United States District Court, M.D. Alabama, Southern Division
March 31, 2015
D & J OPTICAL, INC., Plaintiff,
DR. TAMMY WALLACE, et al., Defendants.
MEMORANDUM OPINION and ORDER
TERRY F. MOORER, Magistrate Judge.
In the Complaint, D & J Optical ("Plaintiff" or "D&J Optical") asserts that Dr. Tammy Wallace ("Dr. Wallace"), a former independent contractor hired by Plaintiff; Debbie Hughes ("Hughes"), a former employee; and Enterprise Optical, LLC, d/b/a/Eyes of Ozark Optical ("Enterprise Optical"), its competitor, misappropriated information maintained in Plaintiff's computer system. Specifically, D&J Optical asserts that the defendants violated:
(1) The Computer Fraud and Abuse Act, 18 U.S.C. § 1030;
(2) The Digital Millenium Copyright Act, 17 U.S.C. § 1201;
(3) The Alabama Trade Secrets Act, § 8-27-1, Ala. Code 1975; and
(4) The Alabama Digital Crime Act, § 13A-8-112.
The plaintiff also asserts state law claims of trespass, conversion, intentional interference with business relations, and civil conspiracy against all of the defendants; breach of contract against Dr. Wallace; breach of duty of loyalty and fraudulent suppression against both Hughes and Dr. Wallace; and tortious interference with contract against Enterprise Optical.
The court has jurisdiction of the plaintiff's claims pursuant to its federal question jurisdiction, 28 U.S.C. § 1331, and supplemental jurisdiction, 28 U.S.C. § 1367. Pursuant to 28 U.S.C. § 636(c)(1) and M.D. Ala. LR 73.1, the parties have consented to a United States Magistrate Judge conducting all proceedings in this case and ordering the entry of final judgment.
Now pending before the court is the Motion to Dismiss filed by Enterprise Optical. Doc. 17. Upon consideration of the Motion and Plaintiff's Response, the court concludes that the Motion to Dismiss is due to be GRANTED with respect to the Digital Millenium Copyright Act claim and DENIED on the remaining claims.
II. STANDARD OF REVIEW
A Rule 12(b)(6) Motion tests the legal sufficiency of the complaint. Although it must accept well-pled facts as true, the court is not required to accept a plaintiff's legal conclusions. Ashcroft v. Iqbal, 556 U.S. 662, 678, 129 S.Ct. 1937, 1949 (2009) ("[T]he tenet that a court must accept as true all of the allegations contained in a complaint is inapplicable to legal conclusions"). In evaluating the sufficiency of a plaintiff's pleadings, the court must indulge reasonable inferences in plaintiff's favor, "but we are not required to draw plaintiff's inference." Aldana v. Del Monte Fresh Produce, N.A., Inc., 416 F.3d 1242, 1248 (11th Cir. 2005). Similarly, "unwarranted deductions of fact" in a complaint are not admitted as true for the purpose of testing the sufficiency of plaintiff's allegations. Id .; see also Iqbal, 556 U.S. at 680, 129 S.Ct. at 1951 (stating conclusory allegations are "not entitled to be assumed true").
A complaint may be dismissed if the facts as pled do not state a claim for relief that is plausible on its face. See Iqbal, 556 U.S. at 679, 129 S.Ct. at 1950 (explaining "only a complaint that states a plausible claim for relief survives a motion to dismiss"); Bell Atl. Corp. v. Twombly, 550 U.S. 544, 561-62, 570, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007) (retiring the prior "unless it appears beyond doubt that the plaintiff can prove no set of facts" standard). In Twombly, the Supreme Court emphasized that a complaint "requires more than labels and conclusions, and a formulaic recitation of the elements of a cause of action will not do." Twombly, 550 U.S. at 555. Factual allegations in a complaint need not be detailed but "must be enough to raise a right to relief above the speculative level on the assumption that all the allegations in the complaint are true (even if doubtful in fact)." Id. at 555 (internal citations and emphasis omitted).
