Opinion
B308548
08-26-2022
PHONEXA HOLDINGS, LLC, Plaintiff and Respondent, v. RACHEL O'CONNOR et al., Defendants and Appellants.
Warren Terzian, Tom Warren, Dan Terzian, and Erick Kuylman for Defendants and Appellants. Law Office of Steven R. Friedman, Steven R. Friedman, and Michael E. Friedman for Plaintiff and Respondent.
NOT TO BE PUBLISHED
APPEAL from an order of the Superior Court of Los Angeles County No. 20STCV29922, Richard L. Fruin, Jr., Judge. Vacated and remanded with directions.
Warren Terzian, Tom Warren, Dan Terzian, and Erick Kuylman for Defendants and Appellants.
Law Office of Steven R. Friedman, Steven R. Friedman, and Michael E. Friedman for Plaintiff and Respondent.
BAKER, J.
Plaintiff Phonexa Holdings, LLC (Phonexa) hired defendant Rachel O'Connor (O'Connor) as its chief marketing officer in February 2020. Phonexa fired her a few months later, after she raised concerns about the company's compliance with COVID-19 public health measures, and then sued her and her husband, Sean Halley (Halley), for copying data from a company-owned computer after she was fired. In a special motion to strike pursuant to Code of Civil Procedure section 425.16, the anti-SLAPP statute, O'Connor and Halley contended they copied the data in preparation to bring various employment claims against Phonexa-claims that O'Connor did in fact assert against the company in a cross complaint after Phonexa was the first to file suit. In this appeal from the trial court's order denying the special motion to strike, we consider whether Phonexa's claims arise from protected petitioning activity and whether they have minimal merit.
Undesignated statutory references that follow are to the Code of Civil Procedure.
I. BACKGROUND
A. Phonexa's Complaint
Phonexa filed its complaint against O'Connor and Halley in August 2020; the gist of the lawsuit is that they stole proprietary information from the company. Among other things, Phonexa alleged O'Connor's relationship with senior management at the company deteriorated and she took two days off work starting on July 20, 2020, during which she "cop[ied] the hard drive of her work computer to a series of personal external hard drives and thumb drives" with help from her husband, Halley. Phonexa terminated O'Connor's employment on July 22, 2020, and Phonexa further alleged O'Connor copied the electronic materials at the direction of Leslie Rosario (Rosario), vice president of human resources at Informa Markets Manufacturing, LLC (Informa), to steal Phonexa's trade secrets.
Rosario and Informa are named as defendants in the complaint but they were not parties to the motion at issue in this appeal.
Phonexa's specific causes of action against O'Connor are for breaching confidentiality agreements, breach of fiduciary duty, violation of the Computer Fraud and Abuse Act (CFAA) (18 U.S.C. § 1030), violation of California's analogue of the CFAA (Pen. Code, § 502), misappropriation of trade secrets, violation of the Unfair Competition Law (Bus. &Prof. Code, § 17200), receipt of stolen property (Pen. Code, § 496), and conversion.
B. O'Connor's Cross Complaint
O'Connor filed a cross complaint asserting multiple employment claims against Phonexa. O'Connor alleged that Phonexa's chief executive officer, David Gasparyan (Gasparyan), initially authorized Phonexa employees to work from home in compliance with state-wide stay-at-home orders issued in response to COVID-19, but several members of O'Connor's marketing team continued to work from Phonexa's offices and Gasparyan "would question and interrogate employees who were working from home." Gasparyan dismissed COVID-19 as a "hoax" and, when O'Connor shared employee concerns regarding Phonexa's return-to-work policy with human resources, Gasparyan demanded the complaining employees' names and threatened retaliation.
O'Connor's cross-complaint further alleged that she has various risk factors making her particularly vulnerable to COVID-19 and that she worked remotely during her tenure at Phonexa. During a July 20, 2020, phone call, O'Connor alleged Gasparyan "berated and belittled" her and "falsely accus[ed] her of forcing her direct reports to work from home ...." O'Connor alleged her termination on July 22, 2020, came only hours after she "sent a formal written complaint to [Phonexa] via email," that raised "various health and safety issues, including [Phonexa's] non-compliance with state-mandated rules and regulations" and accusing Phonexa of retaliation and harassment.
O'Connor's specific causes of action against Phonexa are for wrongful termination in violation of public policy, retaliation in violation of Labor Code sections 1102.5 and 6310, violation of Labor Code section 6400, violation of the Unfair Competition Law, disability discrimination, failure to accommodate, and failure to engage in the interactive process.
C. O'Connor and Halley's Anti-SLAPP Motion
After O'Connor filed her cross complaint, O'Connor and Halley filed a special motion to strike Phonexa's complaint in its entirety or, in the alternative, each of the various claims against them. They contended their copying of company data, which served as the basis for all of Phonexa's claims against them, was undertaken in anticipation of litigation and qualified as protected activity under the anti-SLAPP statute. They further contended Phonexa could not demonstrate its claims against them have minimal merit because (1) free speech and petition guarantees are a complete defense; (2) several of Phonexa's claims are superseded by the trade secrets claim, which is itself preempted by federal law; and (3) the contract claims fail because the relevant agreements are unenforceable.
We omit arguments O'Connor and Halley have abandoned on appeal.
O'Connor submitted a declaration detailing the circumstances of her departure from Phonexa. According to her declaration, after a July 20, 2020, phone call concerning the company's COVID-19 policies, O'Connor "sense[d] that . . . Gasparyan was going to fire [her] over [her] following the law and the General Counsel's directions." She called her lawyer to discuss a potential unlawful retaliation lawsuit against the company. Then, on July 22, 2020, O'Connor sent Gasparyan and other senior executives an email that stated, among other things, that "[t]he workplace is not safe to return to, with no enforced social distancing guidelines, no mandatory mask requirements, and the requirement that employees sign a waiver of liability in the event they get sick to any degree, including death. The workplace is not safe at this time, and there is a mandate that those who work from home do so." Less than two hours later, Lilit Davtyan (Davtyan), Phonexa's executive vice president and chief financial officer, fired O'Connor. According to O'Connor's declaration, Davtyan said Phonexa would send a courier to collect her company-issued computer, and O'Connor "then copied data . . . for [her] lawsuit against Phonexa and . . . Gasparyan." O'Connor did so because she "feared that Phonexa would delete the data" and believed it "was critical to [her] consulting with lawyers about [her] rights and [her] claims."
