New Law CADRA Provides A Civil Remedy for Hacking and Cyber Fraud
On May 14, 2015 Governor Rick Scott signed the Computer Abuse and Data Recovery Act (CADRA) into law. This new law is designed to provide a civil remedy for businesses harmed by unauthorized access to protected computers and includes a safeguard to the owners of the information stored on those computers.
The Florida legislature has made previous attempts to address this growing issue by passing the Florida Computer Crimes Act, which prohibited unauthorized access to a computer. However, a civil action under this statute could not be filed until there had been a criminal conviction under the same statute.
Under CADRA, businesses can pursue a civil action for “harm or loss” suffered as a result of unauthorized access to “protected computers.” A “protected computer” is defined as a computer “that is used in connection with the operation of a business and stores information, programs, or code in connection with the operation of the business in which the stored information, programs, or code can be accessed only by employing a technological access barrier.” Harm or loss is defined as “any impairment to the integrity, access, or availability of data, programs, systems, or information” including “the business’s economic damages, lost profits, costs incurred due to a post-breach damage assessment, consequential damages, as well as the profits earned” the violator.
A party suing under CADRA can recover actual damages, any gains obtained by the violator, injunctive relief, and will be entitled to recover the stolen data. Finally, the violator will be responsible for paying the attorneys fees for the aggrieved party.
In order to seek protection under CADRA business owners need to be proactive and implement “technological access barriers.” The purpose behind the requirement can be found in the language of CADRA. In order for a violation to occur a violator must access a protected computer “without authorization”. The term “without authorization” specifically excludes from its definition circumventing a technological measure that does not effectively control access to the protected computer”. This requires that the business owners need to take some measures to effectively protect the computer by using technological measures, such as a password.
CADRA isn’t the silver bullet in dealing with Hacking and Computer Fraud. For example, the statute contains ambiguity in dealing with rogue employees. Typically employees have authorization to access a computer, but the statue does not address any actions by a rogue employee. Finally, the scope of CADRA is unclear. The statute does not expressly limit its application to businesses or computers in Florida.
While there are some issues with CADRA, it can serve as a powerful tool for businesses dealing with Hacking or Cyber Fraud.
If you are a business owner and are dealing with Hacking or Cyber Fraud contact Lindsay & Allen, PLLC for a free consultation.