In Iqbal, the Supreme Court reiterated that although FED. R. CIV. P. 8 does not require detailed factual allegations; it does demand "more than an unadorned, the-defendant-unlawfully-harmed-me accusation." Iqbal, 556 U.S. at 678, 129 S.Ct. at 1949. A complaint must state a plausible claim for relief, and "[a] claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged." Id. The mere possibility the defendant acted unlawfully is insufficient to survive a motion to dismiss. Id. The well-pled allegations must nudge the claim "across the line from conceivable to plausible." Twombly, 550 U.S. at 570.
D&J Optical operates optical centers in Ozark, Alabama and Opp, Alabama. Doc. 1, Pl's Comp., p. 3. It maintains a secure server for storage of its confidential and trade secret information related to the practice. Id., p. 6. D&J manages digital patient records related to insurance billing through Panacea software, which stores basic demographic and contact information for each patient, as well as brief descriptions of the diagnosis, treatment history, follow-up schedule, and billing information for each patient. Id., pp. 6-7.
Hughes, a former employee, began working at D&J Optical in March 2007. Id., p. 6. Although she had no administrator privileges to access the server, she was assigned a user name and password allowing her to access patient records in order to fulfill her duties in filing insurance claims. Id., p. 8.
In 2009, Dr. Wallace began working part time as an optometrist for D&J Optical. Id., p. 3. In 2012, she entered into an Independent Contract Agreement with D&J Optical to work as a full-time optometrist. The plaintiff alleges that, as part of the agreement, Dr. Wallace agreed that she would not disclose, directly or indirectly, D&J Optical's "client names, addresses, personal information, files and records, as well as other processes, procedures, compilations of information, records, and specifications that are owned by the corporation and that are regularly used in the operation of the corporation's business." Id., p.4. Neither Hughes nor Dr. Wallace were given credentials or passwords granting them access to the server or allowing them to make any modifications to D&J's computer system. Id., p. 7.
On August 29, 2013, Dr. Wallace gave notice that she planned to leave the D&J Optical practice effective November 27, 2013. Id., p. 5. At some point around this time, Enterprise Optical began to open an optical center in Ozark, Alabama. On September 14, 2013, Hughes requested vacation leave from D&J Optical. Plaintiff alleges that, while on vacation, Hughes received training at Enterprise Optical, downloaded patient contact information to her secured workstation, and subsequently attempted to erase her actions from her computer. Id., p.6.
On October 1, 2013, Hughes gave notice of her intent to leave D&J Optical. On October 28, 2013, Hughes began working at Enterprise Optical. On December 3, 2013, Dr. Wallace also began working at Enterprise Optical. On this same day, D&J Optical began receiving faxed requests from Enterprise Optical for patient records. Id., p. 5. For the next two weeks, more than fifty requests for patient records were faxed from Enterprise Optical to D&J Optical. Id., pp. 5-6.
At some point in 2014, Kyle Jones ("Jones"), the Controller of D&J Optical, discovered that data was transferred without authorization from the D&J Optical server to "Starfield Technologies File Backup." Id. Tom Rivers ("Rivers"), an IT consultant and co-designer of the Panacea software, conducted research and confirmed that Starfield Technologies is not a service used or authorized by D&J Optical. Id., p. 8. In addition, he discovered that the Cisco Mobility Client software was installed on D&J Optical's workstations without authorization and that a wireless transmitter was plugged into a USB port of a workstation, which allowed remote access to the server through a wireless access point or virtual private network. Seven user names were established without authorization. Id., p. 9.
Jones also discovered a wire from the company's internet access point extending into the attic of the building. The wire connected to a booster which allowed access to a workstation from the internet. Rivers determined that the D&J Optical server was remotely accessed from an IP address assigned to the D&J Optical network in Ozark to a computer named "WALLACEFAMILY" between October 31, 2013, and December 2, 2013. D&J Optical workstations were also remotely accessed by computer addresses traceable to Enterprise Optical both before and after the individual defendants terminated their employment with D&J Optical. Id.
D&J Optical alleges that, as a result of the unauthorized remote access to its computer system, it was forced to employ experts to undertake a forensic analysis, send letters regarding the unauthorized access as a breach of protected health information to its patients, post notices in the local newspapers, and submit a breach of notification report to the United States Department of Health and Human Services. Id., p. 11.
