This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| 1 minute read
Reposted from Taylor English Insights

Supreme Court Reads Computer Fraud and Abuse Act Narrowly Against Unauthorized Employee Database Access


The Supreme Court last week upheld a narrow reading of the chief federal computer crimes act used by businesses to punish employees who wrongfully access information held in company computers. US courts have disagreed for years on the scope of the CFAA. Some have used it to convict employees for stealing information from employers when they access information they are not supposed to access. Others have used it only in cases where the employee then misuses such information. The law is frequently wielded against insiders who have stolen confidential company information, often as they leave to start a competing job or as retaliation for a job termination.

Last week's case involved a Georgia police officer who impermissibly accessed a database to discover whether a civilian was actually an undercover officer.  The Supreme Court sided with those courts that have read the CFAA narrowly (i.e., if information is actually accessible to an employee, improper access of it is not punishable under the CFAA).  

The import of this decision remains to be seen.  It does seem that deeming information "off limits" to certain employees will not be enough to trigger application of the CFAA if they break the rules and access it anyway.  Instead, businesses will need to consider whether sensitive, confidential, or otherwise secret information should be protected with some form of security (passwords, encryption, etc.) against prying employees.  

The decision was 6-3, with the majority evenly split between conservative and liberal justices.  

But the most immediate takeaway from the 6-3 split decision for businesses, attorneys say, is that it makes it more challenging, yet not impossible, for companies to cite the CFAA in lawsuits where insiders are accused of misusing computer networks to view trade secrets.

Tags

insights, data security and privacy, hill_mitzi