A number of recent cases have held that since a now former employee was authorized to access and use the employer’s computer systems before they left the company, their access to and improper use of the information after they left the company does not constitute a violation of the CFAA. Jay Westermeier analyzes these cases and suggests a strategy to increase the likelihood of successful use of the CFAA against former employees. He writes:
“Employers have sought to use the private right of action provisions under the Computer Fraud and Abuse Act (CFAA), 18 USC § 1030, against employees who, without the employer's authorization, have taken copies of the employer's proprietary information from the employer's computer systems with them when they leave the company. A number of recent CFAA cases . . . have held that since the employee was authorized to access and use the employer's computer systems before they left the company that their access to this proprietary information and improper use of the information after they left the company does not constitute a violation of the CFAA. In this article I will discuss several of these recent CFAA cases and suggest a strategy to increase the likelihood that the CFAA may be used successfully as a legal strategy against employees who take and use company information for their own benefit after they leave the company.
“The CFAA recognizes private causes of action for individuals damaged by computer fraud. Section (g) of the CFAA permits any person who suffers damage or loss by reason of one of the factors specified in clause (i), (ii), (iii), (iv) or (v) of subsection (a)(5)(B) of Section 18 USC Section 1030 to bring a civil action. A key basis for imposing civil liability under the CFAA is showing that a protected computer has been intentionally accessed without authorization or that the access exceeds authorized access. "[T]he term "exceeds authorized access" means to access a computer with authorization and to use such access to obtain or alter information in the computer that the accessor is not entitled so to obtain or alter. 18 USC § 1030(e)(6). Under the CFAA, private parties may bring claims for the purpose of obtaining compensatory damages and injunctive relief or other equitable relief in the event they suffer damage or loss by reason of a CFAA violation.
“One of the recent CFAA cases illustrating the problem is Condux International, Inc. v. Haugum, 2008 U.S. Dist. LEXIS 100949 (D. Minn. Dec. 15, 2008). In this case, Haugum was a vice president of Global Sales for Condux International. Condux International alleged that Haugum had violated a number of CFAA sections by obtaining confidential business information and misappropriating such confidential information for his own benefit to engage in competition with Condux International after he left Condux International.”
Access the full version of (title of EIA) with your lexis.com ID. Additional fees may be incurred. (Approx. 4 pages.)
If you do not have a lexis.com ID, you can purchase the Emerging Issues Analysis content through our lexisONE Research Packages.