Searching over 5,500,000 cases.


searching
Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

The Millard Group Inc. v. Stutesman

United States District Court, N.D. Illinois, Eastern Division

July 10, 2019

THE MILLARD GROUP INC., and MILLARD METAL MAINTENANCE CO. LLC, Plaintiffs,
v.
BRADLEY J. STUTESMAN, TOM FRYE, and HARVARD MAINTENANCE, INC., Defendants.

          MEMORANDUM OPINION AND ORDER

          ROBERT W. GETTLEMAN, UNITED STATES DISTRICT JUDGE

         Defendants Bradley Stutesman and Tom Frye worked for The Millard Group Inc. and Millard Metal Maintenance Co. LLC (collectively, “Millard”), an enterprise that provides janitorial services. Stutesman was a Senior Vice President; Frye, a sales representative. While they were with Millard, they emailed confidential Millard files to their personal email accounts. Stutesman left. Frye joined a competitor, Harvard Maintenance, Inc. Millard sued all three of them: Stutesman, Frye, and Harvard Maintenance.

         Although the claims in Millard's first amended complaint are many, they center on three allegations: (1) Stutesman and Frye, by failing to encrypt Millard's confidential files, violated Millard's encryption policy; (2) Stutesman and Frye planned to misuse Millard's confidential files against Millard; and (3) Harvard Maintenance turned Stutesman and Frye against Millard. Millard argues that these three allegations sustain claims under the Computer Fraud and Abuse Act, 18 U.S.C. § 1030(a)(2)(C), and claims for breach of contract, conversion, breach of fiduciary duty, and tortious interference with contract.

         There is no genuine dispute that Stutesman and Frye failed to encrypt Millard's confidential files when they emailed the files to their personal email accounts. There is also, however, no genuine dispute that neither of them knew about Millard's encryption policy, that other Millard employees also knew nothing about the policy, that other Millard employees also emailed themselves confidential Millard files without encryption, and that the policy had never been enforced against any Millard employee. Millard's other two accusations-that Stutesman and Frye were disloyal to Millard and that Harvard Maintenance induced their disloyalty-are unsupported by any admissible evidence.

         Stutesman, Frye, and Harvard Maintenance are thus entitled to summary judgment on all claims save one: Millard's breach of contract claim against Stutesman. On that claim, Millard is entitled to partial summary judgment on liability. Stutesman's non-compete agreement barred him from retaining information about Millard's customers and business practices after termination, and there is no dispute that Stutesman retained such information in his personal email account.

         DISCUSSION

         In its first amended complaint, Millard brings the following claims against Stutesman, Frye, and Harvard Maintenance:

Bradley Stutesman Computer Fraud and Abuse Act, 18 U.S.C. § 1030(a)(2)(C) (Count I) common law conversion (Count III) breach of contract (Count V)
Tom Frye Computer Fraud and Abuse Act, 18 U.S.C. § 1030(a)(2)(C) (Count II) common law conversion (Count IV) breach of contract (Count VI) breach of fiduciary duty (Count VII)
Harvard Maintenance tortious interference with Stutesman contract (Count VIII) tortious interference with Frye contract (Count IX)

         Millard moves for partial summary judgment against Stutesman and Frye, seeking to hold them liable for violating the Computer Fraud and Abuse Act and for breaching their contracts. Stutesman, Frye, and Harvard Maintenance move for summary judgment on all claims. Summary judgment is proper when a reasonable jury considering the evidence could return a verdict only for the moving party. Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 250-51 (1986). The court draws all justifiable inferences in favor of the non-moving party. Id. at 255. The facts are taken from the parties' L.R. 56.1 statements and from the depositions and exhibits, and are not genuinely disputed unless otherwise noted.

         The court holds that: (1) Stutesman is entitled to summary judgment on all claims except for the breach of contract claim, on which Millard is entitled to partial summary judgment on liability; (2) Frye is entitled to summary judgment on all claims; and (3) Harvard Maintenance is entitled to summary judgment on all claims.

         1. Stutesman

         When Stutesman joined Millard as a general manager in 1998, he signed a non-compete agreement in which he agreed that after he left, he would not disclose Millard's confidential information, solicit Millard's employees, or retain information about Millard's customers and business practices. Nineteen years later, in July 2017, he left the company as Senior Vice President of Operations.

         From January through June 2017, Stutesman sent ten emails from his Millard email account to his personal email account. Some of those emails attached copies of confidential Millard files-files containing Millard's profit margins, customer lists, and employee salaries. Stutesman did not encrypt the files before emailing them. Although he was allowed to access confidential files as Millard's Senior Vice President of Operations, emailing such files without encryption arguably violated Millard's Electronic Communications Policy: “Due diligence should be exercised when exchanging files or data via the Internet. Employees should not transfer sensitive or confidential files without approved encryption or other security precautions.” Stutesman did not know about this policy until Millard sued him.

         Millard finds particularly suspicious an email that Stutesman sent on Friday, May 26, 2017. That evening, he emailed himself a .ZIP file containing confidential Millard files. Stutesman testified that he wanted to work on those files over the Memorial Day Weekend. Millard had lost a significant customer earlier that day-according to Stutesman, the loss of that customer required him to update and revise information related to a commercial reorganization and restructuring project. Stutesman, however, could not open the .ZIP file on his home computer. He never opened the files inside, never printed them, and never sent or shared them with anyone.

