Privacy and Cybersecurity

On May 22, the Eleventh Circuit clarified trade secrets misappropriation analysis under the Florida Uniform Trade Secrets Act (“FUTSA”), strengthening the trade secret protection offered by the statute. The decision vacated a magistrate judge’s finding that the defendants had not misappropriated trade secretes following a bench trial in the Compulife Software Inc. v. Newman et al. matter (No. 18-12004). The court found error in the magistrate’s failure to “consider the several alternative varieties of misappropriation” contemplated by FUTSA and the magistrate’s reasoning that the public availability of life insurance quotes on the plaintiff’s website “automatically precluded a finding that scraping those quotes constituted misappropriation.”

“At its essence, it’s a case about high-tech corporate espionage,” Circuit Judge Kevin C. Newsom’s opinion begins. The plaintiff, Compulife Software Inc. (“Compulife”), sells access to its online database of insurance premium information, which synthesizes publicly available insurers’ rate tables using Compulife’s proprietary method and formula. Compulife also provides life insurance quotes sourced from its online database. The database itself is valuable because it consistently updates with current information about life insurers’ rate tables and allows for direct comparison across dozens of providers. Compulife licenses access to the database to its customers—primarily insurance agents who in turn seek to provide reliable insurance rate estimates to policyholders. In direct competition with Compulife, the defendants likewise generate life insurance quotes through their various websites.


Continue Reading Eleventh Circuit Solidifies Protection of Trade Secrets Threatened By “High-Tech Corporate Espionage” Under Florida’s Trade Secret Law

The COVID-19 crisis has presented an array of novel issues for companies, including new and unexpected cybersecurity threats. In addition to the now well-known security limitations of video platforms such as Zoom, we are seeing cyber-attacks in the form of COVID-19 related phishing attempts and ransomware attacks. In at least some of these attempted hacks, cybercriminals are hoping to steal trade secrets.

  • Cybercriminals are taking advantage of the novel at-home working environment and the increased fear and uncertainty surrounding the pandemic to launch malware and phishing attacks related to COVID-19.
  • Employees may be more likely to click a link or open an attachment, even though they would never consider doing so in a normal situation at work.
  • Therefore, malware may pose more of a danger than it did when employees primarily accessed their email over their employers’ traditionally more protected systems.
  • Companies should consider putting employees on notice about the COVID-19 related phishing attempts and provide examples of common scams.


Continue Reading COVID-19 and the Unique Opportunity for Phishing

On April 20, 2020, the Supreme Court granted cert in Van Buren v. United States, to resolve an important circuit split over the meaning of “authorized access” under the Computer Fraud and Abuse Act (CFAA). This is the Court’s first foray into analyzing the precise contours of CFAA liability. Van Buren may have far-reaching implications for any individual or business operating in the digital domain, as the scope of civil and criminal liability under the CFAA can impact just about any sort of relationship involving access to computer systems, whether it be employer-employee relationships or third-party relationships.

The CFAA was enacted in 1986 as a first-of-its-kind statute designed to combat computer-related crimes, and has become an important and powerful tool for not only for the government but any business seeking to protect its intellectual property and computer systems. The CFAA imposes criminal liability on any person who “intentionally accesses a computer without authorization” or “exceeds authorized access” and, in doing so, obtains information from any protected computer. The CFAA also provides a civil cause of action for similar conduct. See 18 U.S.C. §§ 1030(a)(2), 1030(a)(4), 1030(a)(5)(B)-(C).
Continue Reading “Authorized Access”: The Supreme Court’s First Foray Into The Computer Fraud and Abuse Act