COVID-19 Alert   We have changed our procedures for COVID-19.   Learn More
What to consider when laying off employees due to COVID-19. Learn More

Computer Fraud and Abuse Act

The Computer Fraud and Abuse Act (18 U.S.C.S. 1030) is seemingly becoming the lawsuit du jour. The difference between the CFRA and other cases? The employer is suing former employees.

The CFRA was initially enacted to provide civil and criminal penalties against hackers and spammers. It prohibits fraudulent or unauthorized access to protected computers. In recent years, employers have used the CFRA to obtain injunctive and monetary relief against departing employees and the companies that hire them. Unlike a trade secret violation case or an unfair competition case, the employer does not have to show that the employee obtained or used confidential or trade secret information. The employer only needs to show that the employee accessed a protected computer system without authorization and the employer suffered at least $5,000.00 in damages.

When an employee accepts a new job prior to leaving his or her old job, but continues to access the computer system at the old job, there is a potential that the access was “unauthorized.” Many employers are alleging that the departing employee was “acting on behalf of” the new employer when the employee accessed the old employer’s system even though the employee was still employed by the old employer.

The $5,000.00 damage threshold for a CFRA case is not a significant obstacle. The damages can include the costs the employer incurs in having a forensic specialist examine the computer systems to determine what systems were accessed and when. In other words, even if the employer is not otherwise damaged, if the employer pays $5,000.00 to hire a forensic specialist and it turns out the employee did access the computer system without sufficient authorization, the employer can prevail.

Application of the CFRA is still in the infant stage, but you can expect to see more and more cases alleging violations of the CFRA in the future. Employers interested in bringing such claims should ensure they have a specific policy regarding authorized versus unauthorized use of computer systems.

The Law Office of Phillip J. Griego
95 South Market Street, Suite 520
San Jose, CA 95113
Tel. 408-293-6341
Original article by Robert E. Nuddleman, former associate of The Law Office of Phillip J. Griego.

Feel free to suggest topics for the blog. We are happy to consider topics pertaining to general points of Labor and Employment Law, but we cannot answer questions about specific situations or provide legal advice. If you desire legal advice, you should contact an attorney.

Your use of this blog does not create an attorney-client relationship between you and the Law Office of Phillip J. Griego. The use of the Internet or this blog for communication with the firm or any individual member of the firm does not establish an attorney-client relationship. Confidential or time-sensitive information should not be posted in this blog and the Law Office of Phillip J. Griego cannot guarantee the confidentiality of anything posted to this blog.

Phillip J. Griego represents employees and businesses throughout Silicon Valley and the greater San Francisco Bay Area including Palo Alto, Menlo Park, Mountain View, Los Altos, San Jose, the South Bay Area, Campbell, Los Gatos, Cupertino, Morgan Hill, Gilroy, Sunnyvale, Santa Cruz, Saratoga, and Alameda, San Mateo, Santa Clara, San Benito, Mendocino, and Calaveras counties.