. Grow Financial contends that Holliday improperly used or
disclosed the information that she accessed when she provided it to GTE Financial while
she was still employed at Grow Financial. But, as this Court has previously held, an
improper use of data is not tantamount to exceeding authorization under the CFAA. See
Maintenx Mgmt., Inc. v. Lenkowski, No. 8:14-cv-2440-T-30MAP, 2015 WL 310543, *2*3 (M.D. Fla. Jan. 25, 2015) (“The facts put forth by Maintenx support the notion that
Lenkowski misused data he obtained from Maintenx’s computers, not that he somehow
exceeded his seemingly unfettered access.”).
Although this Court’s prior holding in Lenkowski is not addressed in the parties’
briefs, Lenkowski is consistent with the majority view in this circuit that applies a narrow
definition of “exceeds authorized access.” See Enhanced Recovery Co., LLC v. Frady,
No. 3:13-cv-1262-J-34JBT, 2015 WL 1470852, *5-*7 (Mar. 31, 2015) (listing cases). As
the court explained in Enhanced Recovery, “[q]uite simply, without authorization means
exactly that: the employee was not granted access by his employer. Similarly, exceeds
authorized access simply means that, while an employee’s initial access was permitted,
the employee accessed information for which the employer had not provided permission.”
Id.
The Court sees no reason to depart from its reasoning in Lenkowski or from the
majority view. Notably, if the Court were to apply the CFAA to an employee like
4
Holliday, who allegedly divulged trade secrets that she was actually permitted to access,
or who violated computer usage policies, the Court would be taking the CFAA beyond
“its original purpose of targeting computer hackers.” Enhanced Recovery 2015 WL
1470852 at *8 (citations omitted). Under this broad interpretation, the CFAA would be
potentially violated each time an employee accessed an employer’s “confidential”
information for an improper purpose. The Court will not construe the statute in this broad
manner.
Although the Court believes that amendment of the CFAA claim would most
likely be futile, the Court will permit Grow Financial to amend this claim if it can allege
facts that demonstrate that Holliday accessed information without Grow Financial’s
permission. The analysis focuses on Grow Financial’s actions, rather than the subjective
motivation of Holliday, because whether an employee exceeded her authorized access
turns on what information the employer permitted that employee to access. See Allied
Portables, LLC v. Youmans, No. 2:15-cv-294-FtM-38CM, 2015 WL 3720107, *5 (M.D.
Fla. June 15, 2015) (discussing same).
II.
CADRA
Like its federal counterpart, the purpose of the Florida Computer Abuse and Data
Recovery Act is to safeguard computer systems against unauthorized access. See Fla.
Stat. § 668.801. Under section 668.803(1), it is a violation for a person to “knowingly
and with intent to cause harm or loss” “[o]btain[] information from a protected computer
5
without authorization.” “Without authorization” is defined as “access to a protected
computer by a person who: (a) Is not an authorized user; (b) Has stolen a technological
access barrier of an authorized user; or (c) Circumvents a technological access barrier on
a protected computer without the express or implied permission of the owner, operator, or
lessee of the computer or the express or implied permission of the owner of information
stored in the protected computer.” Fla. Stat. § 668.802(9)(a)-(c). The statute also defines
the term “authorized user” as including an “employee . . . of the owner, operator, or lessee
of the protected computer . . . if the . . . employee . . . is given express permission by the
owner, operator, or lessee of the protected computer . . . to access the protected computer
through a technological access barrier.” Fla. Stat. § 668.802(1).
Applying these definitions, Grow Financial has failed to allege that Holliday
accessed its computer system without authorization. The allegations do not state that
Holliday was not an authorized user, had stolen a technological barrier of an authorized
user, or otherwise circumvented a technological barrier of Grow Financial’s computer
system. Accordingly, the Court dismisses this claim. Much like the CFAA claim, the
Court believes that amending this claim would be futile. However, the Court will permit
Grow Financial to amend this claim if it can plead the necessary facts to establish that
Holliday was without authorization when she accessed its computer system.
