Employer Wins Dismissal of Federal Claims for Wiping Data from Terminated Employee’s Smart Phone

In one of the first reported cases of its kind, a federal district court in Texas recently dismissed federal claims brought under the Electronic Communications Privacy Act (“ECPA”) and the Consumer Fraud & Abuse Act  (“CFAA”) after the plaintiff’s former employer remotely deleted all personal and professional data on his personal smart phone.  Rajaee v. Design Tech. Homes, Ltd. (11/11/14).  The plaintiff, Mr. Rajaee, worked for Design Tech.  His job required constant access to e-mail and to respond to customer requirements, but his employer did not provide him with a smart phone.  Instead, Plaintiff used his own personal smart phone, and had it synced to his employer’s server so he could access e-mail, contacts and calendar entries.   Plaintiff submitted his resignation, giving two weeks’ notice.  His employer decided instead to terminate him immediately, and then proceeded to remotely delete all of the contents of his phone, restoring it to its factory settings.  As a result, Mr. Rajaee lost all of his family and business contacts (including those preceding his employment with Design Tech), passwords and personal photos, a loss he valued at $105,100.

In its November 11, 2014 Order, the United States District Court for the Southern District of Texas first ruled that information an individual stores on his hard drive or cell phone is not “in electronic storage” under the ECPA, and therefore that claim was summarily dismissed.  Next, the court rejected Mr. Rajaee’s CFAA claim, noting that the only losses recognized under that statute are the costs of investigating or responding to deletion of data and costs incurred from an interruption in service.  Although Mr. Rajaee claimed he suffered $105,100 as a result of the remote wipe, the court determined that he had not met his burden of demonstrating that those losses were costs he incurred to investigate or respond to the deletion of his data.  Moreover, the deletion of his personal data from the phone did not constitute an “interruption of service”.  Therefore, because Mr. Rajaee was unable to present evidence that he sustained at least the required $5,000 loss, his CFAA claim was also dismissed.   (His Texas state law claims (misappropriation of confidential information, violation of the Texas Theft Liability Act, negligence, and conversion) were dismissed without prejudice as the federal court chose against exercising supplemental jurisdiction over those claims after it dismissed all of the federal law claims.)

Employers who plan on remotely wiping employees’ personal phones following termination should consider clearly explaining this practice in their Bring Your Own Device (BYOD) policy.