Grow Financial Federal Credit Union v. GTE Federal Credit Union et al

Filing 25

ORDER: Defendants' Motions to Dismiss 15 16 are granted in part and denied in part as explained herein. Counts I and II of the complaint are dismissed without prejudice to amend these claims within fourteen (14) days of this Order. Cou nt V of the complaint is dismissed per Plaintiff's withdrawal of this claim. If Plaintiff does not file an amended complaint by the deadline stated in paragraph 2 of this Order, Defendants shall file their answers within fourteen (14) days of the expiration of that deadline. Signed by Judge James S. Moody, Jr. on 8/15/2017. (LN)

Download PDF
UNITED STATES DISTRICT COURT MIDDLE DISTRICT OF FLORIDA TAMPA DIVISION GROW FINANCIAL FEDERAL CREDIT UNION, a Federally Chartered Credit Union, Plaintiff, v. Case No: 8:17-cv-1239-T-30JSS GTE FEDERAL CREDIT UNION d/b/a GTE FINANCIAL, a Federally Chartered Credit Union, and ERICA PIERSON HOLLIDAY a/k/a Erica Pierson, an individual, Defendants. ORDER THIS CAUSE comes before the Court upon Defendants’ Motions to Dismiss (Dkts. 15, 16) and Plaintiff’s Response in Opposition (Dkt. 24). Upon review, the Court concludes that Defendants’ motions should be granted in part and denied in part. BACKGROUND In this lawsuit, Plaintiff Grow Financial Federal Credit Union (“Grow Financial”) is suing its competitor, Defendant GTE Federal Credit Union d/b/a GTE Financial, and Grow Financial’s former employee Erica Pierson Holliday, who is now employed by GTE Financial. Grow Financial alleges that Holliday, while still employed by Grow Financial, sent Grow Financial’s trade secrets and confidential/proprietary information to GTE Financial. Grow Financial alleges the following claims against Holliday: the Federal Computer Fraud and Abuse Act (“CFAA”) (Count I); the Florida Computer Abuse and Data Recovery Act (“CADRA”) (Count II); and common law breach of duty of loyalty (Count VIII). Grow Financial alleges the following claims against both Defendants: misappropriation of trade secrets under the Federal Defendant Trade Secrets Act (“DTSA”) (Count III) and the Florida Uniform Trade Secrets Act (“FUTSA”) (Count IV); tortious interference with advantageous business relationships (Count V); conversion (Count VI); common law unfair competition (Count VII), and civil conspiracy (Count IX). Holliday and GTE Financial now move to dismiss all of the claims for failure to state a claim under Rule 12(b)(6) of the Federal Rules of Civil Procedure. As explained below, the Court grants the motions to the extent that it dismisses the claims against Holliday under the CFAA and the CADRA. The Court also dismisses the claim of tortious interference with advantageous business relationships based on Grow Financial’s withdrawal of this claim. LEGAL STANDARD Federal Rule of Civil Procedure 12(b)(6) allows a court to dismiss a complaint when it fails to state a claim upon which relief can be granted. When reviewing a motion to dismiss, a court must accept all factual allegations contained in the complaint as true. See Erickson v. Pardus, 551 U.S. 89, 94 (2007) (internal citation omitted). It must also 2 construe those factual allegations in the light most favorable to the plaintiff. See Hunt v. Aimco Properties, L.P., 814 F.3d 1213, 1221 (11th Cir. 2016) (internal citation omitted). To withstand a motion to dismiss, the complaint must include “enough facts to state a claim to relief that is plausible on its face.” Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007). A claim has facial plausibility “when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). Pleadings that offer only “labels and conclusions,” or a “formulaic recitation of the elements of a cause of action,” will not do. Twombly, 550 U.S. at 555. DISCUSSION I. CFAA The CFAA provides a cause of action for the improper access to protected computers. See 18 U.S.C. §1030, et. seq. As it relates to this case, the statute provides that “[w]hoever - (2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains” information from a protected computer is subject to liability. Id. at 1030(a)(2). Holliday argues that Grow Financial does not allege any facts demonstrating that she exceeded her authorized access. The Court agrees. The term, “exceeds authorized access” is defined in the CFAA as “access to a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled to obtain or alter.” Id. at 