No one likes being fired, and there may be an “urge” to get back at the employer for doing the deed against you. Our lesson to you: do not mess with your employer’s computers, servers, and/or any employer-provided laptop or smart phone. If you do, you are inviting trouble. If you leave a job with company information that you acquired through access to your former employer’s computers or networks, you may be susceptible to civil and potentially criminal charges under the Computer Fraud and Abuse Act (“CFAA”). The CFAA was originally passed as a means to prosecute hackers. In recent years, many employers have utilized the CFAA as a tool to combat employee data theft, destruction and/or deletion of data, including emails, documents, presentations, contact lists and a wide-range of other information that can be stored electronically. Section 1030(a)(4) of the CFAA prohibits a person from, “knowingly and with intent to defraud, access[ing] a protected computer without authorization or [from] exceed[ing] authorized access . . . .” A “protected computer” refers to any computer, “used in or affecting interstate or foreign commerce or communication.” Essentially, this refers to any computer connected to the Internet. To “exceed authorized access” means to, “access a computer with authorization and to use such access to obtain or alter information in the computer that the [employee] is not entitled . . . to obtain or alter.” In order to bring a charge under the CFAA the employer must argue that an employee illegally acquired or altered company information by accessing the employer’s computer systems without authorization or in a manner that exceeded the employee’s authorization to access those systems. In addition, the employer must show damages that exceed $5,000.00. Whether an employer will be able to make this showing depends on where they are located, as the definition of “unauthorized access” varies. Some courts have interpreted the CFAA very broadly. These courts hold that an employee’s right to access his or her employer’s computers and other computing devices ends when he or she makes the decision to act against the company’s interest. At that point, any future access is unauthorized or in excess of authorization. Other courts have interpreted the CFAA much more narrowly. These courts say that the CFAA’s unauthorized access provisions apply only to outside individuals accessing computers without permission or employees whose access has been revoked. While the narrower interpretation limits the applicability of the CFAA, employees still have to be careful. Some states may have their own laws on this subject. In addition, an employee could still be sued under state tort common law claims, as well as for breach of contract if the employee has entered into a written agreement with the employer. Lebau & Neuworth attorneys have experience in defending against CFAA claims. Contact us if needed. However, the best advice is just don’t do put yourself in a position where you may have to defend against such claims.