This declaration attached several exhibits reflecting Gasparyan's attitude toward COVID-19 precautions and the pressure that O'Connor and others felt to return to the office. These include, for example, an email Gasparyan sent to O'Connor stating that, "when it comes to working from the home or the officeI decide that, NO ONE ELSE and that's not the department heads decision or encouragement. [¶] Additionally, it should not matter for a department head if the employee works from home or the office, as long as they want to come to the office. That's the bottom line so let[']s make their life easier than what they have been facing during the Government's massive control of the population and the entire inconsistency of their guidelines.... You still can work from home until we hear the Government's next guidelines - once it's open and all this crap is over then I will request you to come to the office on a daily basis ...." In a similar vein, O'Connor received emails from Phonexa's head of human resources which included messages from Gasparyan demanding the names of employees raising concerns about Phonexa's COVID-19 policies so he could "cut[ ] the fat."
O'Connor's declaration stated Phonexa's courier arrived to retrieve her computer around 3:30 p.m. Prior to the courier's arrival, O'Connor "had various calls with HR about paperwork" and communicated with members of the marketing department with whom she "had previously scheduled meetings." O'Connor was paid for the full day and believed she was authorized to access company data until the workday ended at 5:00 p.m. O'Connor's company-issued computer was also linked to her personal Apple iCloud and iMessage accounts. With these links, Phonexa would have been able to see text messages she exchanged with Rosario discussing "Gasparyan's unlawful conduct; [O'Connor's] speaking with a lawyer about a retaliation lawsuit against Phonexa; and [her] copying certain data for proving Phonexa's unlawful conduct and providing to [her] lawyer."
O'Connor attached excerpts of these communications to her declaration.
Halley submitted a declaration explaining that after O'Connor told him "she had just been fired from Phonexa," he helped her "creat[e] a cloned copy of her hard drive." Halley did not review the information on the hard drive. O'Connor's "sole aim was copying email and Skype communications," and she believed that if she and Halley "inadvertently" copied other material, "Phonexa's documents were stored on the cloud" and she would no longer be able to open copied hyperlinks when her credentials were deactivated. In a supplemental declaration, O'Connor acknowledged she "sometimes downloaded local copies from the cloud to [her] laptop."
Both O'Connor and Halley averred they gave the copied data only to O'Connor's attorneys. The only Phonexa materials O'Connor reviewed following her termination were communications relating to her termination.
D. Phonexa's Opposition to the Anti-SLAPP Motion
Phonexa argued O'Connor and Halley did not satisfy their initial burden of demonstrating Phonexa's claims arose from protected activity because (1) Phonexa's complaint did not mention activity taken in anticipation of litigation and (2) the relevant conduct was illegal as a matter of law. In the alternative, Phonexa contended its claims had minimal merit.
Davtyan (the executive who fired O'Connor) stated in a declaration that O'Connor gave "instructions to employees which [Davtyan] and the CEO [Gasparyan] viewed as contrary to Phonexa's established policies and the chain of command." Following the July 20, 2020, call during which "Gasparyan attempted to clear up with the marketing team the confusion created by O'Connor regarding the work from home policy," Davtyan and Gasparyan reviewed O'Connor's computer usage and became concerned that she was researching how to export data. Davtyan stated the discovery that O'Connor "was exploring how to export Phonexa information[ ] contributed significantly to her termination." Davtyan called O'Connor at approximately 9:00 a.m. on July 22, 2020, to tell her "that her employment at Phonexa was terminated immediately" and she no longer had permission to access Phonexa data. Phonexa's general counsel, Michael Cordova (Cordova), sent O'Connor an email the same morning reiterating these points. (Cordova's email is not included as an exhibit to Davtyan's declaration and it is not discussed in Cordova's declaration.) Davtyan asserted Phonexa was not aware O'Connor was contemplating a lawsuit against Phonexa when she was terminated.
In a declaration filed with her reply brief, O'Connor stated that Davtyan "left [her] with a task to complete at Phonexa later that day" and did not revoke her permission to access data on her Phonexa-issued computer. O'Connor further stated Cordova's email was sent at 10:50 a.m. and she did not see it for several hours.
A consultant hired to perform a forensic examination of O'Connor's computer, Michael Garlie (Garlie), stated someone using O'Connor's credentials installed (and later deleted) software used to clone the hard drive after 9:00 a.m. on July 22, 2020. Garlie prepared a list of the files that were on O'Connor's computer, including both "program or system files and other files which do not contain Phonexa data" and "at least 300 . . . files . . . [were] easily identifiable as Phonexa data because they . . . contain a regular language descriptive name and are PDF, Word, Excel, or PowerPoint files ...." Garlie billed Phonexa $9,883.30 for his work.
Davtyan and another employee in Phonexa's marketing department reviewed Garlie's list of files and identified several that included sensitive business information unrelated to Phonexa's COVID-19 policies. These include, for example, a spreadsheet listing Phonexa's clients, a marketing budget spreadsheet, marketing strategy materials, and passwords to various marketing and social media accounts.
E. The Trial Court's Ruling on O'Connor and Halley's Anti-SLAPP Motion
The trial court denied O'Connor and Halley's anti-SLAPP motion based on its conclusion that Phonexa's claims against O'Connor and Halley do not arise from protected activity because the complaint "makes no mention of [O'Connor and Halley's] allegedly using the information copied from [Phonexa's] computer in connection with the preparation of a lawsuit." The trial court emphasized this was "particularly true" with respect to Halley because he was not a plaintiff in O'Connor's action against Phonexa.
The trial court further found, in the alternative, that even if O'Connor and Halley could meet their burden to show Phonexa's claims arise from protected activity, Phonexa's claims have minimal merit. The court concluded O'Connor and Halley's actions are not protected free speech or petitioning conduct because "'self-help' theft of data under the pretext of fear that such data may be lost isn't protected" and, in any case, the "grav[a]men of this action is essentially property theft." The court further found the claims that O'Connor and Halley argued were superseded by statute are not in fact superseded and there was no need to address the breach of contract claim because O'Connor and Halley's motion "asks the Court to strike the Complaint-it does NOT ask that any particular causes of action be stricken."