1030(e)(6). Here, 3 Grow Financial alleges that access to the subject information was necessary for Holliday to perform her job duties. Grow Financial contends that Holliday improperly used or disclosed the information that she accessed when she provided it to GTE Financial while she was still employed at Grow Financial. But, as this Court has previously held, an improper use of data is not tantamount to exceeding authorization under the CFAA. See Maintenx Mgmt., Inc. v. Lenkowski, No. 8:14-cv-2440-T-30MAP, 2015 WL 310543, *2*3 (M.D. Fla. Jan. 25, 2015) (“The facts put forth by Maintenx support the notion that Lenkowski misused data he obtained from Maintenx’s computers, not that he somehow exceeded his seemingly unfettered access.”). Although this Court’s prior holding in Lenkowski is not addressed in the parties’ briefs, Lenkowski is consistent with the majority view in this circuit that applies a narrow definition of “exceeds authorized access.” See Enhanced Recovery Co., LLC v. Frady, No. 3:13-cv-1262-J-34JBT, 2015 WL 1470852, *5-*7 (Mar. 31, 2015) (listing cases). As the court explained in Enhanced Recovery, “[q]uite simply, without authorization means exactly that: the employee was not granted access by his employer. Similarly, exceeds authorized access simply means that, while an employee’s initial access was permitted, the employee accessed information for which the employer had not provided permission.” Id. The Court sees no reason to depart from its reasoning in Lenkowski or from the majority view. Notably, if the Court were to apply the CFAA to an employee like 4 Holliday, who allegedly divulged trade secrets that she was actually permitted to access, or who violated computer usage policies, the Court would be taking the CFAA beyond “its original purpose of targeting computer hackers.” Enhanced Recovery 2015 WL 1470852 at *8 (citations omitted). Under this broad interpretation, the CFAA would be potentially violated each time an employee accessed an employer’s “confidential” information for an improper purpose. The Court will not construe the statute in this broad manner. Although the Court believes that amendment of the CFAA claim would most likely be futile, the Court will permit Grow Financial to amend this claim if it can allege facts that demonstrate that Holliday accessed information without Grow Financial’s permission. The analysis focuses on Grow Financial’s actions, rather than the subjective motivation of Holliday, because whether an employee exceeded her authorized access turns on what information the employer permitted that employee to access. See Allied Portables, LLC v. Youmans, No. 2:15-cv-294-FtM-38CM, 2015 WL 3720107, *5 (M.D. Fla. June 15, 2015) (discussing same). II. CADRA Like its federal counterpart, the purpose of the Florida Computer Abuse and Data Recovery Act is to safeguard computer systems against unauthorized access. See Fla. Stat. § 668.801. Under section 668.803(1), it is a violation for a person to “knowingly and with intent to cause harm or loss” “[o]btain[] information from a protected computer 5 without authorization.” “Without authorization” is defined as “access to a protected computer by a person who: (a) Is not an authorized user; (b) Has stolen a technological access barrier of an authorized user; or (c) Circumvents a technological access barrier on a protected computer without the express or implied permission of the owner, operator, or lessee of the computer or the express or implied permission of the owner of information stored in the protected computer.” Fla. Stat. § 668.802(9)(a)-(c). The statute also defines the term “authorized user” as including an “employee . . . of the owner, operator, or lessee of the protected computer . . . if the . . . employee . . . is given express permission by the owner, operator, or lessee of the protected computer . . . to access the protected computer through a technological access barrier.” Fla. Stat. § 668.802(1). Applying these definitions, Grow Financial has failed to allege that Holliday accessed its computer system without authorization. The allegations do not state that Holliday was not an authorized user, had stolen a technological barrier of an authorized user, or otherwise circumvented a technological barrier of Grow Financial’s computer system. Accordingly, the Court dismisses this claim. Much like the CFAA claim, the Court believes that amending this claim would be futile. However, the Court will permit Grow Financial to amend this claim if it can plead the necessary facts to establish that Holliday was without authorization when she accessed its computer system. 