A. The Computer Fraud and Abuse Act
Enterprise Optical asserts that Plaintiff's claim that it violated the Computer Fraud and Abuse Act ("CFAA") warrants dismissal because (1) the facts as alleged do not indicate that it intentionally accessed D&J Optical's computer system; (2) the alleged loss does not exceed the required jurisdictional amount of at least $5, 000 in value; and (3) there is no allegation that Enterprise Optical is a "violator" of the Act.
The CFAA defines several categories of conduct which give rise to civil or criminal liability. 18 U.S.C. § 1030. Intentionally accessing a protected computer without authorization, and as a result of such conduct, causing damage and loss, gives rise to criminal liability. 18 U.S.C. § 1030(a)(5)(C). Civil liability requires a separate showing:
A civil action for a violation of this section may be brought only if the conduct involves 1 of the factors set forth in subclauses (I), (II), (III), (IV), or (V) of subsection (c)(4)(A)(I).
18 U.S.C. § 1030(g).
The Complaint and the Amendment thereto do not specify which of the violations were allegedly committed or which of the factors listed in § 1030(c)(4)(A)(I) are applicable. Upon reviewing the facts as alleged and the matters discussed during Oral Argument, it appears Plaintiff asserts that Enterprise Optical remotely accessed a protected computer without authority to do so and obtained patients' basic demographic and contact information, thereby causing loss and damages, including the costs of conducting a forensic investigation and damage assessment, replacement of computer hardware, and other costs totaling more than $5, 000. Subsection (c)(4)(A)(i)(I) provides that civil liability may be imposed if the loss is greater than $5, 000.
First, Enterprise Optical argues that the Computer Fraud and Abuse Act claim is due to be dismissed because the Complaint merely speculates that it had "knowledge" that Dr. Wallace and Hughes intentionally accessed Plaintiff's computer system. In other words, Enterprise Optical argues that mere "knowledge of intentional acts allegedly performed by others" by itself does not establish its own performance of an intentional act. Enterprise also argues that there are no specific facts demonstrating that they are a "violator" of the Act.
At this stage of the proceedings, the plaintiff's allegation that Enterprise Optical intended to access its computer system remotely to retrieve information is plausible. Plaintiff alleges that Dr. Wallace and Hughes, intentionally and with the knowledge of Enterprise Optical, accessed information on the D&J Optical computer system while undergoing a training session at Enterprise Optical's office, wrongfully obtained information regarding its patients using unauthorized remote access, attempted to damage data on D&J Optical's server, and that all of the defendants "conspired together to commit each of these wrongful acts of improper access to the D & J computer system for the purpose of obtaining D&J Optical's patient contacts and other confidential, proprietary, and trade secret information for the financial benefit of Enterprise Optical and Eyes of Ozark, and to cause material harm to D&J Optical's business." Pl's Comp., p. 14. In addition, D&J Optical alleges that its workstations were accessed remotely from computer addresses that can be traced to Enterprise Optical on dates both before and after Dr. Wallace and Hughes terminated their employment with Plaintiff and that D&J Optical received more than fifty requests for patient records, including from patients who were not due for a return visit, during the first two weeks of the opening of Eyes of Ozark and the date Dr. Wallace began working at the new office. In their Amendment to the Complaint, D&J Optical also alleges that the individual defendants became agents of Enterprise Optical when they began training at Enterprise Optical and/or gave notice of their intent to leave D&J Optical, and that their actions in accessing and removing patient information were authorized and/or ratified by Enterprise Optical. Doc. 42, p. 2. Thus, the allegations indicate that Enterprise Optical had knowledge of, conspired with, and/or authorized the other defendants to obtain information from D&J Optical's computer system, and that it benefited from this unauthorized action. At this stage of the proceedings, it is arguable that Plaintiff has alleged sufficient factual content which allows the court to draw the "reasonable inference" that Enterprise Optical committed an intentional act.
Enterprise Optical argues that Plaintiff fails to plead the required jurisdictional amount under the Act. A civil action under the CFAA may be brought if the aggregate loss is at least $5, 000 in value. See 18 U.S.C. § 1030(g) (referring to § 1030(c)(4)(A)(i)). Loss is defined in the CFAA as "any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service." 18 U.S.C. § 1030(e)(11). A significant split of authority exists on this issue, with some courts holding that investigative costs are "reasonable" and "recoverable" costs, while others limit such "loss" to interruption of service, and not merely the downloading of client contact information as alleged in the present case.
