Utah Enacts New Laws Addressing Post-Employment Restrictions and Unauthorized Computer Use
Utah has enacted two new laws of importance to employers concerned about trade secrets, customer relationships, and other protectable interests in its 2016 legislative session. The first statute, the Post-Employment Restrictions Act (Utah Code § 34-51-101, et seq.), sets a one-year time limit on non-competition agreements entered into on or after May 10, 2016. The second statute, the Computer Abuse and Data Recovery Act (Utah Code § 63D-3-103, et seq.), establishes a state cause of action with an arguably broader reach than the Computer Fraud and Abuse Act (18 U.S.C. § 1030).
Post-Employment Restrictions Act
The Post-Employment Restrictions Act is the result of a limited consensus in the Utah legislature following extensive attention from the Utah business community. The Post-Employment Restrictions Act applies only to non-competition agreements and specifically exempts non-solicitation agreements, non-disclosure agreements, and confidentiality agreements from the definition of a post-employment restrictive covenant. Additionally, the Act excepts severance agreements entered into at or after discharge or restrictions that arise out of the sale of a business. An employer that seeks to enforce an unenforceable non-competition agreement is liable for the attorneys’ fees and actual damages of the employee.
Initially, the Utah House of Representatives had enacted a version of the Post-Employment Restrictions Act that would have prohibited non-competition agreements entirely. Following passage by the Utah House, the Act received extensive attention and dozens of witnesses testified in Utah Senate hearings regarding the bill. Following the hearings, the proposed Act was significantly changed and ultimately imposed merely a one-year time limit on such agreements and a provision allowing employees to recover attorneys’ fees and damages if a court determines the non-competition agreement is unenforceable.
Computer Abuse and Data Recovery Act
The Computer Abuse and Data Recovery Act was passed without significant attention from the business community, but it affords potentially substantial help to employers. While the statute provides a broad range of damages in the event of generic unauthorized access to a computer, such as by a hacker or in a divorce setting, it also contains provisions of interest to employers. The Act defines permission to access a computer “only to the extent or for the specific purpose the protected computer’s owner authorizes.” Utah Code § 6D-3-103(2). This language apparently was intended to create a state cause of action consistent with the broad construction of the federal Computer Fraud and Abuse Act as interpreted by the First, Fifth, Seventh, and Eleventh Circuits, rather than the narrow construction as interpreted by the Second, Fourth, and Ninth Circuits. See Second Circuit Adopts Narrow Construction of Federal Computer Fraud Statute, Joins Circuit Split.
The Computer Abuse and Data Recovery Act permits the recovery of actual damages, lost profits, economic damages, and injunctive relief. The Computer Abuse and Data Recovery Act certainly will provide an important supplement to the protection available under the Utah Uniform Trade Secrets Act (Utah Code § 13-24-1, et seq.), see Utah Supreme Court Adopts Presumption of Harm in Trade Secret Litigation.
These two statutes highlight the importance of a broader trade secret protection approach that incorporates tailored and enforceable agreements, computer usage and access policies, and access restrictions. Such agreements and policies often will deter employees from engaging in inappropriate conduct. When deterrence fails, employers will have a mix of remedies available under common law for enforcement of restrictive covenants and under statutory law for computer abuse or theft of trade secrets.