Second Circuit Decision Highlights Rift in Case Law Over When Computer Fraud and Abuse Act Can Be Used to Combat Employee Theft of Data

With the proliferation of technology in the modern workplace, employee theft of confidential and proprietary computer data is often involved in non-compete cases. I have written extensively in prior articles on the scope of remedies available under the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 et seq. (“CFAA”) and its New Jersey state law counterpart, the Computer Related Offenses Act, N.J.S.A. § 2A:38A-3 et. seq. (“NJCROA”). A new decision from the Second Circuit has highlighted the significant barriers to using the CFAA in New York, Vermont and Connecticut, to deal with an employee’s improper use of computer data, at least until this issue is put to rest by the United States Supreme Court or by an act of Congress. In U.S. v. Valle, 2015 WL 7774548 (2d Cir. Dec. 3, 2015), the Court held that it is not enough to show that an employee with authorization and login credentials to the company network misused his access in violation of a company computer use policy. Rather, an employer seeking redress under the CFAA in those states must now show that an employee did not have authorization and bypassed a technological barrier to access the information. Valle highlights the need for employers to revisit their technical security measures to ensure their data is safe not just from what are traditionally viewed as “hackers,” but from disloyal employees as well.

Back to P&A News