6 III. Federal and State Trade Secret Misappropriation A. Subject Matter Jurisdiction over the Federal Defend Trade Secrets Act The FDTSA vests federal courts with original jurisdiction to decide civil cases involving misappropriation of trade secrets as long as “the trade secret is related to a product or service used in, or intended for use in, interstate or foreign commerce.” 18 U.S.C. § 1836(b)(1). Defendants argue the Court lacks subject matter jurisdiction over the FDTSA claim because the complaint does not allege a connection between the alleged trade secrets and interstate commerce. The Court disagrees. The complaint alleges that Grow Financial is “a federally chartered credit union” that is “subject to the Gramm-Leach-Bliley Act of 1999 and the National Credit Union Administration’s rules and regulations for privacy and confidentiality.” (Dkt. 1 ¶10). Grow Financial “provides various financial products and services to its members, such as savings and checking accounts, mortgages, vehicle loans, credit cards, money management services, etc.” and uses the trade secrets at issue “in connection with the provision of its products and services in interstate U.S. commerce.” Id. at ¶¶7, 51. This is sufficient at this stage to establish a nexus between the trade secrets that were allegedly misappropriated and interstate commerce. B. Whether the Trade Secret Claims Are Sufficiently Pled “In a trade secret action, the plaintiff bears the burden of demonstrating both that the specific information it seeks to protect is secret and that it has taken reasonable steps 7 to protect this secrecy.” Am. Red Cross v. Palm Beach Blood Bank, Inc., 143 F.3d 1407, 1410 (11th Cir. 1998). Holliday argues that Grow Financial has not pled sufficient facts to state a cause of action for trade secret misappropriation under federal and Florida law. Holliday’s motion reads like a summary judgment motion and largely focuses on whether the information at issue constituted a trade secret, which is typically a question of fact. At this stage, there are numerous allegations about the secret nature of the information and the steps Grow Financial took to protect the information. For example, the complaint alleges Grow Financial’s ownership of the trade secrets and then describes them in detail as Grow Financial’s “list of members, its operating policies and procedures, . . . customized reports and documents - some created in-house, others commissioned through third parties . . ., lending strategy materials and internal procedures relating to the manner in which Grow Financial processes loan applications, financial analysis, and market research.” (Dkt. 1 ¶¶ 8-9, 51, 63). The complaint also alleges that Grow Financial took reasonable steps to protect the secrecy of its trade secrets and then goes into detail about its computer system’s secure programming, testing, auditing, and on-going education of its employees about the sensitive nature of the trade secrets. The complaint alleges that employees are required to acknowledge annually, in writing, their duty to safeguard the information. 8 The complaint alleges that Holliday surreptitiously disclosed various proprietary Grow Financial documents to GTE Financial by first emailing them from her company email account to her personal account and then forwarding them from her personal account to GTE Financial. Moreover, Holliday emailed or printed out dozens of reports and other documents, many of which contained confidential and/or proprietary Grow Financial information and copied the trade secrets without Grow Financial’s consent or authorization. The complaint includes a specific example of a proprietary “Dealer Scorecard” that Holliday provided to GTE Financial, which Holliday and GTE Financial then used and continue to use. In sum, at this stage, Grow Financial has alleged sufficient facts to plausibly state a cause of action under the DTSA and the FUTSA. Accordingly, the Court will not dismiss Counts III and IV of the complaint. IV. The Conversion and Unfair Competition Claims A. Preemption Both defendants argue that Grow Financial’s conversion claim is preempted by the FUTSA and GTE Financial makes the same argument for the unfair