MSC Safety Solutions, LLC v. Trivent Safety Consulting, LLC

          ORDER

          MICHAEL E. HEGARTY UNITED STATES MAGISTRATE JUDGE

         This action arises out of the departure of the individual Defendants from employment with Plaintiff to form the entity Defendant. Plaintiff's allegations against Defendants involve computer fraud, misappropriation of trade secrets, and other state law violations. See Am. Compl., ECF 16. In response, Defendants have filed a motion to dismiss pursuant to Fed.R.Civ.P. 12(b)(1) and 12(b)(6) arguing the Plaintiff fails to state plausible federal claims and the Court lacks supplemental jurisdiction to hear the state law claims or, in the alternative, Plaintiff fails to state plausible state law claims. For the reasons that follow, the Court will grant in part and deny in part the Defendants' motion.

         STATEMENT OF FACTS

         The following are relevant factual allegations (as opposed to legal conclusions, bare assertions, or merely conclusory allegations) made by Plaintiff in its First Amended Complaint, which are taken as true for analysis under Fed.R.Civ.P. 12(b)(6) pursuant to Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009).

         Plaintiff MSC Safety Solutions, LLC, f/k/a MSC Inc., d/b/a MSC Safety Solutions (“MSC”) is a Colorado company that competes in the safety consulting industry. MSC provides loss control and risk management services to large and small commercial construction contractors, government agencies, and general industry manufacturing facilities. Among other things, MSC's services include providing safety policy development, training for management personnel and field level employees, safety and loss control inspections, accident investigations and OSHA compliance assistance and representation. The safety consulting industry is a small niche industry that is highly competitive.

         Because of the highly competitive nature of the safety consulting industry, MSC closely protects and preserves its confidential information and trade secrets, including customer and vendor lists, product and services pricing, and training materials. This valuable information is developed and maintained by MSC at significant expense. To protect and preserve its confidential information and trade secrets, MSC uses, among other things, firewalls, antivirus software, password protection, and physical safeguards. MSC does not share its customer and vendor information, pricing information, product information, or training materials (collectively, the “Proprietary Information”) with the public. MSC provides the customer and vendor information only to its current employees and only for the purpose of carrying out their MSC job responsibilities.

         MSC currently has six employees. With the exception of the Director of Operations and Troy Clark, the owner and President of MSC, all of MSC's employees are employed in positions called Consultants or Consultants & Safety Specialists. The Consultants and Consultants & Safety Specialists are the “face” of the Company, and such positions are positions of authority, trust, and responsibility with MSC. Defendants Dax Biederman and Bryan McClure joined MSC in 2016 and were employed as Senior Safety Consultants. Defendant Scott Seppers joined MSC in April 2017 and was employed as a Safety Consultant. MSC hired these individual Defendants to provide MSC customers and clients with safety training, assist clients with any safety related matters, and conduct inspections of client work sites. As employees of MSC, the individual Defendants were given access to MSC's Proprietary Information for the purpose of carrying out their job responsibilities. In addition, the individual Defendants were provided with company email addresses in MSC's email system to conduct MSC's business on MSC's computers. The individual Defendants each terminated his employment with MSC on November 1, 2018.

         On September 29, 2018, while still employed with MSC, the individual Defendants filed Articles of Incorporation for “Trivent Safety Consulting Corp.” with the Colorado Secretary of State and established a Facebook page and Twitter account for the new entity. Subsequently, on October 23, 2018, the Defendants filed a Statement of Conversion with the Colorado Secretary of State, converting “Trivent Safety Consulting Corp.” from a corporation to a limited liability company, and filed Articles of Organization for Defendant Trivent Safety Consulting, LLC (“Trivent”) and registered Trivent as a limited liability company. Trivent is a direct competitor of MSC and provides safety consulting services in the State of Colorado.

