Most states offer statutory remedies for offenses relating to unauthorized access or computer-related information or trade secrets.  New Jersey is one such state, and a recent case illustrates specific pitfalls with pleading claims under these acts.  Read on to learn CPW’s take.

In Display Uk v. Ground Support Labs, 2021 N.J. Super. Unpub. LEXIS 323, at *15 (N.J. Sup. Ct. Feb. 26, 2021), the plaintiffs were two digital signage and consumer engagement companies.  The defendants consisted of several of their former employees that left and started their own companies doing similar work, as well as the new companies themselves.  The individual defendants included former presidents and vice presidents of sales or other positions that supposedly would have enabled them to access the plaintiffs’ confidential information, such as trade secrets.

Although there were no non-compete agreements or similar employment restraints, the plaintiffs filed suit, alleging that the defendants attempted to convert their contracts by alleging misappropriated funds, in the amount of a $2.6 million contract for a client.  The alleged misappropriation was enabled through alleged emails preceding the defendants’ departure that were sent from their work email accounts to their personal email accounts and the deletion of data that belonged to the plaintiffs.  The plaintiffs’ alleged causes of action included trade libel, fraud, computer related offenses, and trade secrets or misappropriation of confidential information.

The bulk of the court’s analysis, and where our attention was most focused, addressed the plaintiffs’ claims arising under both the New Jersey Computer Related Offenses Act and the New Jersey Trade Secrets Act.

To begin with, the New Jersey Computer Related Offenses Act, colloquially known as New Jersey’s “anti-hacking statute,” protects against the “taking” of any “data” and creates a private right of action.  A claim requires allegations that:  (1) an actor took or damaged computer data without authorization, and (2) a plaintiff was “damaged in business or property” as a result of the prohibited conduct.

Additionally, the New Jersey Trade Secrets Act is a statutory framework prohibiting the misappropriation of trade secrets.  The statute defines a trade secret as information that both: “(1) Derives independent economic value . . . from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use,” and “(2) Is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.”  A claim must satisfy two elements: (1) an actor must take or damage computer data without authorization, and (2) a plaintiff must have been “damaged in business or property” because of the prohibited conduct.

The court granted the defendants’ motion to dismiss in its entirety.  In a nutshell, the plaintiffs’ claims under both acts failed because the plaintiffs did not include any information “that the Defendants actually used any of the data which was allegedly taken,” or “how the Plaintiffs were damaged as a result.”  Instead, the plaintiffs “only generally alleged” that the defendant “used confidential information and trade secrets to misappropriate a $2.6 million project from Plaintiffs.”  These anemic allegations were not sufficient.

First, the plaintiffs’ claims under the New Jersey Computer Related Offenses Act failed because the plaintiffs did not allege there was an “unauthorized access.”  The plaintiffs alleged only that the defendants individually and in conspiracy with each other, “engaged in a pattern of destroying and taking . . . data without authorization.”  Absent from this allegations was any sense that the defendants accessed systems or data that they were not authorized to access, any allegations of non-disclosure or data access restriction agreements, or that there were any communications between the parties indicating the defendants were unauthorized to access certain information.

Second, the plaintiffs’ claim under the New Jersey Trade Secrets Act failed for two reasons: (1) the plaintiffs did not allege damages; and (2) the plaintiffs did not allege a trade secret.  The court noted that the plaintiffs did not allege “any actual instances of Defendants using any trade secrets to Plaintiffs’ detriment.”  Second, neither element of the “trade secret” definition was satisfied.  The court noted that the plaintiffs failed to allege “that they took any steps at all to prevent disclosure by Defendants, or even demand that Defendants not disclose the information,” such as by signing non-disclosure agreements.  The absence of these allegations precluded the plaintiffs from arguing the “secrecy” required for a trade secret.

Finally, the court struck down the plaintiffs’ claims for fraud, trade libel, and breaches of trust and fiduciary duties because they did not meet heightened pleading standards.  Like their counterpart in the Federal Rules of Civil Procedure, the New Jersey Court Rules require claims alleging fraud to meet heightened pleading standards.  See N.J.R. 4:5-8(a)(“In all allegations of misrepresentation [and] fraud . . . particulars of the wrong, with dates and items if necessary, shall be stated insofar as practicable.”).  The court found the plaintiffs’ pleading deficient because they did not allege what the allegedly fraudulent statements “actually were, when they were said, or whom they were said to.”  Instead, the allegations only “parrot[ed] the language of the cause of action.”

Display is a good example of some of the most common pitfalls when pleading claims arising under statutes that target general computer crimes or trade secrets.  Although Display addressed New Jersey state law, its lessons are likely universal.