Data Backup Digest

With computer hacking and identity theft affecting more and more companies within the United States, it should come as no surprise to anyone that individual states are stepping up to the plate with their own laws and regulations that are meant to protect and even compensate victims in the event of a cyber attack. One such law, Florida’s Computer Abuse and Data Recovery Act, or CADRA, took effect on October 1, 2015.

Despite the fact that CADRA serves only the state of Florida, it is meant to be used as a template for nation-wide legislation. Moreover, organizations who seek protection under CADRA must install specific technological access barriers, referred to as TABs, as defined in the act itself. Failure to do so will negate any protection as defined within the law.

The act states that an individual is in direct violation of CADRA when they: “knowingly and with intent to cause harm or loss”: (1) obtains information from a TAB-protected computer without authorization and as a result causes harm or loss; (2) causes the transmission of a program, code, or command to a TAB-protected computer and as a result causes harm or loss; or (3) traffics in any TAB through which access to a protected computer might be gained without authorization.”

A de facto list of authorized personnel include enterprise directors, officers and employees or anyone else who has the expressed permission of the business owner. However, such authorization is considered invalid as soon as the business relationship ends.

Per CADRA, Individuals are considered to be acting “without authorization” when: “(a) they are not an authorized user; (b) they steal a TAB; or (c) the violator “circumvent[s] a technological access barrier [TAB] on a protected computer without the express or implied permission of the owner.”

However, it is important to note that CADRA makes a specific exception for systems that are protected by oversimplified passwords. According to the act, which “does not include circumventing a technological measure that does not effectively control access to the protected computer or the information stored in the protected computer,” generic or basic passwords are not enough to qualify for protection under CADRA.

Under the CADRA act, a business owner may win monetary awards through a court of law for their own lost profits, economic damages and even profits that have been accumulated as a violation of the act. The business owner is also allowed to seek compensation for their legal fees.

CADRA was originally drafted by Robert Kain, a member of the law firm Kain Spielman, P.A. The act was later introduced into the Florida State Legislature by Robert Kain Senator Dorothy Hukill out of Ocala and Representative Ross Spano from Riverview. CADRA was officially signed into law in May of 2015.

Moreover, a team previously known as the Employee Computer Hacking Project has been renamed the CADRA Task Force. Comprised of members from the Florida State Bar as well as various governmental committees, the task force is spearheaded by none other than Robert Kain.