63D-3 - Unauthorized Access to Information Technology
Title 63D > 63D-3
Sections (6)
Computer Abuse and Data Recovery Act
63D-3-101 - Title.
63D-3-101(1) This chapter is known as “Unauthorized Access to Information Technology.” 63D-3-101(2) This part is known as “Computer Abuse and Data Recovery Act.”
63D-3-102 - Definitions.
As used in this part, the term: 63D-3-102(1) “Authorized user” means, for a protected computer:
the protected computer’s owner; or an individual who has permission to access the protected computer under Section 63D-3-103. 63D-3-102(2) “Computer” means an electronic, magnetic, optical, electrochemical, or other high-speed data processing device that performs logical, arithmetic, or storage functions. “Computer” includes any data storage device, data storage facility, or communications facility that is directly related to or that operates in conjunction with the device described in Subsection (2)(a). 63D-3-102(3) “Damage” means, for a protected computer’s owner, the cost associated with an individual’s unauthorized access to information stored on a protected computer. “Damage” includes: the cost of repairing or restoring a protected computer; economic damages; consequential damages, including interruption of service; and profit by the individual from the unauthorized access to the protected computer. 63D-3-102(4) “Harm” means any impairment to the integrity, access, or availability of:
data; a program; a system; or information. 63D-3-102(5) “Owner” means a person who:
owns or leases a protected computer; or owns the information stored in a protected computer. 63D-3-102(6) “Protected computer” means a computer that: is used in connection with the operation of a business, state government entity, or political subdivision; and requires a technological access barrier for an individual to access the computer. “Protected computer” does not include a computer that an individual can access using a technological access barrier that does not, to a reasonable degree of security, effectively control access to the information stored in the computer. 63D-3-102(7) “Technological access barrier” means a password, security code, token, key fob, access device, or other digital security measure. 63D-3-102(8) “Traffic” means to sell, purchase, or deliver. 63D-3-102(9) “Unauthorized user” means an individual who, for a protected computer:
is not an authorized user of the protected computer; and accesses the protected computer by: obtaining, without an authorized user’s permission, the authorized user’s technological access barrier; or circumventing, without the permission of the protected computer’s owner, a technological access barrier on the protected computer.
63D-3-103 - Permission to access a protected computer — Revocation.
63D-3-103(1) Subject to Subsections (2) and (3), an individual has permission to access a protected computer if:
the individual is a director, officer, employee, agent, or contractor of the protected computer’s owner; and the protected computer’s owner gave the individual express permission to access the protected computer through a technological access barrier. 63D-3-103(2) If a protected computer’s owner gives an individual permission to access the protected computer, the permission is valid only to the extent or for the specific purpose the protected computer’s owner authorizes. 63D-3-103(3) An individual’s permission to access a protected computer is revoked if:
the protected computer’s owner expressly revokes the individual’s permission to access the protected computer; or the individual ceases to be a director, officer, employee, agent, or contractor of the protected computer’s owner.
63D-3-104 - Prohibited acts.
63D-3-104(1) An unauthorized user of a protected computer may not, knowingly and with intent to cause harm or damage:
obtain information from the protected computer and, as a result, cause harm or damage; cause the transmission of a program, code, or command to the protected computer, and, as a result of the transmission, cause harm or loss; or traffic in any technological access barrier that an unauthorized user could use to access the protected computer. 63D-3-104(2) An individual who violates Subsection (1) is liable to a protected computer’s owner in a civil action for the remedies described in Section 63D-3-105.
63D-3-105 - Remedies.
63D-3-105(1) A person who brings a civil action against an individual for a violation of Section 63D-3-104 may:
recover actual damages, including the person’s: lost profits; economic damages; and reasonable cost of remediation efforts related to the violation; recover consequential damages, including for interruption of service; recover, from the individual, the individual’s profit obtained through trafficking in anything obtained by the individual through the violation; obtain injunctive or other equitable relief to prevent a future violation of Section 63D-3-104; and recover anything the individual obtained through the violation, including: misappropriated information or code; a misappropriated program; and any copies of the information, code, or program described in Subsections (1)(e)(i) and (1)(e)(ii). 63D-3-105(2) A court shall award reasonable attorney fees to the prevailing party in any action arising under this part. 63D-3-105(3) The remedies available for a violation of Section 63D-3-104 are in addition to remedies otherwise available for the same conduct under federal or state law. 63D-3-105(4) A person may not file a civil action under Section 63D-3-104 later than three years after the day on which:
the violation occurred; or the person discovers the violation; or the person should have discovered the violation if the person acted with reasonable diligence to discover the violation.
63D-3-106 - Exclusions.
63D-3-106(1) This section does not prohibit a lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency, regulatory agency, or political subdivision of this state, another state, the United States, or a foreign country. 63D-3-106(2) This part does not apply to a provider of:
an interactive computer service as defined in 47 U.S.C. Sec. 230(f); or an information service as defined in 47 U.S.C. Sec. 153.