On December 3, the Second Circuit Court of Appeals became the most recent entrant into the circuit conflict on the question of when and under what circumstances an employee’s use of a computer to gain access to unauthorized information constitutes a violation of the Computer Fraud and Abuse Act. Over a dissent, the Court held that an employee cannot be convicted of violating the CFAA when he uses a database, to which he has been granted access, in a manner that is prohibited by company policy. With the Second Circuit joining the Fourth and Ninth Circuits in the minority on the issue, the answer continues to turn on the jurisdiction in which the suit was brought. Employers should take note because the decision reinforces the need to consider carefully whether and how to limit employee access to sensitive company information within its network—e.g., by use of written policy or technical access restrictions—and how those protections will play out in court if an employee takes company information for use in future employment.
Computer Fraud and Abuse Act
Orrick World: A Quarterly Report of Global Employment Law Issues for Multinationals
Asia Employment Law Update
Proposed Regulations May Complicate Reductions in Force in China
On December 31st, 2014, Ministry of Human Resources and Social Security (“MOHRSS”) issued a notice to solicit public opinions on the draft Regulations on Personnel Cutbacks by Enterprises (“Draft Regulations”). The Draft Regulations set out detailed implementing rules for “mass layoffs” (defined under the Labor Contract Law as being a layoff of more than 10% of the workforce or more than 20 employees) and, if adopted in their current form, will further complicate the process for conducting reductions in force in China.
Employer Requests for Social Media Passwords Under Scrutiny
Following a growing trend among states, Ohio recently introduced legislation to bar employers from requiring current or prospective employees to provide access to their private social media accounts, such as Facebook and Twitter. Although to date Maryland is the only state with a law on the books prohibiting employers from requiring or requesting access to a current or prospective employee’s private social media accounts (Maryland’s law does not go into effect until October 1, 2012), approximately a dozen other states are considering similar legislation, including California, Delaware, Illinois and New York. Click here for a list of the state bills. READ MORE
Ninth Circuit Limits Federal Criminal Liability Reach of Computer Fraud and Abuse Act to Hackers Only, Not Employees in Violation of Company Policy
Employees cannot be criminally prosecuted by the federal government for breach of an employer’s computer policies, according to the Ninth Circuit’s April 10, 2012 en banc opinion in U.S. v. Nosal. The 9-2 en banc panel (with a strongly worded dissent) opted to narrowly construe the Computer Fraud and Abuse Act (“CFAA”) to avoid creating a world in which employees could be held criminally liable for “workplace dalliances” like accessing social media sites which may be in violation of a company policy that work computers may be used for business purposes only. The opinion reversed the Ninth Circuit’s earlier April 28, 2011 panel decision and further deepened a split among circuits on this issue. READ MORE