Rick Anderson is the Chief Compliance Officer for “EquiMax” (EM), a major nationwide credit reporting bureau in the United States. In the past few years, certain decisions relative to EM’s compliance obligations have caused some concern with the Board of Directors. Rick has come to your law firm asking for help in assessing all potential risk associated with EM’s recent actions.
EM’s core business is compiling vast amounts of consumer financial data, including loan balances, payment history and defaults. This information is particularly useful for businesses, because the data goes back several years, sometimes up to 15 years. However, since EM maintains so much information, it often has difficulty maintaining accurate data. Some of the inaccurate data would be deleted, but the rest would stay on file. Nonetheless, EM remained very profitable since the financial information it collected proved to be reasonably accurate in predicting an individual’s future behavior.
When EM’s profits took a turn for the worse 6 months ago, Rick decided to hack into a competitor’s database to gain a competitive advantage. Rick ended up stealing 5 files containing various intellectual property documents, each valued at $1,000. Rick felt that there was little risk in doing this pursuant to the Computer Fraud and Abuse Act because EM still had to reverse engineer the source code stolen from the competitor.
Your supervising attorney asks you to prepare a memo discussing all potential privacy-related issues in Rick’s case. You are to advise your supervising attorney on the likely outcome of each issue, citing appropriate authorities.