A recent Ninth Circuit Court of Appeals decision that the Computer Fraud and Abuse Act does not apply to the theft of data by an employee might leave business owners and HR managers scratching their heads.
In US v. Nosal, the Ninth Circuit ruled that David Nosal could not be prosecuted under the CFAA for stealing proprietary information because he was authorized to access the data in the first place.
What does the decision mean for employers trying to protect sensitive data? For your reference, three takeaways from US v. Nosal:
1. Using the CFAA to combat employee data theft just got harder:
“… the 9th Circuit Court of Appeals issued an opinion holding that limiting an employee’s access to the company computers solely for business purposes, i.e. not stealing the data for a competitor, cannot be the predicate for a violation of the federal computer crime statute, the Computer Fraud and Abuse Act.” (The 9th Circuit: Employees Are Free to Steal from the Company Computers by Nick Akerman)
2. Employers should consider increasing limits on access to sensitive data:
“Recognizing the distinction between authorized access and authorized use, the Ninth Circuit has now clarified that the CFAA is not triggered where there is merely unauthorized use of information from a computer—the access itself must have been without or in excess of authorization. Thus, under Nosal, if a business wants to protect its sensitive information, it must either limit access to that information, or, rely on legal remedies other than the CFAA.” (En Banc Ninth Circuit Limits Scope of Computer Fraud and Abuse Act – Terms of Use Do Not Restrict Authorized Access by Fenwick & West LLP)
3. This isn’t likely to be the final word US v. Nosal:
“One has to wonder, if the justices of the Ninth Circuit cannot agree among themselves whether to agree or disagree with other federal circuits, how long will it be before the U.S. Supreme Court has to weigh in on the matter?” (CFAA Does Not Apply to Employee Data Theft According to Ninth Circuit by Fisher & Phillips LLP)
—
Related Reading:
- Former Employee Cannot Be Charged Criminally For Violating Company Computer Policy (Proskauer)
- United States v. Nosal No. 10-10038 (9th Cir. April 10, 2012) (McKenna Long & Aldridge LLP)
- Ninth Circuit Ruling Trimming CFAA Claims for Misappropriation Reminds Employers that Technical Network Security is the First Defense (Proskauer)
- Noncompete News: Ninth Circuit Holds Employee Data Theft is Not Punishable Under the CFAA After All (Ford & Harrison LLP)
- En Banc Ninth Circuit Decision Could Send CFAA to Supreme Court for Review (Lewis and Roca LLP)
- En Banc 9th Circuit Decision Narrowly Construes Federal Computer Fraud and Abuse Act’s Prohibition on Conduct that “Exceeds Authorized Access” (Davis Wright Tremaine LLP)
- Ninth Circuit Gives a Narrow Interpretation of What Constitutes a Violation of the Computer Fraud and Abuse Act (Patton Boggs LLP)
- The Rise of the Computer Fraud and Abuse Case (Fenwick & West LLP)
- The Computer Fraud And Abuse Act Subject To Different Interpretations (Patton Boggs LLP)
- The Computer Fraud and Abuse Act (CFAA) – The Benefits of a Computer Use Policy That Restricts Employee Access (Bryan Cave)
- Noncompete News: The Computer Fraud And Abuse Act Isn’t Just For Computer Hackers Anymore; The Ninth Circuit Extends Its Protection To Employee Data Theft (Ford & Harrison LLP)
- The Computer Fraud and Abuse Act: ‘Authorization’ in Flux and the Ninth Circuit Dilemma (Lewis and Roca LLP)
- Social Media Activity In The Workplace And The Computer Fraud And Abuse Act (Sheppard Mullin Richter & Hampton LLP)
- After Last Week’s Oral Argument Will the 9th Circuit Reverse Its Decision that the Computer Fraud and Abuse Act Applies to Employees? (Nick Akerman)
- Ninth Circuit Holds Computer Fraud and Abuse Act Criminalizes Employee’s Access To Information In Violation Of Employer’s Express Access Limitations (Fenwick & West LLP)
- Ninth Circuit: Speculative “Loss” Insufficient for Computer Fraud and Abuse Act (Shawn Tuma)
- Employers Can Use the Federal Computer Fraud and Abuse Act to Combat Labor Union Mass Email Campaigns, Sixth Circuit Rules (Archer & Greiner, P.C.)
- Can a Labor Union Be Sued Under the Computer Fraud and Abuse Act for Spamming an Employer’s Voice and Email Systems? (Nick Akerman)
- 3 Recent Computer Fraud and Abuse Act Cases Worth Noting (Shawn Tuma)
—
Find additional Labor & Employment Law updates on JD Supra>>
Google+
