Skip to main content
Legal Alert

9th Circuit Revives Computer Fraud and Abuse Act for Employers

9th Circuit Revives Computer Fraud and Abuse Act for Employers

Update Those "Use of Company Property" Policies

The Ninth Circuit last week gave back to employers what it took away in 2009.

In U.S. v. Nosal, a criminal case involving theft of computer database information by employees from executive search firm Korn-Ferry, the Ninth Circuit was asked to analyze what an employer must show in order have an employee's actions fall within the federal Computer Fraud and Abuse Act, 18 U.S.C. §1030 et seq.("CFAA"). Since a Ninth Circuit decision in 2009, if an employer allowed any computer access to employees, the CFAA was presumed not to apply.

In Nosal, the Ninth Circuit rejected that approach. The court held that an employee "exceeds authorized access" of an employer's computer data for purposes of the CFAA when he or she violates an employer's computer access policies with an intent to defraud the employer. Because the CFAA provides for both civil and criminal penalties—a substantial deterrent—as well as affording employers  access to federal court, it can be a potent tool in combating employee data theft.

Key to the ability to use the CFAA as a deterrent, however, is having good policies that clearly define the permissible uses of your computer system. This might be a good time to revisit "use of company property" or "use of electronic data" policies and to place explicit restrictions on employees' use of computers and the information on them.