The Florida Computer Abuse and Data Recovery Act


In response to rampant hacking of business computers and data theft, the Florida legislature passed the Florida Computer Abuse and Data Recovery Act (CADRA), F.S. §668.801. CADRA establishes new civil violations against unauthorized persons who harm or cause damage to business computers or systems that contain business information or data.

Under CADRA, a business owner who has been hacked can sue for statutory damages from the violator if the violation was conducted with knowledge and intent to cause harm or loss to the business. To be covered under the Act, the systems and data must be password, biometric, or hardware-protected and the violator must have circumvented those protections. 

CADRA violations permit the business owner to recover actual damages, including lost profits, economic damages, and violator’s profits. The business owner may also obtain injunctive relief to prevent further loss or damage to its data and systems. CADRA also permits the owner to recover the misappropriated information, program, or code and all copies thereof, that are subject to the violation. 

In addition to damages and equitable relief, the owner of a business system or business information can obtain reasonable attorneys’ fees for any violation. The recovery of fees is equally available to a defendant who successfully defeats an alleged CADRA violation under the prevailing party rule. CADRA’s remedies are in addition to remedies otherwise available under state or federal law. 

Some law enforcement activities and governmental activities are excluded from CADRA, including any lawfully authorized investigative, protective, or intelligence activities. CADRA does not impose liability on a provider of an interactive computer service or an information service provider, who merely transmit, store, or cache data not belonging to the provider. 

The act took effect October 1, 2015. Violations of CADRA must be brought within three years after the violation occurred or within three years after the violation was discovered or should have been discovered with due diligence.

?php if ( function_exists( 'gtm4wp_the_gtm_tag' ) ) { gtm4wp_the_gtm_tag(); } ?