II. DISCUSSION
Under our Supreme Court's decision in Wilson v. Cable News Network, Inc. (2019) 7 Cal.5th 871 (Wilson), O'Connor and Halley's declarations suffice to make a prima facie showing that they copied data from O'Connor's company-issued computer in connection with litigation contemplated seriously and in good faith. Contrary to Phonexa's contention, the record does not establish O'Connor and Halley's conduct was criminal as a matter of law, and thus, there is no concern that they are ineligible for anti-SLAPP protection under the rule announced in Flatley v. Mauro (2006) 39 Cal.4th 299 (Flatley). That means O'Connor and Halley satisfy the first step of anti-SLAPP analysis, i.e., a prima facie showing that the claims asserted against them arise from activity protected by the anti-SLAPP statute. We accordingly proceed to the second step of the anti-SLAPP inquiry and conclude some-but not all-of Phonexa's claims satisfy the anti-SLAPP "minimal merit" (Baral v. Schnitt (2016) 1 Cal.5th 376, 385, 391) threshold. We will therefore vacate the trial court's order and remand with directions.
A. Legal Framework
The anti-SLAPP statute "authorizes a special motion to strike a claim 'arising from any act of [the moving party] in furtherance of [the party's] right of petition or free speech under the United States Constitution or the California Constitution in connection with a public issue.' (§ 425.16, subd. (b)(1).)" (Wilson, supra, 7 Cal.5th at 884.) The statute "'does not insulate defendants from any liability for claims arising from the protected rights of petition or speech. It only provides a procedure for weeding out, at an early stage, meritless claims arising from protected activity.'" (Monster Energy Co. v. Schechter (2019) 7 Cal.5th 781, 788 (Monster Energy).)
"'Resolution of an anti-SLAPP motion involves two steps. First, the defendant must establish that the challenged claim arises from activity protected by section 425.16. [Citation.] If the defendant makes the required showing, the burden shifts to the plaintiff to demonstrate the merit of the claim by establishing a probability of success. [Our Supreme Court has] described this second step as a "summary-judgment-like procedure." [Citation.] The court does not weigh evidence or resolve conflicting factual claims. Its inquiry is limited to whether the plaintiff has stated a legally sufficient claim and made a prima facie factual showing sufficient to sustain a favorable judgment. It accepts the plaintiff's evidence as true, and evaluates the defendant's showing only to determine if it defeats the plaintiff's claim as a matter of law. [Citation.] "[C]laims with the requisite minimal merit may proceed."' [Citation.]" (Monster Energy, supra, 7 Cal.5th at 788.)
Our review of the denial of an anti-SLAPP motion is de novo. (Monster Energy, supra, 7 Cal.5th at 788.)
B. First Prong: Phonexa's Claims Against O'Connor and Halley Arise from Anti-SLAPP Protected Activity
"The defendant's first-step burden is to identify the activity each challenged claim rests on and demonstrate that that activity is protected by the anti-SLAPP statute. A 'claim may be struck only if the speech or petitioning activity itself is the wrong complained of, and not just evidence of liability or a step leading to some different act for which liability is asserted.' [Citation.] To determine whether a claim arises from protected activity, courts must 'consider the elements of the challenged claim and what actions by the defendant supply those elements and consequently form the basis for liability.' [Citation.] Courts then must evaluate whether the defendant has shown any of these actions fall within one or more of the four categories of '"act[s]"' protected by the anti-SLAPP statute. [Citations.]" (Wilson, supra, 7 Cal.5th at 884.)
Courts "have adopted a fairly expansive view of what constitutes litigation-related activities within the scope of section 425.16" (Kashian v. Harriman (2002) 98 Cal.App.4th 892, 908), including "the prelitigation investigation of a potential claim." (Tichinin v. City of Morgan Hill (2009) 177 Cal.App.4th 1049, 1069 (Tichinin) ["we can think of few better ways to burden [the right of petition] than to make it difficult and perhaps legally risky for people to investigate and find evidence to support potential claims"].) Significantly for Halley, a defendant moving to strike under section 425.16 need not demonstrate their petitioning activity was "on [their] own behalf." (Briggs v. Eden Council for Hope &Opportunity (1999) 19 Cal.4th 1106, 11151116 [holding a defendant tenant counseling organization was engaged in protected petitioning activity under anti-SLAPP statute when, among other things, it provided advice to the landlord plaintiffs' tenant "in anticipation of litigation"] (Briggs); accord, MMM Holdings, Inc. v. Reich (2018) 21 Cal.App.5th 167, 179 ["Nothing in subdivision (e)(4) limits the protected activity to petitioning or speech on behalf of a particular client"] (MMM Holdings); White v. Lieberman (2002) 103 Cal.App.4th 210, 221 [holding that Briggs' "reasoning applies to an attorney acting on behalf of his clients"].)
Phonexa's suggestion that Halley did not contend his conduct was protected under section 425.16, subdivision (e) in the trial court is incorrect.
The trial court determined Phonexa's claims against O'Connor and Halley do not arise from petitioning activity because the complaint "makes no mention of [O'Connor and Halley] allegedly using the information copied from [Phonexa's] computer in connection with the preparation of a lawsuit" and instead accuses them of illegally accessing Phonexa's data "as part of a conspiracy with [Informa] and [Rosario] ...." Crucially, the trial court believed it must "accept[ ] [Phonexa's] allegations" at the first step of the anti-SLAPP analysis.
As our Supreme Court explained in Wilson, however, "[t]his is not how the anti-SLAPP statute works. In deciding an anti-SLAPP motion, a court must at the second step '"accept as true the evidence favorable to the plaintiff."' [Citation.] But [the Supreme Court has] never insisted that the complaint's allegations be given similar credence in the face of contrary evidence at the first step. Such conclusive deference would be difficult to reconcile with the statutory admonition that courts must look beyond the pleadings to consider any party evidentiary submissions as well. (§ 425.16, subd. (b)(2).)" (Wilson, supra, 7 Cal.5th at 887.) Courts do not defer to the complaint in assessing the legal character of a defendant's actions because "[w]hether it is unlawful for a person to perform a particular action or engage in a particular activity often depends on whether the person has a good reason for doing it-or, at least, has no bad reason for doing it." (Id. at 886 [rejecting the proposition that if a plaintiff alleges their former employer's actions were prompted by discriminatory or retaliatory motives, "the plaintiff's allegation of illicit motive will defeat any argument for anti-SLAPP protection"].)
Phonexa's contention that the "gravamen" of its complaint is O'Connor and Halley's theft of data rather than petitioning activity relies on a now disfavored mode of analysis. (Bonni v. St. Joseph Health System (2021) 11 Cal.5th 995, 1010.)
