One of the benefits of bringing claims under the CFAA is that, through the provisions of this statute, an employer is empowered and given a chance to assert a claim against a former or current employee who has accessed a business computer(s) or network system(s) and steals or misappropriates confidential information and/or trade secrets. Furthermore, in certain courts and under some circumstances, employers may be able to assert that the damages provided for under the statute should include costs associated with forensic examinations or litigation processes.
At this point, we have switched gears to focus on “The Computer Fraud and Abuse Act’s Statute of Limitations” in this blog post and Part VIII of our series. For the purposes of the record, the information discussed in this and all the previous blog posts under this series was current as of May 25, 2021.
The Computer Fraud and Abuse Act’s Statute of Limitations
Pursuant to 18 U.S.C. § 1030(g), the law requires that CFAA claims must be brought within two years of (1) the date of the discovery regarding the unauthorized access and/or damage and (2) the date of the occurrence of the unauthorized access. This is the statute of limitations provided for all CFAA claims. As we mentioned in the previous blog post, “Bringing Claims under the Computer Fraud and Abuse Act (CFAA),” employers can enjoy a variety of benefits by bringing claims under the CFAA and within the provided statute of limitations. In the post, we mentioned that “Van Buren v. United States” was a landmark case because while the Supreme Court’s decision broadly impacted the deployment of the CFAA against employees involved with unauthorized access to computer systems, the decision also narrowed the scope of liability, particularly concerning the CFAA’s prong of “exceeds authorized access.”
Regarding this matter, employers must evaluate and assess any associated risks and specific situations when they wish to assert and bring CFAA claims against employees, whether former or current. Accordingly, employers may enjoy several potential benefits when they bring CFAA claims, as long as they have a good-faith basis for asserting such claims based on the actions of former or current employees in line with the availability of the right facts. Such benefits include, but are not limited to the following:
- Employers are not required to demonstrate or show that trade secret(s) was or were stolen by the employee. Rather, they are only required to demonstrate that the information in question was wrongfully accessed by the employee.
- Pursuant to 18 U.S.C. § 1030(g), employers are provided with the option of seeking injunctive relief under the CFAA in an attempt to ensure that the protected information is not used or disseminated to third parties.
- The CFAA’s provisions serve as a deterrent for former and/or current employees who might be tempted or considering engaging in misappropriating trade secrets and/or confidential information-and-
- In line with CFAA’s statute of limitations, employers demonstrate the seriousness of their actions by bringing claims against former or current employees under a criminal statute.
This blog post and Part XVIII concerning the statute of limitations of the Computer Fraud and Abuse Act (CFAA) concludes our series on “Cybersecurity Measures to Protect Employers.” We hope and believe that the blog posts published under this series act as hands-on guides into those measures employers may take to protect and ensure the security of their trade secrets and/or confidential information. Accordingly, we are confident that you, our unusually motivated® readers, have the right tools to stay ahead of the game when it comes to protecting your trade secrets and/or confidential information.
While you should remain unusually motivated®, stay tuned for more legal guidance, training, and education. In the meantime, if you have any questions or comments, please let us know at the Contact Us page!
Always rising above the bar,
Isaac T.,
Legal Writer, Author, & Publisher.