The issue is a statutory interpretation question. The Eleventh Circuit has not decided this specific issue. Several courts have held that all loss must be as a result of "interruption of service." See, e.g., Continental Group, Inc. v. Kw Property Management, LLC, 622 F.Supp.2d 1357, 1371 (S.D. Fla. 2009) (determining all loss must be the result of interruption of service, especially in light of "the legislative intent in the CFAA, a criminal statute, to address interruption of service and damage to protected computers); Cheney v. IPD Analytics, LLC, No. 08-23188-CIV, 2009 WL 1298405, *7 (S.D. Fla. 2009) (finding defendants failed to state a claim under the CFAA in part because a "[p]lain reading of the definition of loss' must be related to interruption of service"). Other courts have interpreted the provision more broadly. See, e.g., Donahue v. Tokyo Electron Am., Inc., 42 F.Supp.2d 829, 844 (W.D. Tex. 2014) (determining loss encompasses two types of harm, specifically the costs to investigate and respond to a computer intrusion and the costs associated with a service interruption); Trademotion, LLC, v. Marketcliq, Inc., 2012 WL 682737 (M.D. Fla. February 14, 2012) (determining "loss" does not relate solely to losses incurred due to interruption of service); Quantlab Techs. Ltd.v. Godlevsky, 719 F.Supp.2d 766, 776 (S.D. Tex. 2010) ("[T]he term loss' encompasses... two types of harm: costs to investigate and respond to a computer intrusion, and costs associated with a service interruption."). A plain reading of the statute indicates that "loss" includes the cost to investigate or the cost associated with a service interruption. There are no allegations indicating that service was interrupted at the time the remote access occurred. Nonetheless, the facts as alleged indicate costs were incurred to investigate the intrusion. Plaintiff alleges that the defendants' unauthorized activity forced it to incur costs of more than $5000 in damage assessment and remedial measures. The court concludes that the plaintiff's allegations are plausible and adequately state a claim for relief under the CFAA. Consequently, the Motion to Dismiss the CFAA claim against Enterprise Optical is due to be DENIED at this stage of the proceedings.
B. Digital Millennium Copyright Act
Enterprise Optical argues D&J Optical lacks standing to bring a lawsuit under the Digital Millennium Copyright Act ("DMCA"), 17 U.S.C. § 1201, et seq., because it is not the owner of the copyright. The defendant also argues that the DMCA is inapplicable because the information obtained, such as client contact information, is not a protected work under the Act.
Congress enacted the DMCA in 1998 to "strengthen copyright protection in the digital age." Universal City Studios, Inc. v. Corley, 273 F.3d 429, 435 (2d Cir. 2001). Title 17 U.S.C. § 1201(a)(1)(A) provides that "[n]o person shall circumvent a technological measure that effectively controls access to a work protected under this title. " (Emphasis added.) "As used in this subsection... to circumvent a technological measure' means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner." 17 U.S.C. § 1201(3)(A). "[A] technological measure effectively controls access to a work' if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work." 17 U.S.C. § 1201(3)(B). In addition, Section 1203(a) provides that "[a]ny person injured by a violation of section 1201... may bring a civil action in an appropriate United States district court for such violation."
Although the Eleventh Circuit has not addressed standing under the Digital Millennium Copyright Act, other courts have generally held that ownership of a copyright is not necessarily a requirement to bring suit under sections 1201 and 1203. See CoxCom, Inc. v. Chaffee, 536 F.3d 101 (1st Cir. 2008) (cable services provider had standing to sue sellers of filters that blocked low-frequency cable signals and interfered with their pay-per-view billing services); Echostar Satellite, LLC v. Viewtech, Inc., 543 F.Supp.2d 1201 (S.D. Cal. 2008) (finding that because plaintiff contracted and purchased distribution rights of programming, it was reasonable to infer that plaintiff also had authority to control measures protecting programming). Nonetheless, the more important question in this case is whether the plaintiff's allegations indicate Enterprise Optical circumvented a technological measure that controls access to a protected work under the Act.
