As employers continue their efforts to protect their proprietary and trade secret information from theft and improper use by departing employees, they have looked to various federal and state statutes for assistance. One of the statutes increasingly utilized by employers is the federal Computer Fraud and Abuse Act (“CFAA”).
The CFAA prevents an employee or former employee from knowingly causing “the transmission of a program, information, code or command, and as result of such conduct, intentionally caus(ing) damage without authorization, to a protected computer . . .” Thus, the CFAA covers the intentional access to a computer by an employee or former employee without authorization or the employee’s or former employee’s obtaining information by exceeding the employee’s or former employee’s authorized access to such computer.
When applying the CFAA, the courts have given the statute a broad interpretation. In Shurguard Storage Centers, Inc. v. Safeguard Self-Storage, Inc., the court found the CFAA applied to the use of Shurguard Storage Centers, Inc.’s computer by former employees to transmit trade secrets and proprietary information to Safeguard Self-Storage, Inc. by email. In International Airport Centers v. Citrin, the court found the CFAA applied to a former employee who deleted trade secret and proprietary information from his company-supplied laptop prior to his forming a competing business because he installed a program on the laptop which made the recovery of the deleted information impossible prior to forming a competing business. Finally, in Charles Schwab & Co. v. Carter, the court found the CFAA applied to a former employee’s copying to DVD and transmittal by e-mail of trade secret and proprietary information to his new employer, even though the former employer was closing the division in which the former employee worked.
Violation of the CFAA subjects the violator to possible fines and imprisonment of up to 20 years. In addition, the CFAA provides civil remedies that entitle the employer to injunctive relief and damages, such as those directly related to the employee’s unauthorized use of the computer, the expenses incurred in accessing the damage caused by the unauthorized use, security updates, data restoration and replacement costs, lost revenues and any other damages related to the impairment or interruption of use of the employer’s computer. The only condition precedent to such recovery is that the damages must exceed $5,000.
The CFAA offers employers several advantages over contractual restrictive covenants and state trade secret statutes. The CFAA permits the employer to bring its cause of action in federal court where litigation proceeds more quickly than in state court. Additionally, unlike the protections offered by restrictive covenants and state trade secret statutes, the CFAA focuses on the unauthorized use of the employer’s computer system, not on whether the information the employer seeks to protect was sufficiently confidential to be protected by the restrictive covenant or trade secret statute. Thus, employers may bring an action for violation of the CFAA even if the employee is not subject to a restrictive covenant or has not violated a trade secret statute.
If you have a question about the protection of proprietary and trade secret information or the CFAA, please telephone a member of the firm.