As we shall discuss when addressing the second (minimal merit) stage of anti-SLAPP analysis, it is unclear whether O'Connor and Halley will ultimately be able to make out a successful free speech and petition defense to Phonexa's claims. But for purposes of the prima facie showing that must be made at the first (protected activity) stage of analysis, the evidence submitted by O'Connor and Halley satisfied their burden to show they accessed and copied Phonexa's data in furtherance of protected petitioning rights and that this conduct supplies an element of each of the claims against them. (Wilson, supra, 7 Cal.5th at 887.) The trial court therefore erred in concluding Phonexa's allegations (or the absence thereof) barred O'Connor and Halley from making the requisite showing of protected activity. (Id. at 892 ["If conduct that supplies a necessary element of a claim is protected, the defendant's burden at the first step of the anti-SLAPP analysis has been carried, regardless of any alleged motivations that supply other elements of the claim"].)
Phonexa responds by citing established law that the protection afforded to pre-litigation investigation activity does not give prospective litigants carte blanche to engage in unlawful conduct. Our Supreme Court held in Flatley, supra, 39 Cal.4th 299, that "where a defendant brings a motion to strike under section 425.16 based on a claim that the plaintiff's action arises from activity . . . in furtherance of the defendant's exercise of protected speech or petition rights, but either the defendant concedes, or the evidence conclusively establishes, that the assertedly protected speech or petition activity was illegal as a matter of law, the defendant is precluded from using the anti-SLAPP statute to strike the plaintiff's action." (Id. at 320, italics added; accord, City of Montebello v. Vasquez (2016) 1 Cal.5th 409, 423-424.) Thus, in Flatley, our Supreme Court held that an attorney defendant could not invoke the anti-SLAPP statute in an action concerning a purported pre-litigation settlement demand that amounted to criminal extortion as a matter of law. (Flatley, supra, at 332.) Similarly, in Gerbosi v. Gaims, Weil, West &Epstein, LLP (2011) 193 Cal.App.4th 435, a defendant law firm could not invoke the anti-SLAPP statute because there was "no factual scenario" under which its "wiretapping in the course of representing a client" would be "protected by the constitutional guarantees of free speech and petition." (Id. at 446.)
Several courts have held, and we agree, that the Flatley rule is limited to conduct that is criminal as a matter of law. As the Court of Appeal reasoned in Mendoza v. ADP Screening &Selection Services, Inc. (2010) 182 Cal.App.4th 1644, "a reading of Flatley to push any statutory violation outside the reach of the anti-SLAPP statute would greatly weaken the constitutional interests which the statute is designed to protect.... [A] plaintiff's complaint always alleges a defendant engaged in illegal conduct in that it violated some common law standard of conduct or statutory prohibition, giving rise to liability, and we decline to give plaintiffs a tool for avoiding the application of the anti-SLAPP statute merely by showing any statutory violation." (Id. at 1654; accord, Towner v. County of Ventura (2021) 63 Cal.App.5th 761, 771; Klem v. Access Ins. Co. (2017) 17 Cal.App.5th 595, 610; Finton Construction, Inc. v. Bidna &Keys, APLC (2015) 238 Cal.App.4th 200, 210; Bergstein v. Stroock &Stroock &Lavan LLP (2015) 236 Cal.App.4th 793, 806-807.)
Here, O'Connor and Halley vigorously dispute Phonexa's allegations that their actions were criminal. As to Phonexa's contention that they received stolen property (Pen. Code, § 496), O'Connor and Halley correctly contend there is a factual dispute as to whether the data was stolen because there is no evidence they intended to permanently deprive Phonexa of this property. (MMM Holdings, supra, 21 Cal.App.5th at 185 [holding that the defendant attorney, who received documents taken from the plaintiff company by a former employee, was not liable for receiving stolen property because there was no "evidence that [the former employee] intended to do anything with the documents other than to use them in litigation"].)
O'Connor and Halley also dispute that they engaged in criminal hacking under federal or state law. (18 U.S.C. § 1030; Pen. Code, § 502.) As pertinent here, the CFAA criminalizes accessing a computer without authorization or in excess of authorization to obtain information (18 U.S.C. § 1030(a)(2)), to fraudulently obtain anything of value (18 U.S.C. § 1030(a)(4)), or, with varying mental states, to cause damage or loss (18 U.S.C. § 1030(a)(5)). The California analogue criminalizes knowingly accessing and without permission using a computer in specified ways (Pen. Code, § 502, subds. (c)(1)-(4)), "[k]nowingly and without permission" providing access in violation of the statute (Pen. Code, § 502, subd. (c)(6)), and "[k]nowingly and without permission" accessing any computer (Pen. Code, § 502, subd. (c)(7)).
For purposes of both the CFAA and the California statute, a person who is permitted to access a computer system in the course of their employment does not exceed authorization or permission solely by violating conditions on that authorization or permission. (Van Buren v. United States (2021) ___U.S. ___, ___[141 S.Ct. 1648, 1652-1653] [holding the CFAA's "'exceeds authorized access'" clause applies "only to those who obtain information to which their computer access does not extend, not to those who misuse access that they otherwise have"] (Van Buren); Chrisman v. City of Los Angeles (2007) 155 Cal.App.4th 29, 36 [construing Penal Code section 502, subdivision (h)'s provision that subdivision (c) "does not apply to punish any acts which are committed by a person within the scope of [their] lawful employment" to include conduct that "violate[s] an employer's rules"] (Chrisman).)
Here, there is a factual dispute as to whether O'Connor was authorized to access data on her Phonexa-issued computer after Davtyan fired her on the phone on the morning of July 22, 2020. Phonexa maintains Davtyan verbally revoked this access and Cordova confirmed the revocation in writing shortly thereafter; O'Connor denies Davtyan's account of their call, says she did not see Cordova's email until after she and Halley cloned the hard drive, and claims her employment did not terminate until the end of the day. On this record, the Flatley rule does not apply with respect to O'Connor. (Flatley, supra, 39 Cal.4th at 316 ["If . . . a factual dispute exists about the legitimacy of the defendant's conduct, it cannot be resolved within the first step but must be raised by the plaintiff in connection with the plaintiff's burden to show a probability of prevailing on the merits"].)