         While the individual Defendants were MSC employees, they used MSC's IT resources to wrongfully solicit testimonials from MSC's clients and customers. These solicited testimonials are now used in the marketing of Trivent's products and services in direct competition with MSC. In addition, the Defendants used MSC's financial resources and MSC's company credit card to purchase products and services for the operation of Trivent. These purchases were made in furtherance of competing with MSC. Additionally, the Defendants made disparaging remarks about MSC and attempted to convince MSC clients and current and prospective customers to transfer their business to Trivent. Defendants' attempts to divert MSC's clients and current and prospective customers to Trivent are shown on Trivent's LinkedIN, Facebook, and Twitter pages where, on November 5, 2018, four days after their termination date, Defendants posted the following “byline” for Trivent: “The same faces you've come to know over the years in a new setting.”

         Prior to their termination date, and without authorization from MSC, Defendants removed from MSC and/or copied on MSC copiers Proprietary Information and other confidential information for the benefit of Trivent. Biederman and McClure, without authorization from MSC, deleted thousands of Company emails from MSC's email servers. After his termination, on or about November 1, 2018, McClure accessed MSC's online website management system without authorization and deleted information and data from MSC's website. MSC engaged its outside information technology provider, Aspire Technology Solutions, Inc. (“Aspire”), in an attempt to restore MSC's email accounts, website account, and server to their conditions prior to Defendants' conduct. Aspire was unable to accomplish this. MSC engaged a computer forensics firm to assess the alleged manipulation of and damage to the email accounts, website account, and server, as well as to further investigate the extent of Defendants' conduct; at significant expense to MSC, the firm was able to recover some of the deleted emails from the Defendants' company-owned computers.

         Prior to their termination date, the individual Defendants ordered over five hundred “ITI Rigging Cards, ” valued at approximately $2, 000.00, using MSC's company credit card. ITI Rigging Cards are training cards for trainees in MSC classes. The cards were delivered to MSC's office in Frederick, Colorado. After the Defendants were terminated, MSC conducted an inventory audit to determine whether the individual Defendants took any safety equipment and/or other materials, and MSC discovered that the Rigging Cards, along with numerous other safety equipment items, were missing.

         At no time did the individual Defendants disclose to MSC that they were conducting Trivent business while employed by MSC.

         LEGAL STANDARDS

         The purpose of a motion to dismiss under Fed.R.Civ.P. 12(b)(6) is to test the sufficiency of the plaintiff's complaint. Sutton v. Utah State Sch. For the Deaf & Blind, 173 F.3d 1226, 1236 (10th Cir. 2008). “To survive a motion to dismiss, a complaint must contain sufficient factual matter, accepted as true, to ‘state a claim to relief that is plausible on its face.'” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (quoting Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007)). Plausibility, in the context of a motion to dismiss, means that the plaintiff pled facts which allow “the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Id. Twombly requires a two-prong analysis. First, a court must identify “the allegations in the complaint that are not entitled to the assumption of truth, ” that is, those allegations which are legal conclusions, bare assertions, or merely conclusory. Id. at 679. Second, the Court must consider the factual allegations “to determine if they plausibly suggest an entitlement to relief.” Id. at 681. If the allegations state a plausible claim for relief, such claim survives the motion to dismiss. Id. at 680.

         Plausibility refers “to the scope of the allegations in a complaint: if they are so general that they encompass a wide swath of conduct, much of it innocent, then the plaintiffs have not nudged their claims across the line from conceivable to plausible.” S.E.C. v. Shields, 744 F.3d 633, 640 (10th Cir. 2014) (quoting Khalik v. United Air Lines, 671 F.3d 1188, 1191 (10th Cir. 2012)). “The nature and specificity of the allegations required to state a plausible claim will vary based on context.” Safe Streets All. v. Hickenlooper, 859 F.3d 865, 878 (10th Cir. 2017) (quoting Kan. Penn Gaming, LLC v. Collins, 656 F.3d 1210, 1215 (10th Cir. 2011)). Thus, while the Rule 12(b)(6) standard does not require that a plaintiff establish a prima facie case in a complaint, the elements of each alleged cause of action may help to determine whether the plaintiff has set forth a plausible claim. Khalik, 671 F.3d at 1191.

