SEARCH SITE

VIRGINIA LAW PORTAL

SEARCHABLE DATABASES

ACROSS SESSIONS

Developed and maintained by the Division of Legislative Automated Systems.

2017 SESSION

17101150D
SENATE BILL NO. 1090
Offered January 11, 2017
Prefiled January 6, 2017
A BILL to amend and reenact §§ 18.2-152.4, 18.2-152.5, and 18.2-152.12 of the Code of Virginia, relating to computer trespass and computer invasion of privacy for medical information; extortion; penalty; civil relief.
----------
Patron-- Sturtevant
----------
Referred to Committee for Courts of Justice
----------

Be it enacted by the General Assembly of Virginia:

1. That §§ 18.2-152.4, 18.2-152.5, and 18.2-152.12 of the Code of Virginia are amended and reenacted as follows:

§ 18.2-152.4. Computer trespass; penalty.

A. It shall be unlawful for any person, with malicious intent, to:

1. Temporarily or permanently remove, halt, or otherwise disable any computer data, computer programs or computer software from a computer or computer network;

2. Cause a computer to malfunction, regardless of how long the malfunction persists;

3. Alter, disable, or erase any computer data, computer programs or computer software;

4. Effect the creation or alteration of a financial instrument or of an electronic transfer of funds;

5. Use a computer or computer network to cause physical injury to the property of another;

6. Use a computer or computer network to make or cause to be made an unauthorized copy, in any form, including, but not limited to, any printed or electronic form of computer data, computer programs or computer software residing in, communicated by, or produced by a computer or computer network;

7. [Repealed.]

8. Install or cause to be installed, or collect information through, computer software that records all or a majority of the keystrokes made on the computer of another without the computer owner's authorization; or

9. Install or cause to be installed on the computer of another, computer software for the purpose of (i) taking control of that computer so that it can cause damage to another computer or (ii) disabling or disrupting the ability of the computer to share or transmit instructions or data to other computers or to any related computer equipment or devices, including but not limited to printers, scanners, or fax machines; or

10. Place, introduce, or install, or cause to be placed, introduced, or installed, on the computer of another computer software or a computer program for the purpose of taking control of or restricting access to that computer or any associated computer network, or any data therein, and demand the payment of money or anything else of value to remove the computer software or computer program, restore control of or access to that computer or any associated computer network, or data therein, or otherwise remediate the impact of the computer software or computer program.

B. Any person who violates this section is guilty of computer trespass, which shall be a Class 1 misdemeanor. If there is damage to the property of another valued at $1,000 or more caused by such person's act in violation of this section, the offense shall be a Class 6 felony. If Except for a violation of subdivision A 10, if a person installs or causes to be installed computer software in violation of this section on more than five computers of another, the offense shall be a Class 6 felony. If a person violates subdivision A 8, the offense shall be a Class 6 felony. Any person who violates subdivision A 10 is guilty of a Class 5 felony.

C. Nothing in this section shall be construed to interfere with or prohibit terms or conditions in a contract or license related to computers, computer data, computer networks, computer operations, computer programs, computer services, or computer software or to create any liability by reason of terms or conditions adopted by, or technical measures implemented by, a Virginia-based electronic mail service provider to prevent the transmission of unsolicited electronic mail in violation of this article. Nothing in this section shall be construed to prohibit the monitoring of computer usage of, the otherwise lawful copying of data of, or the denial of computer or Internet access to a minor by a parent or legal guardian of the minor

§ 18.2-152.5. Computer invasion of privacy; penalties.

A. A person is guilty of the crime of computer invasion of privacy when he uses a computer or computer network and intentionally examines without authority any employment, salary, credit, or any other financial or identifying information, as defined in clauses (iii) through (xiii) of subsection C of § 18.2-186.3, or any medical information, as defined in § 32.1-127.1:05, relating to any other person. "Examination" under this section requires the offender to review the information relating to any other person after the time at which the offender knows or should know that he is without authority to view the information displayed.