Unlike O'Connor, Halley was not arguably authorized or permitted to access or use Phonexa's computer as an employee. We are not persuaded, however, as a matter of law, that O'Connor was not entitled to extend her authorization to Halley, and there is no evidence that Halley did anything O'Connor did not ask him to do. Nothing in the text of either the California statute or the CFAA indicates that authorization to access or use a computer must come directly from the owner-at least to the extent that the party delegating authority does not delegate more than they personally possess. The CFAA makes no reference to the source of authorization, but the Ninth Circuit has emphasized that a scenario in which "former employees whose computer access was categorically revoked . . . surreptitiously access[ ] data owned by their former employer" using another employee's credentials "bears little resemblance to asking a spouse to log in to an email account to print a boarding pass." (United States v. Nosal (9th Cir. 2016) 844 F.3d 1024, 1038; see also Wachter, Inc. v. Cabling Innovations, LLC (M.D. Tenn. 2019) 387 F.Supp.3d 830, 839, fn.4 [declining to address the theory that "an entity that allegedly used the plaintiff's employee as its agent while the employee was still employed with the plaintiff . . . can be liable under the CFAA[ ] even if its agent personally avoids liability because he or she did not exceed his or her authorized access" because it was "not develop[ed]" by the plaintiff, but noting "the Court . . . searched and found no authority to support this particular argument"].)
It is true that Phonexa's computer usage policy prohibits "permitting someone to use another's computer account," but we construe this as a condition on O'Connor's authorized use-not a limitation on the data or information to which that authorization extended. (Van Buren, supra, ___U.S. at ___ .)
Indeed, the California statute specifies that permission must come from "the owner of the information" only with respect to the installation of a "computer contaminant," which is not alleged in this case. (Pen. Code, § 502, subd. (b)(12).)
A contrary reading of these statutes would make a criminal of every person who takes control of the mouse while helping their partner apply a formula to a spreadsheet on a work-issued computer. Courts have routinely and sensibly rejected interpretations that "would attach criminal penalties to a breathtaking amount of commonplace computer activity." (Van Buren, supra, ___U.S. at __ ; Chrisman, supra, 155 Cal.App.4th at 37 [rejecting the view "that an employer's disapproval" places conduct outside the scope of employment because "virtually any misstep, mistake, or misconduct by an employee involving an employer's computer would . . . be criminal"].)
Because Phonexa's claims against O'Connor and Halley arise from protected activity and O'Connor and Halley's conduct was not criminal as a matter of law, we proceed to the second prong of the anti-SLAPP analysis and consider whether Phonexa's claims have minimal merit.
C. Second Prong: Some, Not All, of Phonexa's Claims Have Minimal Merit
1. Computer Fraud and Abuse Act
As we have already discussed, the CFAA subjects to criminal liability any person who intentionally accesses a computer without authorization or exceeds authorized access and performs certain actions. (18 U.S.C. § 1030(a).) To prevail on a civil action under the CFAA, a plaintiff must prove the defendant's violation caused damages or losses of at least $5,000 over any one-year period. (18 U.S.C. §§ 1030(g), 1030(c)(4)(A)(i)(I), 1030(c)(2)(B)(iii).) Losses include, among other things, "the cost of responding to an offense[ and] conducting a damage assessment." (18 U.S.C. § 1030(e)(11).)
The factual dispute that we found to preclude application of the Flatley rule in the first stage of our analysis cuts in the opposite direction and establishes the minimal merit of Phonexa's CFAA claim at this second stage of anti-SLAPP analysis. Phonexa's evidence that O'Connor and Halley were not permitted to access data on the Phonexa-issued computer when they cloned the hard drive, in combination with Garlie's statement that Phonexa paid over $9,000 to respond to the allegedly unauthorized access, suffices to show a potential CFAA violation.
O'Connor and Halley contend, as an affirmative defense, that their conduct is protected under the First Amendment. They rely on case law analyzing the issue under the framework of the Noerr -Pennington doctrine, "a broad rule of statutory construction[ ] under which laws are construed so as to avoid burdening the constitutional right to petition." (Tichinin, supra, 177 Cal.App.4th at 1064, citing Sosa v. DIRECTV, Inc. (9th Cir. 2006) 437 F.3d 923, 929-931.) The doctrine "immunizes conduct encompassed by the petition clause-i.e., legitimate efforts to influence a branch of government-from virtually all forms of civil liability." (Tichinin, supra, at 1065.) This includes "conduct incidental to a petition or litigation," i.e. "conduct normally and reasonably necessary to an effective exercise of the right to petition and not necessarily conduct incidental to actual litigation." (Id. at 1066.)
Eastern Railroad Presidents Conference v. Noerr Motor Freight, Inc. (1961) 365 U.S. 127.
United Mine Workers of America v. Pennington (1965) 381 U.S. 657.
Here, though, disputed factual issues preclude a finding that O'Connor and Halley's conduct was protected as a matter of law. Most significant, it is not clear whether the scope of the material copied by O'Connor and Halley "went beyond what was reasonably necessary to permit [O'Connor's] attorneys to prepare and prosecute" her action against Phonexa. (Fox Searchlight Pictures, Inc. v. Paladino (2001) 89 Cal.App.4th 294, 315.) Phonexa submitted evidence that at least some of the copied files are unlikely to have any relationship to Phonexa's COVID-19 policies. Without additional evidence addressing, for example, the relative numbers of relevant and irrelevant files included on the cloned hard drive, we cannot conclude as a matter of law that O'Connor and Halley's conduct is protected.
O'Connor and Halley's various arguments that indiscriminate copying of data was reasonably necessary to prepare O'Connor's lawsuit lack merit. The fact that they only shared the documents with O'Connor's attorneys does not render the copying of Phonexa's client list, for instance, reasonably necessary to preparing a lawsuit on her behalf. Relatedly, O'Connor's claim that she could not possibly have identified the documents relevant to her claims is undermined by her selective forwarding of emails. The argument that cloning the hard drive was warranted by the risk that Phonexa would not fulfill its discovery obligations incorrectly assumes O'Connor would be left with no remedy in that scenario. And even if authorities condemning "self-help" discovery do not govern pre-litigation investigation (see, e.g., Pillsbury, Madison &Sutro v. Schectman (1997) 55 Cal.App.4th 1279, 1289), O'Connor and Halley's argument that "[c]opying a hard drive ensures that prospective plaintiffs satisfy their preservation obligations" (italics added) is misplaced with respect to data owned by and to be returned to the prospective defendant.
