Florida Computer Abuse and Data Recovery Act
Fla. Stat. § 668.801 - § 668.805
Florida Statutes
Title XXXIX - Commercial Relations
Chapter 668 - Electronic Commerce
Part V - Computer Abuse and Data Recovery Act (Ss. 668.801-668.805)
668.801 Purpose.
668.802 Definitions.
668.803 Prohibited acts.
668.804 Remedies.
668.805 Exclusions.
668.801 Purpose.—This part shall be construed liberally to:
(1) Safeguard an owner, operator, or lessee of a protected computer used in the operation of a business from harm or loss caused by unauthorized access to such computer.
(2) Safeguard an owner of information stored in a protected computer used in the operation of a business from harm or loss caused by unauthorized access to such computer.
History.—s. 2, ch. 2015-14.
668.802 Definitions.—As used in this part, the term:
(1) “Authorized user” means a director, officer, employee, third-party agent, contractor, or consultant of the owner, operator, or lessee of the protected computer or the owner of information stored in the protected computer if the director, officer, employee, third-party agent, contractor, or consultant is given express permission by the owner, operator, or lessee of the protected computer or by the owner of information stored in the protected computer to access the protected computer through a technological access barrier. Such permission, however, is terminated upon revocation by the owner, operator, or lessee of the protected computer or by the owner of information stored in the protected computer, or upon cessation of employment, affiliation, or agency with the owner, operator, or lessee of the protected computer or the owner of information stored in the protected computer.
(2) “Business” means any trade or business regardless of its for-profit or not-for-profit status.
(3) “Computer” means an electronic, magnetic, optical, electrochemical, or other high-speed data processing device that performs logical, arithmetic, or storage functions and includes any data storage facility, data storage device, or communications facility directly related to, or operating in conjunction with, the device.
(4) “Harm” means any impairment to the integrity, access, or availability of data, programs, systems, or information.
(5) “Loss” means any of the following:
(a) Any reasonable cost incurred by the owner, operator, or lessee of a protected computer or the owner of stored information, including the reasonable cost of conducting a damage assessment for harm associated with the violation and the reasonable cost for remediation efforts, such as restoring the data, programs, systems, or information to the condition it was in before the violation.
(b) Economic damages.
(c) Lost profits.
(d) Consequential damages, including the interruption of service.
(e) Profits earned by a violator as a result of the violation.
(6) “Protected computer” means a computer that is used in connection with the operation of a business and stores information, programs, or code in connection with the operation of the business in which the stored information, programs, or code can be accessed only by employing a technological access barrier.
(7) “Technological access barrier” means a password, security code, token, key fob, access device, or similar measure.
(8) “Traffic” means to sell, purchase, or deliver.
(9) “Without authorization” means access to a protected computer by a person who:
(a) Is not an authorized user;
(b) Has stolen a technological access barrier of an authorized user; or
(c) Circumvents a technological access barrier on a protected computer without the express or implied permission of the owner, operator, or lessee of the computer or the express or implied permission of the owner of information stored in the protected computer. The term does not include circumventing a technological measure that does not effectively control access to the protected computer or the information stored in the protected computer.
History.—s. 3, ch. 2015-14.
668.803 Prohibited acts.—A person who knowingly and with intent to cause harm or loss:
(1) Obtains information from a protected computer without authorization and, as a result, causes harm or loss;
(2) Causes the transmission of a program, code, or command to a protected computer without authorization and, as a result of the transmission, causes harm or loss; or
(3) Traffics in any technological access barrier through which access to a protected computer may be obtained without authorization,
is liable to the extent provided in s. 668.804 in a civil action to the owner, operator, or lessee of the protected computer, or the owner of information stored in the protected computer who uses the information in connection with the operation of a business.
History.—s. 4, ch. 2015-14.
668.804 Remedies.—
(1) A person who brings a civil action for a violation under s. 668.803 may:
(a) Recover actual damages, including the person’s lost profits and economic damages.
(b) Recover the violator’s profits that are not included in the computation of actual damages under paragraph (a).
(c) Obtain injunctive or other equitable relief from the court to prevent a future violation of s. 668.803.
(d) Recover the misappropriated information, program, or code, and all copies thereof, that are subject to the violation.
(2) A court shall award reasonable attorney fees to the prevailing party in any action arising under this part.
(3) The remedies available for a violation of s. 668.803 are in addition to remedies otherwise available for the same conduct under federal or state law.
(4) A final judgment or decree in favor of the state in any criminal proceeding under chapter 815 shall estop the defendant in any subsequent action brought pursuant to s. 668.803 as to all matters as to which the judgment or decree would be an estoppel as if the plaintiff had been a party in the previous criminal action.
(5) A civil action filed under s. 668.803 must be commenced within 3 years after the violation occurred or within 3 years after the violation was discovered or should have been discovered with due diligence.
History.—s. 5, ch. 2015-14.
668.805 Exclusions.—This part does not prohibit any lawfully authorized investigative, protective, or intelligence activity of any law enforcement agency, regulatory agency, or political subdivision of this state, any other state, the United States, or any foreign country. This part may not be construed to impose liability on any provider of an interactive computer service as defined in 47 U.S.C. s. 230(f), of an information service as defined in 47 U.S.C. s. 153, or of a communications service as defined in s. 202.11, if the provider provides the transmission, storage, or caching of electronic communications or messages of a person other than the provider, related telecommunications or commercial mobile radio services, or content provided by a person other than the provider.
History.—s. 6, ch. 2015-14.
For more information, see here: http://www.leg.state.fl.us/Statutes/index.cfm?App_mode=Display_Statute&URL=0600-0699/0668/0668.html
These materials were obtained directly from the State Legislative websites and are posted here for your review and reference only. No Claim to Original State Government Works. This may not be the most recent version. The State may have more current information. We make no guarantees or warranties about the accuracy or completeness of this information, or the information linked to. Please check the linked sources directly.