Uncategorized

Someone Hack Your Computer Network? He Might Not Be Liable For Computer Trespass

Where an employee used his own computer to access his former employer’s computer network and take its confidential information, he might not be liable under North Carolina’s Computer Trespass law, N.C.G.S. §14-458.  Encompass Services, PLLC v. Maser Consulting, P.A. and Hilsman, 2019 NCBC 66 (J. McGuire).  Nonetheless, because the complaint put the employee on notice of the employer’s claim for computer trespass, the Business Court denied the employee’s motion to dismiss.

Plaintiff Encompass Services, PLLC (“Encompass”) provides land surveying services for oil and gas transmission pipelines.  Encompass compiles extensive data concerning cost, topography drawings, and environmental issues to bid on a customer’s project. Encompass considers all information it uses to create its bid to be trade secret information and stores the information on a password-protected computer server.  Only certain employees have access to the bid information which is controlled and monitored by CMIT, a third-party IT provider.  In April 2015, Encompass hired defendant Hilsman as a survey coordinator for its various projects.  At that time, Hilsman signed an employment agreement whereby he agreed not to disclose Encompass’ trade secrets and confidential information for a period of one year following the end of his employment.  As a survey coordinator, Hilsman had access to Encompass’ bids and the various trade secret information used to create the bids.  In August 2018, Hilsman resigned from Encompass, turned in his company-issued computer, and went to work for a competitor, Maser Consulting P.A. (“Maser”).  Although Encompass directed CMIT to terminate Hilsman’s access to its server, CMIT apparently failed to do so and did not discover its error until January 2019.  During the interim four (4) months between his resignation and CMIT’s discovery in January 2019, Hilsman allegedly accessed Encompass’ network numerous times to download Encompass’ trade secret information.  Hilsman and Maser allegedly used the downloaded information to underbid Encompass and win at least two projects.   Encompass filed suit, asserting claims for, inter alia, computer trespass in violation of North Carolina’s Computer Trespass law, N.C.G.S. §14-458.  Hilsman moved to dismiss the computer trespass claim, arguing that his access of Encompass’ network system with his own computer was not a violation of the law.

The Business Court denied Hilsman’s motion to dismiss. In doing so, the Business Court struggled with the statute’s apparent failure to extend “unauthorized” access to include accessing a computer network. Unable to find any appellate authority analyzing civil computer trespass claims, the Business Court nonetheless allowed Encompass’ computer trespass claim against Hilsman to go forward because the complaint “put Hilsman on notice of the claim asserted against it.” (Opinion, ¶45).  The Business Court also noted that the complaint failed to allege what Hilsman had been advised about accessing the computer network once he was terminated.

Based upon this decision, a business would be well-served to include a provision in its employment agreement for anyone being given access to its computer network that, upon termination, the employee agrees that she will not access the network any further.

Additional legal points from this decision:

  • The Business Court will not permit a claim for conversion of electronically stored information so long as the owner can still access the information, continuing its departure from federal case law.  (Opinion, ¶¶27,28).
  • North Carolina Rules of Civil Procedure requires a motion to dismiss be filed before an answer or other responsive pleading and the failure to do so can result in denial of the motion. (Id., ¶¶2-4).

Categories: Uncategorized

Leave a Reply