competition claim. Defendants focus on the specific language of the FUTSA, which states that the Act displaces “conflicting tort . . . and other law of this state providing civil remedies for misappropriation of a trade secret.” Fla. Stat. § 688.008(1). However, as Grow Financial points out, there has not yet been a determination in this litigation regarding whether the 9 information and documents at issue constitute trade secrets under Florida law. Without this determination, Grow Financial is permitted to maintain the conversion and unfair competition claims in the alternative. See Vacation Club Svs., Inc. v. Rodriguez, No. 6:10-cv-247-Orl-31GJK, 2010 WL 1645129, at *2 (M.D. Fla. April 22, 2010) (denying defendant’s motion to dismiss plaintiff’s conversion claim as preempted by the FUTSA because plaintiff’s alleged “confidential database of its timeshare members” had not yet been determined to be a trade secret and plaintiff was “free to plead in the alternative.”).1 B. Whether the Conversion Claim Is Sufficiently Pled Both Defendants argue that the conversion claim fails as a matter of law because Grow Financial still has copies of the information and documents at issue. The cases Defendants rely upon are not factually on point. Florida law recognizes a conversion claim, even if the rightful owner still has the information, for the wrongful taking of confidential business information. See Warshall v. Price, 629 So. 2d 903, 904-05 (Fla. 4th DCA 1993) (concluding that a doctor’s use of the plaintiff’s confidential patient list, which denied the plaintiff the benefit of his property, supported a claim for conversion, even though the plaintiff still had access to the list); see also Total Mktg. Tech., Inc. v. Angel Medflight Worldwide Air Ambulance Svs., LLC, No. 8:10-cv-2680-T-33TBM, 2012 WL 33150, at *3-*4 (M.D. Fla. Jan. 6, 2012) (concluding that the plaintiff alleged facts 1 For this same reason, Holliday’s argument that the breach of loyalty claim is preempted by the FUTSA is denied. It is important to note that, even if the FUTSA claim ultimately prevails, the breach of loyalty claim may not be preempted if it relates to separate acts of dishonesty, i.e., acts other than the misappropriation of Grow Financial’s trade secrets. 10 sufficient to establish the elements of conversion by alleging the wrongful taking of confidential business information). Accordingly, Defendants’ motions are denied with respect to this claim. V. Civil Conspiracy “A civil conspiracy requires: (a) an agreement between two or more parties, (b) to do an unlawful act or to do a lawful act by unlawful means, (c) the doing of some overt act in pursuance of the conspiracy, and (d) damage to plaintiff as a result of the acts done under the conspiracy.” Craig v. Kropp, No. 2:17-CV-180-FTM-99CM, 2017 WL 2506386, at *8 (M.D. Fla. June 9, 2017) (quoting Charles v. Fla. Foreclosure Placement Ctr., LLC, 988 So. 2d 1157, 1159-60 (Fla. 3d DCA 2008)). Holliday argues that this claim fails because Grow Financial does not allege sufficient facts in support of the alleged agreement between Holliday and GTE Financial to do an unlawful act. The Court disagrees. The complaint alleges that GTE Financial, through its employee and officer James Esner, asked Holliday, while she was employed at Grow Financial, to search Grow Financial’s computer system and send certain documents to GTE Financial, knowing that the documents were proprietary to Grow Financial. Holliday then provided this information to GTE Financial. This is sufficient at this stage. Accordingly, the Court will not dismiss this claim.2 2 Holliday’s remaining arguments are without merit. 11 It is therefore ORDERED AND ADJUDGED that: 1. Defendants’ Motions to Dismiss (Dkts. 15, 16) are granted in part and denied in part as explained herein. 2. Counts I and II of the complaint are dismissed without prejudice to amend these claims within fourteen (14) days of this Order. Count V of the complaint is dismissed per Plaintiff’s withdrawal of this claim. 3. If Plaintiff does not file an amended complaint by the deadline stated in paragraph 2 of this Order, Defendants shall file their answers within fourteen (14) days of the expiration of that deadline. DONE and ORDERED in Tampa, Florida on August 15, 2017. Copies furnished to: Counsel/Parties of Record 12

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.


Why Is My Information Online?