One of the most valuable assets of any company is its intellectual property. Although technology has led to great efficiencies, it has also created new exposures for businesses, particularly with respect to the protection of valuable trade secrets. One of the key tools in a litigator’s arsenal in the fight against theft of trade secrets is the Computer Fraud and Abuse Act (CFAA). It prohibits a person from intentionally accessing a computer without authorization or exceeding authorized access to obtain information, perpetrate a fraud, or cause damage. Unfortunately, the issues are not always straightforward. Issues have arisen about the extent to which a business can use the CFAA to protect its information because there are conflicting views among the courts on the meaning of “authorization”.
In the context of employer/employee relations, some courts are of the view that what constitutes access “without authorization” should be broadly defined. In doing so, courts generally rely on the principles of agency law such that where the basis for the authorization is terminated, the authorization is also revoked. On the other hand, a majority of courts take a more restrictive interpretation of what constitutes “without authorization” and limit the use of the CFAA to employees who are alleged to have taken electronic data prior to leaving the company.
One of the best way to combat these divergent views is to ensure that business policies and practices are up to date and appropriately protect proprietary data and trade secrets by limiting the use of company computers and technology for business purposes only and restricting access to proprietary data and trade secrets to those employees with a need to know.