BY FRANK SILVESTRI
With a recent court ruling, Connecticut companies with employees based in other states — or even outside the country — have a new means of protecting confidential information stored on their servers.
If a company’s servers are physically in Connecticut, an employee of that company can be sued in Connecticut court for misuse of confidential information even if they accessed the information from a computer outside Connecticut.
A recent appeals court decision involved a Connecticut company claiming that a Canadian employee electronically misappropriated confidential information after learning she was about to be fired.
The case, MacDermid Inc. v. Deiter, decided by the United States Court of Appeals for the Second Circuit Dec. 26, 2012, concerned an employee using a computer in Canada to access her company email account and forward confidential data files housed on the company’s Connecticut servers to her personal email account in Canada.
The employer sued the employee in Connecticut. The trial court threw the case out, stating that the employee couldn’t be sued here because she didn’t do anything here — she just sent an email “from one computer in Canada to another computer in Canada.”
The employer appealed and won. The appeals court relied on a Connecticut law — a so-called “long-arm statute” — saying that any person who “uses a computer … located within the state” can be sued in Connecticut for wrongful acts that they commit through such use.
Because the General Assembly, in writing the law, had defined “computer” to include servers, and since the employee’s Canadian emailing activities included accessing the employer’s Connecticut servers, the employee used a computer in Connecticut without setting foot within our borders.
Moreover, the appeals court held it was fair to permit the employee to be sued in Connecticut under that law because the employer had informed employees that its servers are located here.
In sum, since the employee knew that she was copying files from a Connecticut server, she can’t escape “the long arm of the law.” She must either hire a Connecticut lawyer or represent herself in a foreign country. As for the employer, it can use its regular lawyers to bring suit here, in a court that’s convenient for it and inconvenient for the employee, and doesn’t have to go to the trouble and expense of hiring a lawyer in Canada.
There’s a lesson here for Connecticut employers. If its servers are in Connecticut, a company should make that fact known to all employees.
This information can easily be included in any policies the company may have governing employee use of company computers and the confidentiality of company information, including in an employee handbook. To make sure employees can be charged with actual knowledge of the servers’ location, it would be preferable if they acknowledged receipt of the information in writing (as is commonly done with employee handbooks). Then, if the company learns that an out-of-state employee has electronically pilfered confidential company information, it should be able to bring suit here, shifting the inconvenience and expense of litigating in another state or country from the company to the faithless employee.
As for employees with employment contracts, a clause obviously can be included selecting Connecticut as the forum for any litigation. But an effective notification that the company’s servers are in Connecticut covers all employees, including those with no contracts. And since changing an employment contract in mid-term can create issues as to whether or not the change is unenforceable due to lack of consideration, difficulties even for contract employees can be avoided as well.
Frank Silvestri heads the litigation department at Levett Rockwood P.C., a business law firm in Westport. More information about him and the firm is available at levettrockwood.com. This article is for informational purposes only and does not constitute legal advice.