Vigilant Blog

News, trends and analysis in employment law, HR, safety & workers' comp

May 25, 2011

Exceeding computer permissions for fraudulent purposes is a crime


Employees are criminally liable for violation of the Computer Fraud and Abuse Act (CFAA) if they go beyond the restrictions in the employers computer use policies with an intent to defraud, and as a result are able to obtain anything of value, ruled the Ninth Circuit U.S. Court of Appeals. An executive left employment to start a competing business, and persuaded three employees at his former employer to pass along information from a company-owned proprietary database. Fortunately for the company, it had taken numerous measures to inform employees that disclosure or use of the database for non-business purposes was prohibited. When criminal charges were filed, the employees admitted violating the employers policy, but argued that the CFAA was intended for prosecution of hackersoutsiders who lacked any authorization to use the companys computers. The court ruled against the employees because the employers restrictions on its computer usage were so clearly communicated, that the employees definitely exceeded authorized access under the statute (United States v. Nosal, 9th Cir, April 2011).

Tips: Consider following this employers lead in protecting your trade secrets: Assign unique usernames and passwords, restrict physical access to the servers containing the data, require employees to agree in writing that the information is proprietary and can only be used or disclosed for legitimate company business, place your organizations name and the phrase proprietary and confidential on every report generated by the database, and have a warning screen pop up when an individual logs into the system that the information belongs to the employer and that accessing it without proper authority can lead to disciplinary action or criminal prosecution.

This website presents general information in nontechnical language. This information is not legal advice. Before applying this information to a specific management decision, consult legal counsel.