PIMS

Déjà Vu Not All Over Again: Ninth Circuit Strengthens CFAA In Nosal II

computer fraud

On July 5, 2016, the Ninth Circuit Court of Appeals issued its highly anticipated decision in the most recent chapter of United States v. Nosal, holding that an individual acts “without authorization” as used in the Computer Fraud and Abuse Act (“CFAA”) when, after his/her own access has been revoked, the individual utilizes legitimate log‑in information of another to access company databases.  This decision has important consequences for organizations as they consider how to implement policy and technical controls on user access to ensure they are protected against unauthorized access under the CFAA.

READ MORE

“Don’t Go There”: Second Circuit Makes it Harder to Bring Claims against Former Employees who Take Company Information without Permission

computer fraud

On December 3, the Second Circuit Court of Appeals became the most recent entrant into the circuit conflict on the question of when and under what circumstances an employee’s use of a computer to gain access to unauthorized information constitutes a violation of the Computer Fraud and Abuse Act.  Over a dissent, the Court held that an employee cannot be convicted of violating the CFAA when he uses a database, to which he has been granted access, in a manner that is prohibited by company policy.  With the Second Circuit joining the Fourth and Ninth Circuits in the minority on the issue, the answer continues to turn on the jurisdiction in which the suit was brought.  Employers should take note because the decision reinforces the need to consider carefully whether and how to limit employee access to sensitive company information within its network—e.g., by use of written policy or technical access restrictions—and how those protections will play out in court if an employee takes company information for use in future employment.

READ MORE