The plaintiff asserts that Enterprise Optical wrongfully circumvented D&J's technological measures by installing new hardware and software on the D&J computer system and by creating new user credentials to allow access to the Panacea software. The plaintiff argues that it has sufficiently alleged a violation of the Digital Millenium Copyright act because Panacea owns the copyright to its software program.
The term "work protected under this title" extends "a new form of protection, i.e., the right to prevent circumvention of access controls, broadly to works protected under Title 17, i.e., copyrighted works." MDY Industries, LLC v. Blizzard Entertainment, Inc., 629 F.3d 928, 945 (9th Cir. 2010). See also Universal Studios, 273 F.3d at 443 (The DMCA "targets the circumvention of digital walls guarding copyrighted material.").
The facts indicate that the Panacea software program stores basic demographic and contact information for each patient, as well as brief descriptions of the diagnosis, treatment history, and billing information for each patient. Pl's Comp., p. 7. Throughout the Complaint, the plaintiff argues that the defendants accessed its computer system to gain access to patient information, including the names and addresses of patients. There is no indication that this type of information is a protected work under the Act. In addition, the court notes that there have been few cases brought under section 1201(a)(1) of the Act, and that most of those were instances of high-profile circumvention activities with facts dissimilar from the allegations in this case. See, e.g., Lexmark International, Inc. v. Static Control Components, Inc., 387 F.3d 522 (6th Cir. 2004); Apple, Inc. v. Psystar Corp., 673 F.Supp.2d 931 (N.D. Cal. 2009); Metropcs Wireless, Inc. v. Virgin Mobile USA, L.P., No. 3:08cv1658-D (N.D. Tex. Sept. 25, 2009). This court therefore concludes that Plaintiff fails to allege a plausible claim for relief under the Digital Millenium Copyright Act. The Motion to Dismiss the DMCA claim is due to be GRANTED in favor of Enterprise Optical.
C. Alabama Trade Secrets Act
Enterprise Optical asserts that the claim that it violated the Alabama Trade Secrets Act, Alabama Code § 8-27-3, warrants dismissal because there are no allegations that Enterprise Optical intentionally accessed its protected computer content. Specifically, the defendant argues that the allegations are directed at Wallace and Hughes during their employment with the plaintiff.
The Alabama Trade Secrets Act imposes liability on a person who, having obtained a trade secret from a third person, discloses or uses the trade secret after receiving sufficient information to put him on notice that a trade secret was misappropriated by the third person. IMED Corp. v. Systems Engineering Assoc. Corp., 602 So.2d 344 (Ala. 1992). As previously discussed, the plaintiff's allegations create a plausible inference that Enterprise Optical had knowledge of the individual defendant's actions and/or acted in concert with the defendants. Defendant also argues that the patient information allegedly obtained is not a trade secret. The plaintiff, however, argues that its information includes trade secrets. It is difficult to discern at this stage of the proceedings if any of the alleged misappropriated information includes trade secrets. The court concludes that, to the extent the plaintiff asserts Enterprise Optical misappropriated D&J's trade secrets through unauthorized computer access, the Motion to Dismiss is due to be DENIED at this time.
D. Alabama Digital Crime Act
Defendant Enterprise Optical asserts that the plaintiff's claim that it violated the Alabama Digital Crime Act, § 13A-8-110, warrants dismissal because it is a criminal statute. D&J Optical, however, argues that Alabama Code § 6-5-370 and civil law allow for a civil action for felonious conduct.