6
III.
Federal and State Trade Secret Misappropriation
A.
Subject Matter Jurisdiction over the Federal Defend Trade Secrets Act
The FDTSA vests federal courts with original jurisdiction to decide civil cases
involving misappropriation of trade secrets as long as “the trade secret is related to a
product or service used in, or intended for use in, interstate or foreign commerce.” 18
U.S.C. § 1836(b)(1). Defendants argue the Court lacks subject matter jurisdiction over
the FDTSA claim because the complaint does not allege a connection between the alleged
trade secrets and interstate commerce. The Court disagrees.
The complaint alleges that Grow Financial is “a federally chartered credit union”
that is “subject to the Gramm-Leach-Bliley Act of 1999 and the National Credit Union
Administration’s rules and regulations for privacy and confidentiality.” (Dkt. 1 ¶10).
Grow Financial “provides various financial products and services to its members, such as
savings and checking accounts, mortgages, vehicle loans, credit cards, money
management services, etc.” and uses the trade secrets at issue “in connection with the
provision of its products and services in interstate U.S. commerce.” Id. at ¶¶7, 51. This
is sufficient at this stage to establish a nexus between the trade secrets that were allegedly
misappropriated and interstate commerce.
B.
Whether the Trade Secret Claims Are Sufficiently Pled
“In a trade secret action, the plaintiff bears the burden of demonstrating both that
the specific information it seeks to protect is secret and that it has taken reasonable steps
7
to protect this secrecy.” Am. Red Cross v. Palm Beach Blood Bank, Inc., 143 F.3d 1407,
1410 (11th Cir. 1998).
Holliday argues that Grow Financial has not pled sufficient facts to state a cause of
action for trade secret misappropriation under federal and Florida law. Holliday’s motion
reads like a summary judgment motion and largely focuses on whether the information at
issue constituted a trade secret, which is typically a question of fact. At this stage, there
are numerous allegations about the secret nature of the information and the steps Grow
Financial took to protect the information. For example, the complaint alleges Grow
Financial’s ownership of the trade secrets and then describes them in detail as Grow
Financial’s “list of members, its operating policies and procedures, . . . customized reports
and documents - some created in-house, others commissioned through third parties . . .,
lending strategy materials and internal procedures relating to the manner in which Grow
Financial processes loan applications, financial analysis, and market research.” (Dkt. 1 ¶¶
8-9, 51, 63).
The complaint also alleges that Grow Financial took reasonable steps to protect the
secrecy of its trade secrets and then goes into detail about its computer system’s secure
programming, testing, auditing, and on-going education of its employees about the
sensitive nature of the trade secrets. The complaint alleges that employees are required to
acknowledge annually, in writing, their duty to safeguard the information.
8
The complaint alleges that Holliday surreptitiously disclosed various proprietary
Grow Financial documents to GTE Financial by first emailing them from her company
email account to her personal account and then forwarding them from her personal
account to GTE Financial. Moreover, Holliday emailed or printed out dozens of reports
and other documents, many of which contained confidential and/or proprietary Grow
Financial information and copied the trade secrets without Grow Financial’s consent or
authorization.
The complaint includes a specific example of a proprietary “Dealer
Scorecard” that Holliday provided to GTE Financial, which Holliday and GTE Financial
then used and continue to use.
In sum, at this stage, Grow Financial has alleged sufficient facts to plausibly state a
cause of action under the DTSA and the FUTSA. Accordingly, the Court will not dismiss
Counts III and IV of the complaint.
IV.
The Conversion and Unfair Competition Claims
A.
Preemption
Both defendants argue that Grow Financial’s conversion claim is preempted by the
FUTSA and GTE Financial makes the same argument for the unfair competition claim.
Defendants focus on the specific language of the FUTSA, which states that the Act
displaces “conflicting tort . . . and other law of this state providing civil remedies for
misappropriation of a trade secret.” Fla. Stat. § 688.008(1). However, as Grow Financial
points out, there has not yet been a determination in this litigation regarding whether the
9
information and documents at issue constitute trade secrets under Florida law. Without
this determination, Grow Financial is permitted to maintain the conversion and unfair
competition claims in the alternative. See Vacation Club Svs., Inc. v. Rodriguez, No.