         Stutesman left the company at the end of July 2017. To protect his privacy, he deleted many emails from his Millard email account, including every email that he had sent to his personal email account. (He did not delete emails that were sent to or received from Millard clients or co-workers.) Stutesman testified that he deleted those emails because they had nothing to do with Millard and they contained personal information. They included, for example, emails from his lawyers about his uncle's will and emails from his doctors about his wife's illness. He did not, however, delete Millard's confidential files from his own email account. There is no evidence that Stutesman ever offered those files to a Millard competitor, no evidence that he exploited them to solicit Millard's customers or employees, and no evidence that he used them against Millard in any way.

         In November 2017, three months after he left Millard, Stutesman met with John Rowley, Senior Vice President at Harvard Maintenance, a Millard competitor. Stutesman and Rowley discussed not only personal topics (they were friends and had known each other for 17 years), but also the possibility that Harvard Maintenance might hire Stutesman to handle a client account-a client with no prior relationship with Millard. Stutesman also told Rowley that two Millard employees, Barb Uchacz and Randy Carollo, were overworked and would be “worth talking to” if the employees “reached out.” Harvard Maintainence never did hire Stutesman. Uchacz or Carollo both still work at Millard. Neither Harvard Maintenance nor Stutesman ever got in touch with them-at least, there is no admissible evidence of that. Millard offers a screenshot of a text message allegedly between Stutesman and Uchacz, but that screenshot is obviously inadmissible because it is unsworn and unauthenticated. And other than a reference to “Barb, ” the screenshot even lacks Stutesman and Uchacz's names.

         After this suit was filed, Millard and Stutesman (and Frye) agreed to hire an impartial firm to examine Stutesman's home computer. Their chosen firm, DC Data Corporation, collected and processed data on Stutesman's computer and iCloud account. Millard paid the bill.

         Millard claims that Stutesman: violated the Computer Fraud and Abuse Act, 18 U.S.C. § 1030(a)(2)(C), by intentionally exceeding his authorized access to obtain information from Millard's computers; committed common law conversion by wrongfully assuming control over Millard's files; and breached his non-compete agreement by retaining Millard's files after he left the company. As noted, the court holds that: (1) Stutesman is entitled to summary judgment on Millard's Computer Fraud and Abuse Act claim; (2) Stutesman is entitled to summary judgment on Millard's common law conversion claim; and (3) Millard is entitled to partial summary judgment on liability on Millard's breach of contract claim.

         1.1 Computer Fraud and Abuse Act

         The Computer Fraud and Abuse Act makes it a criminal and civil offense for a person to obtain information from a computer by intentionally exceeding authorized access. 18 U.S.C. § 1030(a)(2)(c); 18 U.S.C. § 1030(g). To exceed authorized access is to “access a computer with authorization and to use such access to obtain . . . information in the computer that the accesser is not entitled so to obtain . . . .” 18 U.S.C. § 1030(e)(6).

         Stutesman emailed confidential Millard files from his Millard email account to his personal email account. By doing so, Millard argues, Stutesman intentionally exceeded his authorized access in two ways: (1) Stutesman failed to encrypt the files, thus violating the company's Electronic Communications Policy; and (2) Stutesman intended to misuse the confidential files, perhaps by offering them to a Millard competitor. Because no reasonable jury could find for Millard on either theory, Stutesman is entitled to summary judgment on Millard's Computer Fraud and Abuse Act claim.

         Violation of Millard's Electronic Communications Policy.

         No reasonable jury could find that Stutesman violated Millard's Electronic Communications Policy intentionally. Millard admits that Stutesman did not know about it. In fact, before suing Stutesman, Millard had never enforced the policy and had never disciplined any employee for violating it. Multiple other Millard employees, including a sales representative and two regional sales managers, testified that they, too, knew nothing about the policy and that they, too, had emailed themselves confidential files without encryption. Millard told them to stop doing so; Millard did not sue them in federal court. Stutesman could not have intentionally violated a policy that he and other Millard employees knew nothing about, a policy that Millard had never before enforced-a policy with language both precatory (“Employees should not transfer sensitive or confidential files”) and vague (“without approved encryption or other security precautions”) (emphasis added).

         Millard does no better even if Stutesman violated the Electronic Communications Policy intentionally. Stutesman exceeded authorized access if, by abusing his access to his Millard computer, he obtained information that he was “not entitled so to obtain.” 18 U.S.C. § 1030(e)(6). There is no dispute, however, that Stutesman was entitled to obtain the information in Millard's files-he was the company's Senior Vice President of Operations. He was authorized to use his Millard computer to access Millard information. Whatever Stutesman may have done next with that information did not curtail his authority to access it in the first place. As Millard concedes, quoting CouponCabin LLC v. Savings.com, Inc., No. 2:14-CV-39-TLS, Doc. 136, at 3, 2017 WL 83337, at *2 (N.D. Ind. Jan. 10, 2017), “Liability under § 1030(a)(2) is triggered by the unauthorized access of electronic data-not by the unauthorized use of such data.” (emphasis in original). Emailing confidential Millard files without encryption was (at worst) an unauthorized use of Millard information. Stutesman was nonetheless authorized to access it.

         Intent to misuse Millard's ...


Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.