May 22, 2012

The Computer Fraud and Abuse Act: A New Tool for Protecting Information

Much Shelist, P.C.
Much Shelist, P.C.
Monday, June 1, 2009
Communications, Media & Internet / Criminal Law / Business Crimes / Intellectual Property / Labor & Employment
All Federal / Illinois / All States
Printer-friendly
Email this Article
Download PDF
Reprints & Permissions

Cutting-edge office technology—particularly computer technology—is the lifeblood of the 21st century business platform. The efficient management and flow of information is no longer a vague concept to which successful businesses pay mere lip service. Information is king, and burgeoning IT departments consume ever-increasing percentages of today’s operating budgets.

Technology’s rapid ascendance has transformed the manner in which businesses now compete, and as is so often the case with revolutionary change, the benefits realized are mitigated by unforeseen challenges. In the technology realm, perhaps the greatest challenge is managing information flow in a manner that ensures both accessibility and security. This is particularly important in the context of today’s fast-paced and fluid business world, where employee longevity and loyalty seem to be waning.

CFAA Emerges as a Potential New Tool

From the relative obscurity of the white-collar criminal world, where it was originally enacted to combat illegal computer hacking, the Computer Fraud and Abuse Act (CFAA) is increasingly being invoked by employers to prosecute former employees who surreptitiously co-opt confidential or proprietary information from a company’s computer system prior to leaving their employment. The June 2006 issue of the Litigation & Counseling Alert provided insight into the Illinois Trade Secrets Act, which can be a very useful tool in addressing departed employees who seek to compete with their former employer by using confidential information acquired during employment. However, a successful trade secret claim requires more than mere proof that the employee misappropriated information. A company must also show that the information in question provided an economic value by virtue of the fact that it is not otherwise available to the company’s competitors. In addition, the employer is required to prove that it took reasonable steps to protect the secrecy of the misappropriated information.

In marked contrast, the employer’s burden of proof under the CFAA is relatively simple. Among other things, proof of a CFAA claim does not depend upon the confidential nature or content of the misappropriated information, nor does it require the existence of internal controls to protect the information in question. In order to assert a CFAA claim, the employer need only establish two relatively simple jurisdictional requirements: 1) that the employee accessed a “protected computer,” and 2) that the employer suffered at least one of five statutorily prescribed harms.

As defined by the CFAA, a “protected computer” is any computer that is used in interstate or foreign commerce—in other words, any computer connected to the Internet or an interstate intranet, even if the employee’s use is strictly local in nature. As for proof of a requisite harm, the CFAA identifies five different types, of which the most easily established is a “loss” that amounts to at least $5,000 in value and accrues over a period of time of up to one year. As interpreted by relevant case authority, the “loss” required in order to make out a CFAA claim can be comprised of a number of different components, including costs incurred in responding to a suspected employee misappropriation, the cost of obtaining damage estimates, the cost of restoring of data and any related loss of revenue.

Once the employer has satisfied those two jurisdictional requirements, there are seven types of misconduct that constitute a CFAA claim. In a typical employment-related misappropriation scenario, the most adaptable claim involves proof that an employee accessed a “protected computer” without authorization and obtained confidential information by dishonest means. Because an employee generally has authority to access the information that he or she is alleged to have wrongfully appropriated, the biggest challenge for the employer in establishing a CFAA claim is showing that the misappropriation occurred as a result of “unauthorized access.”

Looking Ahead

The good news for employers is that recent cases interpreting the CFAA in a civil context suggest a shift toward a more liberal interpretation of “unauthorized access.” As that trend evolves, the protections afforded to employers under the CFAA should expand.

As a federal statute, the CFAA’s protections are currently available only in federal court; however, for companies located in the greater Chicago area, there is little additional inconvenience or expense involved in litigating claims against former employees in the federal district court, as opposed to the state court. The attorneys in Much Shelist’s Litigation & Dispute Resolution practice group can help companies assess whether the CFAA can or should be invoked on their behalf in dealing with future employee misappropriation claims.

© 2010 Much Shelist Denenberg Ament & Rubenstein, P.C.

About the Author

Much Shelist, P.C.

Much Shelist is a full-service business law firm based in Chicago. Since our founding in 1970, and as we have grown to approximately 85 attorneys, we have nurtured a collaborative culture that emphasizes sophisticated, senior-level attention to client matters, combined with a collegial, creative atmosphere that allows us to deliver the highest level of service to every client. In addition, we are firmly committed to remaining independent, thus creating an environment of stability for our clients and our attorneys.

We serve as...

info@muchshelist.com
312-521-2000
www.muchshelist.com

Boost: AJAX core statistics

Legal Disclaimer

You are responsible for reading, understanding and agreeing to the National Law Review's (NLR’s) and the National Law Forum LLC's  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on www.NatLawReview.com are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.  

Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. NLR does not accept advertising from attorneys or law firms. The National Law Review is not a law firm nor is www.NatLawReview.com  intended to be an advertisement or a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional.  NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. 

Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.