B. The crime of computer invasion of privacy shall be punishable as a Class 1 misdemeanor.

C. Any person who violates this section after having been previously convicted of a violation of this section or any substantially similar laws of any other state or of the United States is guilty of a Class 6 felony.

D. Any person who violates this section and sells or distributes such information to another is guilty of a Class 6 felony.

E. Any person who violates this section and uses such information in the commission of another crime is guilty of a Class 6 felony.

F. This section shall not apply to any person collecting information that is reasonably needed to (i) protect the security of a computer, computer service, or computer business, or to facilitate diagnostics or repair in connection with such computer, computer service, or computer business or (ii) determine whether the computer user is licensed or authorized to use specific computer software or a specific computer service.

§ 18.2-152.12. Civil relief; damages.

A. Any person whose property or person is injured by reason of a violation of any provision of this article or by any act of computer trespass set forth in subdivisions A 1 through A 8 10 of § 18.2-152.4 regardless of whether such act is committed with malicious intent may sue therefor and recover for any damages sustained and the costs of suit. Without limiting the generality of the term, "damages" shall include loss of profits.

B. If the injury under this article arises from the transmission of spam in contravention of the authority granted by or in violation of the policies set by the electronic mail service provider where the defendant has knowledge of the authority or policies of the EMSP or where the authority or policies of the EMSP are available on the electronic mail service provider's website, the injured person, other than an electronic mail service provider, may also recover attorneys' fees and costs, and may elect, in lieu of actual damages, to recover the lesser of $10 for each and every spam message transmitted in violation of this article, or $25,000 per day. The injured person shall not have a cause of action against the electronic mail service provider that merely transmits the spam over its computer network. Transmission of electronic mail from an organization to its members shall not be deemed to be spam.

C. If the injury under this article arises from the transmission of spam in contravention of the authority granted by or in violation of the policies set by the electronic mail service provider where the defendant has knowledge of the authority or policies of the EMSP or where the authority or policies of the EMSP are available on the electronic mail service provider's website, an injured electronic mail service provider may also recover attorneys' fees and costs, and may elect, in lieu of actual damages, to recover $1 for each and every intended recipient of a spam message where the intended recipient is an end user of the EMSP or $25,000 for each day an attempt is made to transmit a spam message to an end user of the EMSP. In calculating the statutory damages under this provision, the court may adjust the amount awarded as necessary, but in doing so shall take into account the number of complaints to the EMSP generated by the defendant's messages, the defendant's degree of culpability, the defendant's prior history of such conduct, and the extent of economic gain resulting from the conduct. Transmission of electronic mail from an organization to its members shall not be deemed to be spam.

D. At the request of any party to an action brought pursuant to this section, the court may, in its discretion, conduct all legal proceedings in such a way as to protect the secrecy and security of the computer, computer network, computer data, computer program and computer software involved in order to prevent possible recurrence of the same or a similar act by another person and to protect any trade secrets of any party and in such a way as to protect the privacy of nonparties who complain about violations of this section.

E. The provisions of this article shall not be construed to limit any person's right to pursue any additional civil remedy otherwise allowed by law.

F. A civil action under this section must be commenced before expiration of the time period prescribed in § 8.01-40.1. In actions alleging injury arising from the transmission of spam, personal jurisdiction may be exercised pursuant to § 8.01-328.1.

2. That the provisions of this act may result in a net increase in periods of imprisonment or commitment. Pursuant to § 30-19.1:4, the estimated amount of the necessary appropriation cannot be determined for periods of imprisonment in state adult correctional facilities; therefore, Chapter 780 of the Acts of Assembly of 2016 requires the Virginia Criminal Sentencing Commission to assign a minimum fiscal impact of $50,000. Pursuant to § 30-19.1:4, the estimated amount of the necessary appropriation cannot be determined for periods of commitment to the custody of the Department of Juvenile Justice.