EDITOR’S NOTE: This recent post from the PWMA Employer Law Report on the importance a BYOD policy highlights an area of current concern for bankers and other employers.
Saman Rajaee was a salesman for Design Tech Homes. He used his personal iPhone to connect to his employer’s Microsoft Exchange Server, which allowed him to access his work-related email, contacts and calendar from his phone. Design Tech did not have a BYOD policy. When Rajaee’s employment terminated, Design Tech remotely wiped his phone, which deleted all of his data, including personal emails, texts, photos, personal contacts, etc.
Rajaee sued under the federal Stored Communications (“SCA”) and Computer Fraud and Abuse Acts (“CFAA”) as well as raising various state law claims. Design Tech moved for summary judgment on the federal claims. On the SCA claim, the court held, based on Fifth Circuit precedent, that information an individual stores to his hard drive or cell phone is not in electronic storage within the meaning of the statute.
Design Tech was successful on the CFAA claim as well, but was forced to take a much riskier path than would have been necessary had it simply had a BYOD policy. Generally speaking, the CFAA prohibits accessing a protected computer without authority or in excess of authority, but requires a showing that the computer owner sustained at least $5000 in losses specifically due to either the cost of investigating and responding to an offense or the costs incurred because of a “service interruption.” In Rajaee, …