The Computer Fraud and Abuse Act (“CFAA”) is a federal law that has been appearing in lawsuits brought by employers against their former employees at an ever increasing rate. The CFAA prohibits employees from accessing their employer’s electronic information without authorization, and includes both criminal and civil causes of action. Specifically, the CFAA makes it illegal for an employee to “knowingly and with the intent to defraud, access a protected computer without authorization, or exceed authorized access, and by means of such conduct further the intended fraud and obtain anything of value.”
In Massachusetts to date, there has been a split among judges that have interpreted the law. On the one hand, some judges interpret the CFAA narrowly to only prohibit “hacking,” but on the other hand, some judges have interpreted the CFAA broadly to prohibit an employee’s misuse of an employer’s electronic information, even when the employee was authorized to access it in the first place.
The CFAA is a potentially powerful weapon for employers because a prevailing employer is entitled to be reimbursed by the employee for a forensic review of any computers used by the employee to determine what the employee might have copied or deleted when he separated from employment. In addition to increasing the damages that an employer may recover, the CFAA can also help the former employer in a non-competition case against its former employee by effectively isolating the employee from his or her new employer. While it is common for a new employer to indemnify the employee that it hires in breach of a non-competition clause, it would be far less likely to do so in the face of federal criminal fraud charges under the CFAA.
Ultimately, employers and employees should take two things from potential CFAA suits: 1) employers should clearly define the servers and electronic systems that its employees are permitted to access; and 2) employees should err on the side of caution and only access electronic information that they know they are permitted to access or reach out to the employer to confirm authorization.
Defamation is a legal concept designed to protect individuals and organizations from false statements that…
Homestead protection shields a primary residence by requiring certain creditors to wait for the payment…
Jon Friedmann was recently featured in Massachusetts Lawyers Weekly for his analysis of a significant…
EMRG LLC, the owner of a property in Scituate, Massachusetts, filed a complaint containing counts…
Alexander Tsianatelis will serve as a panelist at the Boston Bar Association program, “Decoding the…
The distinctions between a statute of limitation and a statute of repose are both technical…