Opinion
4:24 CV 1170 CDP
12-10-2024
MEMORANDUM AND ORDER
CATHERINE D. PERRY, UNITED STATES DISTRICT JUDGE
Plaintiff AssuredPartners of Missouri, LLC is an insurance brokerage firm which offers insurance products and services. Defendants Craig Bauer and Robert Bauer were sales executives for AssuredPartners. In connection with their employment, they signed restrictive covenants prohibiting them from using or disclosing AssuredPartners' confidential information other than as intended within the scope of their employment. Those agreements also prohibited Craig and Robert Bauer from directly or indirectly soliciting certain clients of AssuredPartners for 24 months following the termination of their employment.
On December 4, 2023, Craig and Robert Bauer resigned their employment with AssuredPartners and began working for AssuredPartners' competitor, defendant OneDigital Premier Services, LLC. AssuredPartners alleges that Craig and Robert Bauer and OneDigital then began using its confidential and proprietary information to directly and indirectly solicit its clients in violation of the Bauers' restrictive covenants.
In the instant action, AssuredPartners asserts the following claims: breach of contract against Craig and Robert Bauer (Count I); tortious interference with business expectancy against Craig and Robert Bauer (Count II) and OneDigital (Count VII); violation of the Defend Trade Secrets Act against all defendants (Count III); violation of the Missouri Trade Secrets Act against all defendants (Count IV); violation of the Computer Fraud and Abuse Act (CFAA) against Craig Bauer (Count V); and, tortious interference with contract against OneDigital (Count VI).
Craig Bauer moves to dismiss the CFAA claim (Count V) and OneDigital moves to dismiss the business expectancy claim (Count VII) under Fed.R.Civ.P. 12(b)(6). ECF 14, 15. Craig Bauer contends that AssuredPartners fails to state a claim against him under the CFAA as that statute has been interpreted by the United States Supreme Court in Van Buren v. United States, 593 U.S. 374 (2021). OneDigital argues that AssuredPartners has failed to allege two of the necessary elements to state a claim for tortious interference with business expectancy under Missouri law. Because AssuredPartners has not pleaded a CFAA offense, the motion is granted as to Craig Bauer. However, AssuredPartners has adequately alleged the necessary elements to state a tortious interference claim against OneDigital, so its motion to dismiss is denied.
Motion to Dismiss Standard
The purpose of a motion to dismiss under Rule 12(b)(6) is to test the legal sufficiency of the complaint. When considering a 12(b)(6) motion, the court assumes the factual allegations of a complaint are true and construes them in favor of the plaintiff. Neitzke v. Williams, 490 U.S. 319, 326-27 (1989). Rule 8(a)(2), Fed. R. Civ. P., provides that a complaint must contain “a short and plain statement of the claim showing that the pleader is entitled to relief.” In Bell Atlantic Corp. v. Twombly, the Supreme Court clarified that Rule 8(a)(2) requires complaints to contain “more than labels and conclusions, and a formulaic recitation of the elements of a cause of action.” 550 U.S. 544, 555 (2007); accord Ashcroft v. Iqbal, 556 U.S. 662, 678-79 (2009). Specifically, to survive a motion to dismiss, a complaint must contain enough factual allegations, accepted as true, to state a claim for relief “that is plausible on its face.” Twombly, 550 U.S. at 570. The issue in considering such a motion is not whether the plaintiff will ultimately prevail, but whether the plaintiff is entitled to present evidence in support of the claim. See Neitzke, 490 U.S. at 327.
Discussion
Count V: CFAA Claim Against Craig Bauer
In Count V, AssuredPartners alleges that Craig Bauer violated the CFAA by forwarding his work emails containing AssuredPartners' confidential information to his personal email address. ECF 1 at 9. Craig Bauer then allegedly deleted the forwarded emails from his work email account to cover up his improper use of confidential information. Id. Craig Bauer allegedly sent these emails to his personal account so he could then use the information to solicit AssuredPartners' clients on behalf of OneDigital in violation of his restrictive covenant. Id. at 21.
Craig Bauer argues that AssuredPartners fails to state a CFAA violation because he had authority to access the confidential information contained in his work emails. AssuredPartners responds in conclusory fashion that Craig Bauer did not have authority to forward and delete the emails, and that he exceeded his authorization in doing so. The Court agrees that AssuredPartners has alleged only that Craig Bauer improperly used information that was otherwise available to him as part of his employment, which does not violate the CFAA.
The CFAA authorizes a civil cause of action against anyone who “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer, causing damage or loss.” 18 U.S.C. § 1030(a)(2)(c), (c)(4)(A)(i)(1), (g) (cleaned up). The CFAA defines “exceeds authorized access” as “accessing a computer with authorization and using such access to obtain or alter information in the computer that the accessor is not entitled so to obtain or alter.” 18 U.S.C. § 1030(e)(6) (cleaned up). In Van Buren, the Supreme Court clarified that “without authorization” protects computers themselves from “outside hackers,” while “exceeds authorized access” provides complementary protection for certain information within computers by targeting “so-called inside hackers.” 593 U.S. at 389-90.