Alabama Code § 6-5-370 provides that, for any injury amounting to a felony, a civil action may be commenced by the party injured without prosecution of the offender. The statute, however, does not create a new cause of action; rather, it merely allows a plaintiff to commence a civil action even if the plaintiff does not pursue criminal prosecution of the defendant. Bell Aerospace Services, Inc. v. U.S. Aero Services, Inc., 690 F.Supp.2d 1267 (M.D. Ala. 2010). D&J Optical argues that it need not rely solely on § 6-5-270, because, under common law, there is a remedy for criminal violations which result in injury to person or property. See Lollar v. Poe, 622 So.2d 902 (Ala. 1993). In Alabama, "civil liability for acts which constitute a crime will ensue only if the acts complained of violate the legal rights of the plaintiff, constitute a breach of duty owed to the plaintiff, or constitute some cause of action for which relief may be granted.'" Ages Group, L.P. v. Raytheon Aircraft Co., Inc., 22 F.Supp.2d 1310, 1320 (M.D. Ala. 1998) (quoting Smitherman v. McCafferty, 622 So.2d 322 (Ala. 1993)). D&J Optical argues that there is a right to privacy related to its patients' medical information. At this stage of the proceedings, the court is unable to discern whether the information allegedly accessed includes records implicating the legal rights of the plaintiff. The facts as alleged, however, nudge across the line from conceivable to plausible. Twombly, supra . The court concludes that D&J has adequately pled a plausible claim for relief and that the Motion to Dismiss this claim pursuant to FED.R.CIV.P. 12(b)(6) is due to be DENIED at this juncture.
Enterprise Optical asserts that the trespass claim should be dismissed because there are no allegations showing that Enterprise Optical entered the premises and that the claim is based on pure conjecture. In the Complaint, D&J alleges that Wallace, Hughes, and Enterprise Optical's actions in entering its premises without authorization to install hardware and software to create remote access to the computer system and accessing the computer system without authorization constitute a trespass to property. As previously discussed, the plaintiff has sufficiently pled that Enterprise Optical was aware of the actions of both Wallace and Hughes and that the individual defendants acted as its agents. This court therefore concludes that the plaintiff states a plausible claim for trespass. The Motion to Dismiss the trespass claim is due to be DENIED at this stage of the proceedings.
Enterprise Optical argues that D&J fails to allege sufficient facts demonstrating a claim of conversion. Specifically, the defendant argues that the facts are insufficient to show that it converted any of D&J's personal property for its own use and offers a speculative conclusion that Enterprise Optical committed the complained acts.
Under its conversion count in the Complaint, D&J alleges that the defendants' actions "in accessing and making use of date stored on D&J Optical's computer system without authorization, constitute improper and unlawful deprivation of or interference with D&J Optical's intangible personal property and a wrongful exercise of dominion over that property in defiance of D&J Optical's rights." Pl's Comp., p. 22. In addition, D&J alleges "Defendants appropriated D&J Optical's intangible personal property for their own use and benefit." Id. Under Alabama law, conversion is a wrongful taking, a wrongful detention, an illegal assumption of ownership, or an illegal use or misuse of some else's property. Webb v. Dickson, 165 So.2d 103, 105 (1964). The court concludes that D&J has sufficiently pled a plausible conversion claim. Consequently, the Motion to Dismiss the conversion claim against Enterprise Optical pursuant to FED.R.CIV.P. 12(b)(6) is due to be denied.
G. Tortious Interference with Contract
Enterprise Optical asserts that the tortious interference with contract claim should be dismissed because there are no facts alleging that it induced Wallace to take any action or in any way interfered with her contract with the plaintiff.
In Alabama, a claim of tortious interference with contract requires "(1) the existence of a contract or business relation, (2) the defendant's knowledge of the contract or business relation, (3) intentional interference with the contract or business relation, and (4) damage to the plaintiff as a result of the interference." Mac East LLC v. Shoney's, 535 F.3d 1293, 1297 (11th Cir. 2008). In its Complaint, D&J alleges that Wallace and D&J Optical had a contract for provision of optometry services and that Enterprise Optical intentionally disrupted or interfered with the performance of this contract through its actions, including inducing Wallace to access information on D&J Optical's computer system for the benefit of Enterprise Optical and that the defendant's actions caused damage. The court concludes that D&J Optical alleges a plausible claim of tortious interference with contract against Enterprise Optical. The court therefore concludes that the Motion to Dismiss the tortious interference with contract claim is due to be DENIED.
H. Intentional Interference with Business Relations
Enterprise Optical argues that D&J Optical has failed to state a claim of intentional interference with business relations because there "is a dearth of factual allegations regarding acts, intentional or otherwise, by [Enterprise Optical]." Doc. 18, p. 18. Specifically, the defendant contends that D&J Optical does not allege facts which support any claim that Enterprise Optical intentionally interfered with any protected business relationship with the plaintiff and its patients or customers. Id.
