The conflict between technological interests of employers and employees becomes particularly fraught when an employee decides to leave a company and work for a competitor. A departing employee may use his or her last few days of computer access to download or email files from the employer’s computers and/or network. Employers may interpret such conduct as being indicative of an effort to expose or share confidential and/or proprietary information of their company with a competitor. When employers discover this potential misappropriation of trade secrets, they may look to protect their trade secrets using laws governing computer fraud.
The Computer Fraud and Abuse Act (CFAA) of 1986 governs unauthorized computer use at the federal level. The CFAA was first used against people who intentionally (1) accessed a computer they did not have authorization to use and/or (2) exceeded the limits of the authorized use of a computer to which they had previously been granted access. The CFAA also contains language that allows those who suffer damages or losses because of this kind of conduct to seek relief. While this legislation originally was designed to criminalize computer hacking, employers have used this “damage or loss” clause to sue former employees who allegedly have used their final days at a company to misappropriate proprietary company information. California has a similar statute, the Comprehensive Computer Data Access & Fraud Act (CCDAFA).
It is not always easy to determine what constitutes “unauthorized access” to computers under the CFAA. This is particularly true in employment law, though courts have tended to agree that the CFAA clearly prohibits employees from accessing computer networks when they lack any authorization to use those networks whatsoever. However, in cases where an employee is granted some access to computer networks, courts have split on whether an employee with general computer network permissions exceeds authorized access (as defined by the CFAA) by using this access for an unauthorized purpose. When an employee obtains information from areas of a computer or computer system to which they have not been granted access, at any time, some courts have held that the employee is in violation of the CFAA. Further, there is no dispute that a competitor or former employee who accesses through impersonation of another or hacks into the former employer’s computer system or Website violates the statute.
Computer Fraud: How We Can Help
The U.S. Supreme Court’s Van Buren vs. United States decision narrowed the scope of CFAA and made it more difficult to sue former employees for accessing company information before leaving a job. Because Van Buren found no violation of CFFA for employees accessing areas of the computer network during employment that they lacked authorization to access, there are some preventative steps that may be taken by the employer to prevent misappropriation of its trade secrets or proprietary information. Employers should reassess their computer and privacy policies and place more safeguards between employees and sensitive information. Companies may ensure departing employees have access to fewer sources of trade secrets or proprietary information by revisiting their internal information access controls. Employers can take steps to ensure employee users are only allowed access to the least privileged information possible on company systems and reassess these needs when an employee moves into different roles within the company.
The computer fraud attorneys at Payne & Fears know that sometimes the best defense against computer fraud and allegations of misappropriation is to work to prevent unauthorized access in the first place. Our attorneys counsel employers on policies and agreements as safeguards against computer fraud, the latest changes to laws governing computer fraud lawsuits, and establishing ongoing assessments of employer policies and permitted access to computer systems to protect proprietary information. Our goal is to help clients maintain the integrity of employers’ proprietary information and avoid the need for litigation wherever possible.
Sometimes litigation simply is not avoidable, particularly when a competitor or former employee is intent on stealing company data. When problems arise, we leverage our years of experience handling fraud and misappropriation claims to help clients protect their valuable information. Our computer fraud attorneys have the experience and skills to move quickly to obtain restraining orders, expedited discovery, and preliminary injunctions, if necessary, to uphold our clients’ rights and recover stolen information. Having been through many battles, we work closely with forensic experts in litigation to search for, recover our clients’ valuable information, and make sure it is destroyed on the wrongdoer’s electronic devices in a forensically sound manner.