Did an outgoing worker copy client data files and use them for his or her new job? Has an employee accessed a company database to obtain a fellow employee’s home address? If a worker taps into business data without authorization or exceeding the authorization they’ve been granted, the Computer Fraud and Abuse Act may give you recourse for legal action.
What is the Computer Fraud and Abuse Act?
Also called the CFAA, this federal law prohibits individuals from accessing computers without authorization or in a way that exceeds authorized access. The law was passed in 1986 and has been amended numerous times since.
Working on improving employee engagement?
EPIC is an Employee Engagement software that gives you the tools and insights to create a workplace culture that encourages engagement, loyalty, and trust.
Can employers use the CFAA to bring action against employees who access data without authorization?
Yes. In fact, a number of recent court decisions have supported employer use of the Computer Fraud and Abuse Act:
- A Social Security Administration employee was accused of using SSA databases to access information about women he knew. For instance, he looked up data regarding his ex-wife’s earning history. The worker also used the databases to locate the address of a woman he was interested in so he could send her Valentine’s Day flowers. The man was convicted of 17 counts of violating the Computer Fraud and Abuse Act, and the the 11th Circuit Court of Appeals upheld the conviction.
- An IT employee in a Michigan advertising firm accessed confidential information regarding the company’s CEO. When the worker shared the files with company management, allegedly to reveal the firm’s computer security weaknesses, she was fired and the police were notified. She was later convicted of Computer Fraud and Abuse Act violations and was ordered to pay the company restitution. The conviction was upheld on appeal.
- The 9th Circuit Court of Appeals has ruled that “any person who obtains information from any computer connected to the internet, in violation of [an] employer’s computer-use restrictions, is guilty of a federal crime.”
How can I protect my business from employees who steal data?
Don’t take it for granted that workers know what they can and cannot do with information collected and maintained by the business. Take time to review and update the company’s computer and data use policy. Examples of what to include in a computer and data use policy might include guidelines that prohibit:
- Obtaining access or hacking into systems the employee is not authorized to use;
- Using another employee’s log-in or password to access information;
- Breaching or monitoring computer or network security features.
The Computer Fraud and Abuse Act may provide the recourse you need when an employee accesses company data without or exceeding authorization. Give the company the best chance of success in those cases by having a clear computer and data use policy in place and ensuring employees are aware of the policy.
FREE Related Resources
Stay abreast of the latest legal challenges and issues that employers face with Legal Alert For Supervisors. Request your free newsletter
Latest posts by Dianne Shaddock (see all)
- Cross Training Staff – Doing the Right Thing For the Wrong Reasons - January 18, 2019
- Proactive Employee Management Really Boils Down To The Basics - December 21, 2015
- Office Meetings Do Not Have To Be A Productivity Time Drain If Done Right - November 17, 2015
- Proposed Changes To Employee Rights Laws: WAGE Act Bill - November 3, 2015
- Why It Is Important to Distinguish Interns From Employees – Especially In Cases of Unpaid Interns - October 27, 2015