A Texas federal court recently dismissed the claim of a former salesperson whose employer remotely wiped his cellphone after his termination. Rajaee v. Design Tech Homes, Ltd. (S. D. Tex. 2014).
Rajaee worked as a salesperson for Design Tech Homes, Ltd. for one year before resigning his employment. During his employment, he used his personal cell phone to connect to Design Tech’s server for business purposes. After receiving Rajaee’s two-week notice, Design Tech let Rajaee go immediately and remotely wiped his cell phone, restoring it to factory settings.
Rajaee sued Design Tech under the federal Computer Fraud and Abuse Act (CFAA) for his loss of personal data including family and business contacts, personal photos and videos, and passwords. Rajaee estimated the value of his loss at $105,000, but was unable to convince the court that this data had intrinsic value. The court said that to succeed in his CFAA claim, Rajaee had to show that Design Tech’s unauthorized access or access in excess of what was authorized to his phone caused a loss of more than $5,000 in a one-year period. The court added that the only “losses” recognized by the CFAA are for the costs of investigating or responding to violations or for service interruptions. Rajaee did not prove that his losses fell into either of these categories.
While this case ended in a good result for the employer, the litigation could perhaps have been avoided altogether if Design Tech had established a Bring Your Own Device policy or agreement, authorizing it to remotely wipe an employee’s personal phone when the phone was reported lost or stolen or not submitted for inspection upon separation of employment to confirm confidential or proprietary information could not be misappropriated. If your employees use their personal cell phones to access your company’s system for work purposes, we recommend having at least a basic BYOD policy or agreement. Contact us for assistance in developing or modifying your BOYD policies, agreements, and practices.