The U.S. Court of Appeals for the Ninth Circuit held, in U.S. v. Nosal, that former employees could be found guilty under the Computer Fraud and Abuse Act (CFAA) for accessing a company’s confidential database, even though a current, authorized employee had willingly facilitated the access by providing her credentials to the former employees. This is the Ninth Circuit’s second decision involving the application of the CFAA to defendant David Nosal. The court found that since the company had revoked the former employees’ access rights, and only the company (not the current employee) owned the database and had the authority to grant access rights, the former employees’ access through these means was “without authorization” under the CFAA.
- How-to guide How-to guide: How to develop, implement and maintain a US information and data security compliance program (USA)
- Checklist Checklist: Complying with cookie requirements under the PECR and the GDPR (UK)
- How-to guide How-to guide: How to establish a valid lawful basis for processing personal data under the GDPR (UK)