Rod Satterwhite and David Greenspan are members of the Labor & Employment group at McGuireWoods LLP. Both handle employment litigation on behalf of employers, and advise companies on employment issues regularly.
posted on Friday, March 14, 2008 1:53 PM by Lou Michels

Employees and Computer Fraud

I have written before about employees going ballistic on their bosses' computer systems and the risks employers face in these situations. A recent case out of a federal court in Illinois (Wong & Assoc. v. Nichols, No. 07C6277, Jan. 16, 2008) discusses the application of a federal legal remedy, the Computer Fraud and Abuse Act, or CFAA, that can be applied in both a criminal (read that as U.S. Attorney, federal judge, federal prison type of situation) and a civil one, where you merely get sued for money damages. However, the statute has some fairly specific requirements that have to be shown before bringing down the wrath of the federal government on one of your employees for misconduct.

In this case, the employer brought a CFAA action against a former employee who walked out with confidential company information that he had taken off the company's computer system. That's all he did -- copied information down and left. He didn't try to hide his theft by wiping his hard drive, stealing a computer system, or any other nefarious act.

In tossing out the CFAA cause of action, the court noted that the statute requires both that there be "damage" to the computer system (defined as impairment to the integrity or availability of data, a program, a system or information) and "loss" (defined as any reasonable costs to the victim incurred in responding to an offense, or suffered as a result of the interruption of service). The court said that simply taking the data, without damaging the computer system and causing lost revenue as a result, was not a violation of the CFAA and dimissed the case.

My experience is that cyber thieves are normally not content to simply copy data out of their systems for their own purposes. Typically, they try to hide it by deleting files, erasing drives, or removing pieces of hardware. Under these circumstances, which are similar to the case mentioned in an earlier post here, the CFAA undoubtedly applies as long as the employer can show some cost of repair or restoration

Comments

# re: Employees and Computer Fraud

Thursday, April 10, 2008 11:57 PM by Jacob Johansen
This is interesting.

You'd think taking proprietary data from an employer's computer could very well cause reasonable costs to the employer, especially if an employee made it a point to only take certain files. They obviously had some importance.

So what would be the employee's intent with this information?

If it was sold or shared with competitor or public, the loses could be huge.