GENERAL ASSEMBLY OF NORTH CAROLINA
SESSION 2025
H 1
HOUSE BILL 608
Short Title: Protect Health and Gov't Personnel Info. (Public)
Sponsors: Representatives Rubin, Ball, Lofton, and R. Pierce (Primary Sponsors).
For a complete list of sponsors, refer to the North Carolina General Assembly web site.
Referred to: Judiciary 2, if favorable, State and Local Government, if favorable, Rules,
Calendar, and Operations of the House
April 1, 2025
*H608 -v-1*
A BILL TO BE ENTITLED 1
AN ACT TO PROVIDE AD DITIONAL PROTECTIONS FOR PROTECTED HEALT H 2
INFORMATION AND GOVE RNMENT EMPLOYEE PERS ONNEL INFORMATION. 3
Whereas, people throughout North Carolina provide sensitive health information to 4
their doctors, hospitals, and other health care providers, and they often provide sensitive health 5
information as part of key government programs like Medicare and Medicaid; and 6
Whereas, federal, State, and local government employees are frequently required to 7
provide sensitive personal information to the government as part of their hiring and employment, 8
and this sensitive information is entrusted to the government to care for in accordance with strict 9
procedures; and 10
Whereas, unauthorized copying of these sensitive forms of data can lead to lasting 11
injury to those affected; and 12
Whereas, North Carolina's Computer Trespass offense criminalizes unauthorized 13
copying of computer data but lacks an automatic minimum amount of damages for 14
misappropriation of protected health information or government personnel files; Now, therefore, 15
The General Assembly of North Carolina enacts: 16
SECTION 1. G.S. 14-458 reads as rewritten: 17
"§ 14-458. Computer trespass; penalty. 18
(a) Except as otherwise made unlawful by this Article, it shall be unlawful for any person 19
to use a computer or computer network without authority and with the intent to do any of the 20
following: 21
(1) Temporarily or permanently remove, halt, or otherwise disable any computer 22
data, computer programs, or computer software from a computer or computer 23
network. 24
(2) Cause a computer to malfunction, regardless of how long the malfunction 25
persists. 26
(3) Alter or erase any computer data, computer programs, or computer software. 27
(4) Cause physical injury to the property of another. 28
(5) Make or cause to be made an unauthorized copy, in any form, including, but 29
not limited to, any printed or electronic form of computer data, computer 30
programs, or computer software residing in, communicated by, or produced 31
by a computer or computer network. 32
(6) Falsely identify with the intent to deceive or defraud the recipient or forge 33
commercial electronic mail transmission information or other routing 34 General Assembly Of North Carolina Session 2025
Page 2 House Bill 608-First Edition
information in any manner in connection with the transmission of unsolicited 1
bulk commercial electronic mail through or into the computer network of an 2
electronic mail service provider or its subscribers. 3
For purposes of this subsection, a person is "without authority" when (i) the person has no 4
right or permission of the owner to use a computer, or the person uses a computer in a manner 5
exceeding the right or permission, or (ii) the person uses a computer or computer network, or the 6
computer services of an electronic mail service provider to transmit unsolicited bulk commercial 7
electronic mail in contravention of the authority granted by or in violation of the policies set by 8
the electronic mail service provider.provider, or (iii) in the case of computer data that is in a 9
personnel file of a local, State, or federal government employee, the person has no authority 10
under local, State, or federal law to view or otherwise access that information or has willfully 11
failed to follow the requirements of the local, State, or federal law granting such authority. For 12
purposes of this subsection, the term "personnel file" is as defined in G.S. 1-539.2A. 13
(b) Any person who violates this section shall be guilty of computer trespass, which 14
offense shall be punishable as a Class 3 misdemeanor. If there is damage to the property of 15
another and the damage is valued at less than two thousand five hundred dollars ($2,500) caused 16
by the person's act in violation of this section, the offense shall be punished as a Class 1 17
misdemeanor. If there is damage to the property of another valued at two thousand five hundred 18
dollars ($2,500) or more caused by the person's act in violation of this section, the offense shall 19
be punished as a Class I felony. 20
(c) Any person whose property or person is injured by reason of a violation of this section 21
may sue for and recover any damages sustained and the costs of the suit pursuant to 22
G.S. 1-539.2A. 23
(d) It is not a violation of this section for a person to act pursuant to Chapter 36F of the 24
General Statutes." 25
SECTION 2. G.S. 1-539.2A reads as rewritten: 26
"§ 1-539.2A. Damages for computer trespass. 27
(a) Any person whose property or person is injured by reason of a violation of 28
G.S. 14-458 may sue for and recover any damages sustained and the costs of the suit. Without 29
limiting the general of the term, "damages" shall include loss of profits. If the injury arises from 30
the transmission of unsolicited bulk commercial electronic mail, the injured person, other than 31
an electronic mail service provider, may also recover attorneys' fees and may elect, in lieu of 32
actual damages, to recover the lesser of ten dollars ($10.00) for each and every unsolicited bulk 33
commercial electronic mail message transmitted in violation of this section, or twenty-five 34
thousand dollars ($25,000) per day. The injured person shall not have a cause of action against 35
the electronic mail service provider which merely transmits the unsolicited bulk commercial 36
electronic mail over its computer network. If the injury arises from the transmission of unsolicited 37
bulk commercial electronic mail, an injured electronic mail service provider may also recover 38
attorneys' fees and costs and may elect, in lieu of actual damages, to recover the greater of ten 39
dollars ($10.00) for each and every unsolicited bulk commercial electronic mail message 40
transmitted in violation of this section, or twenty-five thousand dollars ($25,000) per day. 41
(a1) If the injury arises from a violation of G.S. 14-458 involving trespass to computer 42
data that is protected health information, the injured person may sue and recover for each 43
violation the greater of the damages sustained or five thousand dollars ($5,000) and the costs of 44
the suit. 45
(a2) If the injury arises from a violation of G.S. 14-458 involving trespass to computer 46
data that is in the personnel file of a local, State, or federal employee, the injured person may sue 47
and recover for each violation the greater of the damages sustained or five thousand dollars 48
($5,000) and the costs of the suit. 49
(b) A civil action under this section shall be commenced before expiration of the time 50
period prescribed in G.S. 1-54. In actions alleging injury arising from the transmission of 51 General Assembly Of North Carolina Session 2025
House Bill 608-First Edition Page 3
unsolicited bulk commercial electronic mail, personal jurisdiction may be exercised pursuant to 1
G.S. 1-75.4. 2
(c) The following definitions apply in this section: 3
(1) Damages. – Includes loss of profits. 4
(2) Personnel file. – Any employment-related or personal information gathered 5
by an employer about its employee. Employment-related information includes 6
information related to an individual's application, selection, promotion, 7
demotion, transfer, leave, salary, contract for employment, benefits, 8
suspension, performance evaluation, disciplinary actions, and termination. 9
Personal information includes an individual's home address, social security 10
number, medical history, personal financial data, marital status, dependents, 11
and beneficiaries. 12
(3) Protected health information. – As defined in 45 C.F.R. § 160.103." 13
SECTION 3. This act becomes effective July 1, 2025, and applies to offenses 14
committed on or after that date. 15