None of the cases O'Connor and Halley cite in relation to this point present the scenario we confront in this case. Instead, they deal with parties' failure to preserve data on their personal computers (Olney v. Job.com (E.D. Cal., Oct. 24, 2014, No. 1:12-cv-01724-LJO-SKO), 2014 WL 5430350), the affirmative deletion of data from employer-issued computers (Leon v. IDX Systems Corp. (9th Cir. 2006) 464 F.3d 951, 956; Postle v. SilkRoad Technology, Inc. (D. N.H., Feb. 19, 2019, No. 18-cv-224-JL) 2019 WL 692944; ActionLink, LLC v. Sorgenfrei (N.D. Oh., Jan. 27, 2010, No. 5:08CV2565), 2010 WL 395243, *5), and the failure to preserve evidence owned by third parties (Silvestri v. General Motors Corp. (4th Cir. 2001) 271 F.3d 583, 591; Cognate BioServices, Inc. v. Smith (D. Md., Aug. 31, 2005, No. WDQ-13-1797), 2015 WL 5158732, *3-*4).
Although the law is unsettled as to which party bears the burden of proof regarding affirmative defenses in the anti-SLAPP context, "we need not resolve the dispute here. What is important is that, regardless of the burden of proof, the court must determine whether [a] plaintiff can establish a prima facie case of prevailing, or whether [a] defendant has defeated [the] plaintiff's evidence as a matter of law." (Dickinson v. Cosby (2017) 17 Cal.App.5th 655, 683 (Dickinson).) Because there is evidence that O'Connor and Halley copied data beyond what was reasonably necessary to prepare O'Connor's lawsuit, their First Amendment defense does not defeat Phonexa's CFAA claim-or any of its other claims-as a matter of law.
2. Misappropriation of trade secrets
CUTSA, California's trade secrets law, "has been characterized as having a 'comprehensive structure and breadth ....' [Citation.]" (K.C. Multimedia, Inc. v. Bank of America Technology &Operations, Inc. (2009) 171 Cal.App.4th 939, 954 (K.C. Multimedia).) "That breadth suggests a legislative intent to preempt the common law. [Citations.] At least as to common law trade secret misappropriation claims, '[C]UTSA occupies the field in California.' [Citation.]" (Ibid.)
"Trade secret misappropriation occurs [under CUTSA] whenever a person: (1) acquires another's trade secret with knowledge or reason to know 'that the trade secret was acquired by improper means' ([Civ. Code, ]§ 3426.1, subd. (b)(1)); (2) discloses or uses, without consent, another's trade secret that the person '[u]sed improper means to acquire knowledge of' (id., subd. (b)(2)(A)); (3) discloses or uses, without consent, another's trade secret that the person, '[a]t the time of disclosure or use, knew or had reason to know that his or her knowledge of the trade secret was' (a) '[d]erived from or through a person who had utilized improper means to acquire it' (id., subd. (b)(2)(B)(i)), (b) '[a]cquired under circumstances giving rise to a duty to maintain its secrecy or limit its use' (id., subd. (b)(2)(B)(ii)), or (c) '[d]erived from or through a person who owed a duty to the person seeking relief to maintain its secrecy or limit its use' (id., subd. (b)(2)(B)(iii)); or (4) discloses or uses, without consent, another's trade secret when the person, '[b]efore a material change of his or her position, knew or had reason to know that it was a trade secret and that knowledge of it had been acquired by accident or mistake' (id., subd. (b)(2)(C))." (DVD Copy Control Assn., Inc. v. Bunner (2003) 31 Cal.4th 864, 874.)
Civil Code section 3426.7 describes CUTSA's impact on other claims. As pertinent here, CUTSA generally "does not affect (1) contractual remedies, whether or not based upon misappropriation of a trade secret, (2) other civil remedies that are not based upon misappropriation of a trade secret, or (3) criminal remedies, whether or not based upon misappropriation of a trade secret." (Civ. Code, § 3426.7, subd. (b).) Civil Code section 3426.7 "thus 'expressly allows contractual and criminal remedies, whether or not based on trade secret misappropriation.' [Citation.] 'At the same time, [it] implicitly preempts alternative civil remedies based on trade secret misappropriation.' [Citation.]" (K.C. Multimedia, supra, 171 Cal.App.4th at 954.) "As reflected in case law decided under [CUTSA], the determination of whether a claim is based on trade secret misappropriation is largely factual. [Citations.]" (Ibid.)
Phonexa does not dispute that its common law trade secrets claim is superseded by CUTSA. Instead, relying on the principle that a complaint is sufficient so long as it states a cause of action under any possible legal theory (Prakashpalan v. Engstrom, Lipscomb &Lack (2014) 223 Cal.App.4th 1105, 1120), Phonexa contends it demonstrated a probability of success under CUTSA. But Phonexa has failed to reckon with O'Connor and Halley's contention that federal law immunizes them from liability under CUTSA.
The Defense of Trade Secrets Act provides, in pertinent part, that "[a]n individual shall not be held criminally or civilly liable under any Federal or State trade secret law for the disclosure of a trade secret that- [¶] (A) is made- [¶] (i) in confidence . . . to an attorney; and [¶] (ii) solely for the purpose of reporting or investigating a suspected violation of law ...." (18 U.S.C. § 1833(b)(1)(A).) "[T]he plain language of [18 U.S.C. § 1833(b)(1)] explicitly provides immunity from liability under state trade secret laws." (Gatti v. Granger Medical Clinic, P.C. (D. Ut. 2021) 529 F.Supp.3d 1242, 1266; accord, FirstEnergy Corp. v. Pircio (N.D. Oh. 2021) 524 F.Supp.3d 732, 738 [dismissing claims under federal and state trade secrets statutes based on immunity conferred by 18 U.S.C. § 1833(b)].)
Here, Phonexa alleged O'Connor and Halley provided Phonexa data not only to O'Connor's attorney, but also to Rosario at Phonexa's competitor, Informa. Phonexa failed, however, to provide any substantiation for this claim in its opposition to O'Connor and Halley's special motion to strike. O'Connor and Halley, by contrast, stated they did not share any of Phonexa's trade secrets with Rosario or Informa. Excerpts of the communications between O'Connor and Rosario filed by O'Connor indicate that she communicated with Rosario-a human resources professional-solely to solicit advice regarding her anticipated termination and lawsuit. Nothing in the record indicates O'Connor or Halley shared trade secrets as defined in either the state or federal trade secrets statutes with anyone other than O'Connor's attorney. (Civ. Code, § 3426.1, subd. (d); 18 U.S.C. § 1839(3).) On this record, O'Connor and Halley have accordingly defeated Phonexa's CUTSA claim as a matter of law. (Dickinson, supra, 17 Cal.App.5th at 683.)