6:10-cv-247-Orl-31GJK, 2010 WL 1645129, at *2 (M.D. Fla. April 22, 2010) (denying
defendant’s motion to dismiss plaintiff’s conversion claim as preempted by the FUTSA
because plaintiff’s alleged “confidential database of its timeshare members” had not yet
been determined to be a trade secret and plaintiff was “free to plead in the alternative.”).1
B.
Whether the Conversion Claim Is Sufficiently Pled
Both Defendants argue that the conversion claim fails as a matter of law because
Grow Financial still has copies of the information and documents at issue. The cases
Defendants rely upon are not factually on point. Florida law recognizes a conversion
claim, even if the rightful owner still has the information, for the wrongful taking of
confidential business information. See Warshall v. Price, 629 So. 2d 903, 904-05 (Fla.
4th DCA 1993) (concluding that a doctor’s use of the plaintiff’s confidential patient list,
which denied the plaintiff the benefit of his property, supported a claim for conversion,
even though the plaintiff still had access to the list); see also Total Mktg. Tech., Inc. v.
Angel Medflight Worldwide Air Ambulance Svs., LLC, No. 8:10-cv-2680-T-33TBM, 2012
WL 33150, at *3-*4 (M.D. Fla. Jan. 6, 2012) (concluding that the plaintiff alleged facts
1
For this same reason, Holliday’s argument that the breach of loyalty claim is preempted by
the FUTSA is denied. It is important to note that, even if the FUTSA claim ultimately prevails, the
breach of loyalty claim may not be preempted if it relates to separate acts of dishonesty, i.e., acts
other than the misappropriation of Grow Financial’s trade secrets.
10
sufficient to establish the elements of conversion by alleging the wrongful taking of
confidential business information). Accordingly, Defendants’ motions are denied with
respect to this claim.
V.
Civil Conspiracy
“A civil conspiracy requires: (a) an agreement between two or more parties, (b) to
do an unlawful act or to do a lawful act by unlawful means, (c) the doing of some overt
act in pursuance of the conspiracy, and (d) damage to plaintiff as a result of the acts done
under the conspiracy.”
Craig v. Kropp, No. 2:17-CV-180-FTM-99CM, 2017 WL
2506386, at *8 (M.D. Fla. June 9, 2017) (quoting Charles v. Fla. Foreclosure Placement
Ctr., LLC, 988 So. 2d 1157, 1159-60 (Fla. 3d DCA 2008)). Holliday argues that this
claim fails because Grow Financial does not allege sufficient facts in support of the
alleged agreement between Holliday and GTE Financial to do an unlawful act. The Court
disagrees.
The complaint alleges that GTE Financial, through its employee and officer James
Esner, asked Holliday, while she was employed at Grow Financial, to search Grow
Financial’s computer system and send certain documents to GTE Financial, knowing that
the documents were proprietary to Grow Financial.
Holliday then provided this
information to GTE Financial. This is sufficient at this stage. Accordingly, the Court
will not dismiss this claim.2
2
Holliday’s remaining arguments are without merit.
11
It is therefore ORDERED AND ADJUDGED that:
1.
Defendants’ Motions to Dismiss (Dkts. 15, 16) are granted in part and
denied in part as explained herein.
2.
Counts I and II of the complaint are dismissed without prejudice to amend
these claims within fourteen (14) days of this Order. Count V of the
complaint is dismissed per Plaintiff’s withdrawal of this claim.
3.
If Plaintiff does not file an amended complaint by the deadline stated in
paragraph 2 of this Order, Defendants shall file their answers within
fourteen (14) days of the expiration of that deadline.
DONE and ORDERED in Tampa, Florida on August 15, 2017.
Copies furnished to:
Counsel/Parties of Record
12
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?