In our blog post titled “Bringing Claims under the Computer Fraud and Abuse Act (CFAA)” and Part XVII published under the series “Cybersecurity Measures to Protect Employers,” we hammered on the benefits and options employers have for bringing claims against former or current employees who have misappropriated trade secrets under the CFAA. Accordingly, there would be no more suitable time to discuss the CFAA in detail and depth than now. In this regard, this blog post is Part XI of our multipart series on the “Enforcement of the Protection of Employers’ Confidential Information & Trade Secrets” after hammering on the “The Economic Espionage Act of 1996 (EEA)” in Part X of the series.
The Computer Fraud and Abuse Act (CFAA)
As discussed in the blog post mentioned above, any employer whose computer network or system has been accessed and damaged by an authorized individual may bring a cause of action through a criminal statute known as the CFAA and pursuant to 18 U.S.C. § 1030. Further, through the provisions of this statute, an employer is empowered and given a chance to assert a claim against a former or current employee who has accessed a business computer(s) or network system(s) and steals or misappropriates confidential information and/or trade secrets.
Thus, the CFAA provides employers with the right and tools for bringing a civil cause of action against any current or former employee who uses the employer-issued electronic devices and accesses, steals, and misappropriates trade secrets. Through the CFAA, employers are able to sue former employees who engage in such misconduct by, for instance, sending trade secrets and/or other confidential information to their own personal e-mail account(s) or copying the same into a portable USB device or hard drive. This criminal statute also gives employers the right to sue such employees even if they attempted to disguise and conceal the misconduct by using computer wiping or data destruction software.
Notably, the CFAA protects any employer whose business and/or personal interest(s) has or have been injured via unauthorized access to a network or computer system that is protected from such access by exceeding their authorization or without the employer’s permission. In the blog mentioned and accessible through the link provided earlier, we noted that an employee who breaches their duty of loyalty to an employer is considered to have engaged in “unauthorized access” by some courts in certain circuits, such as the Seventh Circuit, although “authorization” is not explicitly denied by the CFAA. This is similar to situations where an employer has prohibited access to trade secrets and/or confidential information for non-business reasons through implemented and adopted policies. However, even if the employee uses the information for an improper cause, it is crucial to note that the CFAA is not applicable to situations where the employee did not exceed their “authorization access” while getting the information in question.
In line with our discussion in the blog mentioned earlier, employers enjoy a number of benefits by opting to utilize the CFAA to bring civil claims against employee(s) who has or have engaged in such misconduct as mentioned severally. For starters, the CFAA does not require a demonstration that the information the employee accessed and stole was practically a trade secret on the employer’s part. This is because the CFAA does not focus on the information stolen by the employee but on the wrongful access and stealing of information that the employer considers confidential. Accordingly, even if it does not get to the level of qualifying as a trade secret per se, any confidential business information stolen by an employee should prompt the employer to swing into legal action.
Additionally, through the CFAA’s provisions, employers may benefit from injunctive relief that includes, but is not limited to, a court’s order requiring the employee to return the stolen information, barring any further use of the stolen information by the employee, and/or prohibiting the employee from working for or joining a competitor and looking for work with them. Moreover, as a criminal statute, the CFAA is beneficial to employers since, due to the severe and punitive outcomes an employee may face for accessing an employer’s valuable information without authorization, it deters current employees from engaging in trade secret theft and misappropriation. However, as with the Economic Espionage Act of 1996 (EEA) discussed in the previous blog and Part X of this series, it is perilous for an employer to invoke the powers and arms of the government under the CFAA. This is because an employer risks losing control of a lawsuit’s outcome due to the involvement of the government, which underscores the need for an employer to eventually opt for an arbitration forum after considering a myriad of factors and available options.
In Part XII of this series, we will switch gears and hammer on “Common Law Tort Claims under the UTSA and DTSA.”
As usual, while you should strive to be #UnusuallyMotivated, stay tuned for more education, training, and legal guidance. In the interim, reach out to us with questions and/or comments on our website at the Contact Us page!
Always rising above the bar,
Isaac T.,
Legal Writer, Author, & Publisher.