         However, “[t]hreadbare recitals of the elements of a cause of action, supported by mere conclusory statements, do not suffice.” Iqbal, 556 U.S. at 678. The complaint must provide “more than labels and conclusions” or merely “a formulaic recitation of the elements of a cause of action, ” so that “courts ‘are not bound to accept as true a legal conclusion couched as a factual allegation.'” Twombly, 550 U.S. at 555 (quoting Papasan v. Allain, 478 U.S. 265, 286 (1986)). “Determining whether a complaint states a plausible claim for relief will . . . be a context-specific task that requires the reviewing court to draw on its judicial experience and common sense.” Iqbal, 556 U.S. at 679. “[W]here the well-pleaded facts do not permit the court to infer more than the mere possibility of misconduct, ” the complaint has made an allegation, “but it has not shown that the pleader is entitled to relief.” Id. (quotation marks and citation omitted).

         ANALYSIS

         Defendants first argue that Plaintiff fails to state plausible claims under federal law; accordingly, the Court will begin by analyzing Plaintiff's claims for violations of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030, et seq. (“CFAA”) and the Defend Trade Secrets Act, 18 U.S.C. § 1836, et seq. (“DTSA”). If Plaintiff does not state plausible federal claims, the Court will determine whether it should exercise supplemental jurisdiction over Plaintiff's state law claims. If it does exercise jurisdiction and/or if Plaintiff states plausible federal claims, the Court will evaluate whether Plaintiff states plausible state law claims.

         I. First Claim for Violations of the CFAA

         Plaintiff alleges against all Defendants violations of the CFAA pursuant to 18 U.S.C. §§ 1030(a)(4), 1030(a)(5)(A), 1030(a)(5)(B), 1030(a)(5)(C), and 1030(g). Section (g) provides a private right of action (under certain circumstances) in this otherwise “criminal” statute:

Any person who suffers damage or loss by reason of a violation of this section may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief. A civil action for a violation of this section may be brought only if the conduct involves 1 of the factors set forth in subclauses (I), (II), (III), (IV), or (V) of subsection (c)(4)(A)(I).

Id.; see also Cloudpath Networks, Inc. v. SecureW2 B.V., 157 F.Supp.3d 961, 972 (D. Colo. 2016). Here, Plaintiff alleges Defendants' conduct falls under subclause (I), “loss to 1 or more persons during any 1-year period ... aggregating at least $5, 000 in value.” 18 U.S.C. § 1030(c)(4)(A)(i)(I); see also Am. Compl. ¶ 59. As such, “[d]amages for a violation involving only conduct described in subsection (c)(4)(A)(i)(I) are limited to economic damages.” 18 U.S.C. § 1030(g).

         Section 1030(a) describes the conduct prohibited by the statute; here, the relevant subsections provide:

(4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5, 000 in any 1-year period;

(5)(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

(B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or

(C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss.

18 U.S.C.A. § 1030. Plaintiff alleges Defendants violated these provisions as follows:

Individual Defendants and Trivent, acting through Individual Defendants, intentionally and knowingly accessed MSC's email accounts, website account, and server without authorization from MSC and/or exceeded any such authorized access, with the intent to defraud MSC by recklessly deleting information and data from the MSC website and email accounts and server. In addition, Biederman and McClure, on behalf of Defendants, intentionally and knowingly deleted thousands of MSC emails without authorization from MSC and/or exceeded any such authorized access, with the intent to defraud MSC by recklessly depriving MSC of vital communications and data which were stored on the email server.

Am. Compl. ¶¶ 60-61. Defendants argue the allegations fail to support that they acted “without authorization, ” since it is undisputed that the individual Defendants were authorized to access Plaintiff's computers before their termination date, November 1, 2018, and all of the alleged conduct occurred before that date. In addition, ...