Phonexa emphasizes Rosario directed O'Connor to take "everything" and suggests this indicates a purpose beyond litigation. Phonexa relies, however, on a string of messages that is expressly addressed to O'Connor's employment claims. Rosario advised O'Connor not to send an email to Gasparyan "until [O'Connor was] certain [she had] sent [her]self copies of emails [she] . . . sent to [her] team re: working remotely," "[e]mails from the shitty lawyer with the voluntary in office forms and no mask bullshit from before," and, more generally, "[e]verything." Rosario subsequently referred O'Connor to an attorney, suggested she "definitely ha[d] a good case on multiple points," and commented on the attorney's advice.
Phonexa does not allege O'Connor violated CUTSA by providing its trade secrets to Halley.
3. Receipt of stolen property
Phonexa does not dispute that civil claims for receipt of stolen property are subject to supersession by CUTSA. (ATS Products, Inc. v. Champion Fiberglass, Inc. (N.D. Cal., Jan. 15, 2015, No. 13-cv-02403-SI), 2015 WL 224815, *2; New Show Studios LLC v. Needle (C.D. Cal., June 30, 2014, No. 2:14-cv-01250-CAS(MRWx)), 2014 WL 2988271, *9-*10.) Instead, Phonexa contends its claim for receipt of stolen property has a basis independent of misappropriation of trade secrets.
Phonexa makes no effort to distinguish the factual bases for its trade secrets and stolen property claims, however. Phonexa's fourth cause of action for misappropriation of trade secrets alleges "O'Connor and Halley . . . acquired substantial trade secrets by their unauthorized copying of Phonexa's data from O'Connor's work computer onto external hard drives and by the forwarding of emails to O'Connor's personal email and by the downloading of data from the Phonexa Skype account assigned to O'Connor for work by Phonexa." Phonexa's sixth cause of action for receipt of stolen property alleges O'Connor and Halley stole Phonexa's "trade secrets and other valuable and confidential data and methods." Because the complaint sweeps all of the allegedly stolen data into the category of trade secrets-and does not allege any other basis for its property interest in these data-there is no substance to the nominal distinction between "trade secrets" and "other valuable confidential data and methods" in the stolen property claim. (Civ. Code, § 3426.1, subd. (d) [defining "trade secret," in pertinent part, to "mean[ ] information, including a . . . method . . . that: [¶] (1) [d]erives independent economic value . . . from not being generally known to the public or to other persons who can obtain economic value from its disclosure or use; and [¶] (2) [i]s the subject of efforts that are reasonable under the circumstances to maintain its secrecy"]; see also Silvaco Data Systems v. Intel Corp. (2010) 184 Cal.App.4th 210, 239, fn. 22 ["emphatically reject[ing]" the proposition that CUTSA was not intended to supersede claims "'based on the taking of information that, though not a trade secret, was nonetheless of value to the claimant'"] (Silvaco), disapproved on other grounds in Kwikset Corp. v. Superior Court (2011) 51 Cal.4th 310.) Because these claims are based on "the same nucleus of facts," the stolen property claim is superseded by CUTSA. (K.C. Multimedia, supra, 171 Cal.App.4th at 962.)
4. Breach of fiduciary duty
Phonexa does not dispute that claims for breach of fiduciary duty are subject to supersession by CUTSA. (See, e.g., Anokiwave, Inc. v. Rebeiz (S.D. Cal., Sept. 17, 2018, No. 18-cv-629 JLS (MDD)), 2018 WL 4407591, *3-*4; Mattell, Inc. v. MGA Entertainment, Inc. (C.D. Cal., Mar. 28, 2011, No. CV 04-9049 DOC (RNBx)), 2011 WL 8427611, *3.) Phonexa contends, however, that its claim for breach of fiduciary duty is not based on the same facts as its trade secrets claim. Phonexa argues, for instance, that O'Connor breached her fiduciary duty by "fail[ing] to disclose that she was spending company time seeking to figure out how to unlawfully export (steal) Phonexa's data." This characterization of Phonexa's fiduciary duty claim is at odds with the complaint, which alleges "O'Connor breached all of these fiduciary duties to [Phonexa] when she . . . copied and stole Phonexa's data, refused to return that data to Phonexa, secreted her unlawful activity from Phonexa, and continue[d] to deliberately attempt to deceive Phonexa. The taking of Phonexa's data and property, in and of itself, constitutes a breach of O'Connor's fiduciary duties to [Phonexa]." Because this claim, as pled, is based on the taking of protected data, it too is superseded by CUTSA.
5. Conversion
Phonexa does not dispute that conversion claims are subject to supersession by CUTSA. (See, e.g., SunPower Corp. v. SolarCity Corp. (N.D. Cal., Dec. 11, 2012, No. 12-CV-00694-LHK), 2012 WL 6160472, *4-*9.) Its conclusory argument that "this claim is not premised upon the data stolen being a trade secret" is contradicted by the complaint, which alleges O'Connor and Halley "misappropriated [Phonexa's] trade secrets and converted [Phonexa's] property." Although the complaint further alleges, "[i]n the alternative, to the extent, if any, any of the misappropriated material is not trade secret, [Phonexa] is informed and believes . . . [O'Connor and Halley] are using [Phonexa's] valuable confidential and proprietary data, information and methods for their own benefit," Phonexa offers no argument that "any property interest [it] may have in its nontrade secret proprietary information is qualitatively . . . different from the grounds upon which its trade secrets are considered property." (Id. at *10.) The conversion claim is therefore superseded as well.