Alabama recognizes the tort of intentional interference with business relations. See Gross v. Lowder Realty Better Homes & Gardens, 494 So.2d 590 (Ala. 1986).
We hold that this tort of intentional interference with business or contractual relations, to be actionable, requires:
(1) The existence of a contract or business relation;
(2) Defendant's knowledge of the contract or business relation;
(3) Intentional interference by the defendant with the contract or business relation;
(4) Absence of justification for the defendant's interference; and
(5) Damage to the plaintiff as a result of defendant's interference.
Gross, 494 So.2d at 597 (footnotes omitted). See also Soap Co. v. Ecolab, Inc., 646 So.2d 1366, 1371 (Ala. 1994). In the Complaint, D&J Optical alleges that Wallace, Hughes, and Enterprise Optical intentionally interfered with relations between D&J Optical and its established customer and patient base, that Enterprise Optical obtained actual knowledge of these relationships through the wrongful and unauthorized access to data, and that the defendants used the information to solicit its patients and customers. Doc. 1, p. 28. In addition, D&J Optical alleges that the defendants were aware of the existence of, and intentionally interfered with, the protectable business relationship to which they are strangers, thereby causing damages, including lost income, diminished competitive advantage, and reputational harm. Id. This court concludes that D&J Optical has alleged facts which allow the court to draw the reasonable inference that Enterprise Optical may be liable for intentional interference with business relations. Therefore, the Motion to Dismiss the claim that Enterprise Optical intentionally interfered with D&J Optical's business relations is due to be denied.
I. Civil Conspiracy
Enterprise Optical argues that D&J Optical does not allege any facts which establish that the defendants engaged in a concerted action to achieve an unlawful purpose. "The elements of civil conspiracy in Alabama are (1) concerted action by two or more persons (2) to achieve an unlawful purposes or a lawful purpose by unlawful means." Ex parte Alamo Title Co., 128 So.3d 700, 713 (Ala. 2013).
Throughout the Complaint and Amendment to the Complaint, D&J Optical alleges facts indicating that Wallace, Hughes, and Enterprise Optical unlawfully and intentionally conspired to commit the unlawful acts with the purpose of obtaining unauthorized access to its computer system and the information contained therein. The plaintiff specifically alleges:
... In furtherance of this conspiracy, hardware and software were placed on the D&J Optical workstations to allow unauthorized remote access to the secure computer system. Placement of the hardware and software were accomplished through physical trespass to the real property of D&J Optical. The use of the fraudulent credentials established by the conspirators allowed remote access to the computer system, a trespass upon D&J Optical's tangible and intangible personal property. On numerous occasions the D&J Optical computer system was remotely accessed from IP addresses that can be traced to Wallace and the Enterprise Optical office. Through this conspiracy, the conspirators sought to, and did, achieve an unfair economic advantage by obtaining the confidential, proprietary, and trade secret information of D&J Optical.
... As a direct and proximate result of the conspiracy between Wallace, Hughes, and Enterprise Optical, D&J Optical has suffered damages including the cost of investigating and responding to the unauthorized access, cost of complying with required PHI breach notification rules, lost income, diminished competitive advantage, and reputational harm resulting from the required public PHI breach notifications.
Doc. 1, pp. 31-32. This court therefore concludes that the plaintiff alleges a plausible civil conspiracy claim. Consequently, the Motion to Dismiss the conspiracy claim is due to be denied.
Accordingly, it is
ORDERED as follows:
1. To the extent the defendant moves to dismiss the Digital Millennium Copyright Act claim against Enterprise Optical, the Motion to Dismiss pursuant to FED.R.CIV.P. 12(b)(6) (doc. 17) be and is hereby GRANTED.
2. To the extent the defendant moves to dismiss the remaining claims against Enterprise Optical, the Motion to Dismiss pursuant to FED.R.CIV.P. 12(b)(6) (doc. 17) be and is hereby DENIED.
3. To the extent the defendant moves to dismiss the Amendment to the Complaint (doc. 43), the Motion to Dismiss be and is hereby DENIED.