Connecticut-based employers received a belated holiday gift on December 26, 2012, when the U.S. Court of Appeals for the Second Circuit interpreted a rarely cited provision of the Connecticut long-arm statute governing personal jurisdiction over individuals.

Although more well-known provisions of Connecticut General Statutes § 52-59b(a) permit personal jurisdiction in causes of action arising from transacting business or owning property in the state or from committing tortious acts in the state or that cause injury here, the less familiar § 52-59b(a)(5) permits the exercise of jurisdiction over any person who uses a computer or computer network located within the state, provided the alleged cause of action arises from such computer use.

Thanks to the Second Circuit’s decision in MacDermid Inc. v. Deiter, No. 11-5388-cv, 2012 WL 6684580, this computer-use provision has now been held to reach the employee of a Connecticut parent company’s subsidiary, living and working in Canada who, without setting foot in Connecticut, is alleged to have knowingly accessed and misappropriated proprietary data from the parent’s Connecticut servers. MacDermid has positive implications for Connecticut-based companies with operations in other states and abroad.

A Familiar Story

MacDermid’s scenario is familiar within industries in which competitive success hangs on a company’s ability to protect its proprietary information and trade secrets. The complaint alleges that Jackie Deiter’s job, as an account manager for MacDermid’s wholly owned Canadian subsidiary, depended on her access to confidential and proprietary information safeguarded by MacDermid at its Waterbury, Conn., headquarters.

MacDermid alleges that after Deiter had learned that she would be terminated for poor performance, she accessed MacDermid’s computer network systems and emailed from her work laptop to her home computer, MacDermid pricing lists, lab reports, confidential customer and financial information, and chemical raw materials specifications. MacDermid sued Deiter in Connecticut federal court, claiming violations of the computer crimes statute (C.G.S. § 53a-251, which is civilly actionable under § 52-570b) and the Connecticut Uniform Trade Secrets Act (C.G.S. §§ 35-51, et seq.), seeking damages and injunctive relief.

Virtual Presence

Deiter moved to dismiss MacDermid’s complaint for, among other things, lack of personal jurisdiction. In opposition, MacDermid argued that Deiter accessed its protected information just the same as if she had walked into the company’s Waterbury headquarters, rifled through its filing cabinets and walked out with its information.

MacDermid’s uncontradicted affidavit testimony asserted that, as a condition of employment with its subsidiary, Deiter was made aware that the companies’ email system and MacDermid’s confidential and proprietary information were centralized and maintained on computer servers in Waterbury. Deiter agreed in writing to safeguard and to properly use MacDermid’s confidential information.

MacDermid alleged that when Deiter emailed MacDermid’s proprietary data to her personal e-mail account for use on her personal home computer, she did so by knowingly accessing MacDermid’s Waterbury servers and using the Waterbury-based email system.

District Court Dismissal

MacDermid argued that this set of facts satisfied several grounds for long-arm jurisdiction, but especially the one provided by General Statutes § 52-59b(a)(5) (use of a computer or computer network located within the state). The District Court concluded that the computer-use provision did not reach Deiter’s alleged conduct. MacDermid Inc. v. Deiter, No. 3:11-CV-00855-WWE, 2011 WL 6001625 (D. Conn. Nov. 30, 2011). In particular, it found that the unauthorized email transfer occurred strictly between two computers located in Canada.

Satisfying Statute

In an opinion authored by Judge Barrington D. Parker, writing for a panel that included Judges Jon O. Newman and Reena Raggi, the Second Circuit Court of Appeals reversed the District Court. The Court of Appeals found that MacDermid’s unchallenged prima facie facts satisfied the computer-use provision, § 52-59b(a)(5). It was not material that Deiter was outside Connecticut when she accessed the Waterbury computer servers. The court held that the statute reaches persons outside the state who remotely and knowingly access computers within the state.

The Court of Appeals also considered the constitutional “minimum contacts” analysis. It found that exercising jurisdiction over Deiter comported with due process because she purposely availed herself of the privilege of conducting activities within Connecticut in that she was aware of the centralization of the companies’ email system and the storage of confidential data and trade secrets in Connecticut.

The court reasoned that whereas most internet users are unaware of the location of the servers through which their emails are being sent, Deiter knew that the servers housing her company’s email servers and the confidential files that she misappropriated were located in Connecticut. It was significant, moreover, that Deiter had directed her allegedly tortious conduct toward MacDermid, a Connecticut corporation.

The court also found that the factors for determining the reasonableness of exercising personal jurisdiction over Deiter weighed in favor of MacDermid. It remanded the case for further proceedings.

Long-Arm Stands Alone

As it turns out, Connecticut’s long-arm statute’s computer-use provision is one-of-a-kind. In a 50-state survey, only three other states were found to have long-arm statutes that specifically address the use of computers. Virginia Code § 8.01-328.1.B. presents the closest analogue; but it merely supplements the traditional tortious act subsections of the long-arm statute. Computer use comes into play only to the extent that it fits within the reach of those two subsections. By contrast, Connecticut’s computer-use provision (§ 52-49b(a)(5)) is a stand-alone subsection co-equal with, and not subject to satisfaction of, the tortious injury subsections (§§ 52-495b(a)(2) and (3)).

Moreover, the successful assertion of Virginia’s computer-use provision appears limited to cases where out-of-state defendants send unsolicited bulk e-mail, or “spam,” into Virginia email servers. In the one Virginia case dealing with out-of-state defendant employees allegedly misappropriating information from the company’s Virginia server, the court did not address the long-arm statute, but concluded that the specific facts of that case did not satisfy due process. The electronic docket for the Eastern District of Virginia reflects that no party appealed the Ayres decision.

The long-arm statutes of Maryland and North Carolina similarly contain a supplemental (not stand-alone) computer-use provision. See Md. Cod §§ 6-103(b)(2), (b)(4) and 6-103(c) (providing for personal jurisdiction where the case of action arises from, among other things, the in-state consumption of “goods” and “services”, and explicitly including “computer information” and “computer programs” as goods and services); N.C. Gen. Stat. § 1-75.4(4)(c)c. (dealing strictly with cases involving commercial spam sent into the state in contravention of e-mail service provider policies). Research disclosed no other states with computer-use provisions like that of Connecticut.

Practical Implications

MacDermid Inc. v. Deiter has unique and promising implications for Connecticut-based companies with employees or affiliates who are out of state or overseas and who avail themselves of restricted access to company computers, servers and/or computer networks situated in Connecticut. Provided that the company can allege a cause of action arising from a defendant’s use of company computers in Connecticut, § 52-59b(a)(5) provides a way for the company to protect its interests at home without potentially costly litigation in unknown, foreign jurisdictions.

It remains to be seen what set of facts would satisfy the computer-use provision of Connecticut’s long-arm and yet fall short of what is permitted by constitutional due process. Companies that wish to protect their proprietary electronic data from rogue out-of-state employees would do well at least to put such employees on sufficient notice of the extent and nature of their contacts with Connecticut, as MacDermid did in this case. They should document such notice in employment agreements, computer use policies, confidentiality agreements, nondisclosure agreements, and the like. •