6. Penal Code section 502 (California's CFAA analogue)
As O'Connor and Halley concede in their reply brief, they "[do not] attack the elements" of Phonexa's claim under Penal Code section 502. They contend, however, that this claim is superseded by CUTSA. No published California case has addressed whether CUTSA supersedes a claim brought under this statute, and federal courts are divided on the issue. (Compare Henry Schein, Inc. v. Cook (N.D. Cal., Mar. 1, 2017, No. 16-cv-03166-JST), 2017 WL 783617, *5 ["Because [the plaintiff's] section 502 claim cannot survive after the trade secrets facts are removed, the Court agrees that the claim is preempted"], Western Air Charter, Inc. v. Schembari (C.D. Cal., Oct. 6, 2017, No. CV 17-00420-AB (KSx)), 2017 WL 10638759, *6 [same], and C&H Travel &Tours, Inc. v. Chow (C.D. Cal., Sept. 26, 2018, No. 2:18-cv-06690-RGK-MRW), 2018 WL 6427369, *2 [same], with Heieck v. Federal Signal Corp. (C.D. Cal., Nov. 4, 2019, No. SACV 1802118 AG (KESx)), 2019 WL 6873869, *4 [holding that because CUTSA is a "criminal statute," it falls within CUTSA's provision that it does not supersede "criminal remedies"].) We need not decide the issue, however, because Phonexa's claim does not depend on misappropriation of trade secrets.
Phonexa alleges violations of Penal Code section 502, subdivision (c)(1)(B), addressing unpermitted use to "wrongfully control or obtain money, property, or data"; (c)(2), addressing the unpermitted taking, use, or copying of data; (c)(3), addressing unpermitted use of computer services; (c)(4), addressing the unpermitted "add[ition], alter[ation], damage[ to], delet[ion], or destr[uction of] any data, computer software, or computer programs"; (c)(6), addressing the unpermitted "provi[sion] or assist[ance] providing a means of accessing a computer"; and (c)(7), addressing unpermitted access to a computer. None of these subdivisions requires that the relevant data or access involve trade secrets or other proprietary information. (TMX Funding, Inc. v. Impero Technologies, Inc. (N.D. Cal., June 17, 2010, No. C 10-00202 JF (PVT)), 2010 WL 2509979, *7; see also Pen. Code, § 502, subd. (a) ["The Legislature . . . finds and declares that protection of the integrity of all types and forms of lawfully created . . . computer data is vital to the protection of the privacy of individuals as well as to the well-being of financial institutions, business concerns, governmental agencies, and others . . ."], italics added.) Accordingly, regardless of whether CUTSA might supersede claims under Penal Code section 502 in other circumstances, it does not do so here. There is accordingly nothing undermining Phonexa's showing that its Penal Code section 502 claim has minimal merit.
7. Unfair Competition Law
To prevail on an unfair competition law claim, a plaintiff must prove the defendant engaged in an "unlawful, unfair or fraudulent business act or practice." (Bus. &Prof. Code, § 17200.) As predicates for this claim, Phonexa alleges violation of CUTSA, the CFAA, and CFAA's California analogue. Although an unfair competition law claim may be superseded by CUTSA if it "sound[s] in misappropriation of trade secrets and state[s] no basis for relief outside of CUTSA" (Silvaco, supra, 184 Cal.App.4th at 241), the computer-related claims do not depend on misappropriation of trade secrets. Because Phonexa's claims under the CFAA and its California analogue have minimal merit, its claim under the unfair competition law does as well.
8. Breach of contract
Phonexa's complaint alleges O'Connor breached two similarly-named contracts: a "Nondisclosure and Confidentiality Agreement" and an "Employee Confidentiality, Nondisclosure and Nonrecruiting Agreement." With respect to the first of these agreements, the complaint alleges O'Connor breached a provision under which she was bound "not to copy[ or] reproduce . . . any . . . Confidential Information without the prior written consent of Phonexa" and "not to remove, copy, or transfer Confidential Information from Phonexa computers and/or servers without prior express permission from Phonexa." With respect to the second agreement, the complaint alleges O'Connor breached provisions under which she was bound not to "use, publish or disclose [Phonexa's] Trade Secrets or Confidential Information." The complaint also alleges O'Connor breached the second agreement's provisions requiring that she, among other things, deliver to Phonexa "all records, files, electronic data, documents, . . . and the like in [her] possession . . . that pertain in any way to the business of [Phonexa] and that [she] prepared, used, or came in contact with while employed by [Phonexa]."
O'Connor does not dispute the existence of these agreements, Phonexa's performance, her alleged breach, or damages. (Oasis West Realty, LLC v. Goldman (2011) 51 Cal.4th 811, 821 [listing elements of claim for breach of contract].) Rather, she contends these provisions amount to unenforceable agreements not to compete because the agreements define "confidential information" to include information other than trade secrets. (Bus. &Prof. Code, § 16600 [subject to specific exceptions, "every contract by which anyone is restrained from engaging in a lawful profession, trade, or business of any kind is to that extent void"].) O'Connor cites several cases involving employment agreements with sweeping confidentiality provisions that effectively prevented employees from continuing to work in their chosen fields. (See, e.g., Brown v. TSG Management Co., LLC (2020) 57 Cal.App.5th 303, 316317, 319 [contract term requiring employee to "keep all Confidential Information in strictest confidence and trust," where "confidential information" was defined to include information usable in "all aspects of working in the securities industry at large," void because it would "plainly bar [the employee] in perpetuity from doing any work in the securities field"] (Brown); Dowell v. Biosense Webster, Inc. (2009) 179 Cal.App.4th 564, 577578 [agreement prohibiting salespeople from using confidential information, defined to include "the names of customers, customer preferences, needs, requirements, purchasing histories or other customer-specific information," was "so broadly worded as to restrain competition"] (Dowell).)
One caveat: O'Connor contends her alleged breach of an agreement to notify Phonexa of data she retained at termination did not result in damages. This issue ultimately does not impact our analysis.
Assuming without deciding the contract provisions similar to those discussed in Brown and Dowell (e.g., prohibitions against use and disclosure of broadly-defined confidential information) are void, these are not the sole basis of Phonexa's claim for breach of contract. O'Connor's alleged breach of her agreement to return company data in her possession upon termination is not comparable to terms broadly restricting the use of information essential to all work within a particular field. Whatever the merits of O'Connor's affirmative defense as to specific theories supporting Phonexa's contract claim, Phonexa's claim has minimal merit under at least one such theory.
DISPOSITION
The order denying O'Connor and Halley's special motion to strike is vacated and the matter is remanded with directions to grant the motion as to Phonexa's claims for misappropriation of trade secrets, receipt of stolen property, breach of fiduciary duty, and conversion, and to deny the motion in all other respects. O'Connor and Halley are awarded costs on appeal.
We concur: RUBIN, P. J., MOOR, J.