Craig Bauer was employed by AssuredPartners with access to the company's computer system and his work email account when he allegedly forwarded the confidential information to his personal account. Thus, he is alleged to be a “so-called inside hacker,” such that the exceeding authorization analysis applies. Under the CFAA, “an individual ‘exceeds authorized access' when he accesses a computer with authorization but then obtains information located in particular areas of the computer-such as files, folders, or databases-that are off limits to him.” Van Buren, 593 U.S. at 396. The statute “does not cover those who have improper motives for obtaining information that is otherwise available to them.” Id. at 378 (cleaned up).
AssuredPartners does not allege that Craig Bauer accessed areas of a computer that were off-limits to him. Instead, it alleges the opposite: Craig Bauer accessed his work email account (which he undoubtedly had authorization to do) and then forwarded confidential information contained in his work emails (which he also undoubtedly had authorization to view) to his personal email address so he could use that information to steal AssuredPartners' clients. This is precisely the situation that Van Buren stated was not covered by the CFAA: “[the statute] does not cover those who . . . have improper motives for obtaining information that is otherwise available to them.” 593 U.S. at 378. That is because the CFAA is “ill-fitted to remediating misuse of sensitive information that employees may permissibly access using their computers.” Id. at 392 (cleaned up).
In opposition to dismissal, AssuredPartners does not discuss Van Buren or make any attempt to distinguish its holding. Instead it cites one appellate case which predates Van Buren and one more recent district court case in a perfunctory attempt to avoid dismissal. The Court declines to following the reasoning of this non-binding authority in light of Van Buren, which plainly precludes AssuredPartners' CFAA claim against Craig Bauer. Therefore, Count V is dismissed. See Foley Industries, Inc. v. Nelson, 2021 WL 5614775, at *4 (W.D. Mo. Nov. 30, 2021) (company failed to state CFAA claim against former employee who forwarded emails and documents containing confidential information from her work account to her personal account and then deleted the record of forwarding the emails); Pinebrook Holdings, LLC v. Narup, Case No. 4:19CV1562 MTS, 2022 WL 1773057, at *12 (E.D. Mo. June 1, 2022) (no CFAA claim where former employees misappropriated company information to which they were privy as employees of company); Leitner v. Morsovillo, 2022 WL 7074322, at *5 (W.D. Mo. Oct. 12, 2022) (no CFAA claim where defendants misused information from computer platforms they were authorized to access).
IberiaBank v. Broussard, 907 F.3d 826, 839 (5th Cir. 2018).
Centennial Bank v. Holmes, 717 F.Supp.3d 542, 566 (N.D. Tex. 2024).
Count VII: Tortious Interference with Business Expectancy Against OneDigital
OneDigital argues that AssuredPartners has failed to plead the necessary elements to maintain its claim of tortious interference with business expectancy (Count VII) against it. To succeed on a claim for tortious interference with a contract or business expectancy under Missouri law, a plaintiff must show: “(1) a contract or a valid business expectancy; (2) defendant's knowledge of the contract or relationship; (3) intentional interference by the defendant inducing or causing a breach of the contract or relationship; (4) absence of justification; and (5) damages resulting from defendant's conduct.” Community Title Co. v. Roosevelt Fed. Sav. & Loan Ass'n, 796 S.W.2d 369, 372 (Mo. 1990).
In its motion to dismiss, OneDigital argues that AssuredPartners cannot establish the second and fourth elements (knowledge of the expectancy and absence of justification). OneDigital also claims a legitimate economic interest in competing with AssuredPartners and argues that it therefore had a valid justification for interfering with AssuredPartners' business expectancy. Finally, OneDigital claims that AssuredPartners failed to plead that OneDigital used any “improper means” to interfere with its business expectancy.
Because AssuredPartners' complaint adequately alleges that OneDigital knew about AssuredPartners' business expectancy, used improper means to interfere with that expectancy, and lacked justification to do so, the motion to dismiss Count VII is denied. Assured Partners alleges the following with respect to its tortious interference claims:
• “The Individual Defendants and OneDigital have used and are using AssuredPartners' Confidential Information, including its trade secret information, to contact, solicit, service, and/or steal AssuredPartners' clients on behalf of OneDigital in violation of the Agreements.” ECF 1 ¶ 39.
• “AssuredPartners and its clients entered into binding and enforceable agreements in the form of insurance contracts and contracts for financial services, and AssuredPartners had reasonable expectations of continuing those relationships with policy renewals and ongoing financial services.” ECF 1 ¶ 93.
• “Defendant OneDigital was aware of those existing contracts and AssuredPartners' expectancy of future policy renewals and ongoing financial services.” ECF 1 ¶ 94.
• “Defendant OneDigital intentionally and unjustifiably interfered with AssuredPartners' agreements and relationships with its clients in a way to prevent AssuredPartners' legitimate expectancy from ripening.” ECF 1 ¶ 95.
• “Specifically, OneDigital intentionally and willfully facilitated, encouraged, assisted, and rewarded the Individual Defendants' solicitation of Restricted Clients and the use of AssuredPartners' Confidential Information.” ECF 1 ¶ 96.
These allegations are sufficient to state a claim for tortious interference with business expectancy against OneDigital. Whether AssuredPartners will ultimately be able to prove its claim against OneDigital is not before me at this time, but AssuredPartners should be allowed to conduct discovery on its claim and OneDigital's defenses.
Accordingly, IT IS HEREBY ORDERED that defendants' motion to dismiss [14] is granted as to Count V and denied as to Count VII of the complaint.