A recent federal district court case in Georgia (citation provided below) suggests that employers may wish to tighten access controls and information security policies if they want to avail themselves of potential Computer Fraud and Abuse Act (“CFAA”) claims against former employees who steal company information. In that case, the court found that two senior employees who lawfully accessed company information did not violate the CFAA, even if they had intended to use that information against the company’s interests. Although other courts have adopted more expansive views, the court here based this decision on the determination that the CFAA creates a cause of action for wrongful access to information only, not wrongful use of information. Among other lessons learned, in order to strengthen possible CFAA claims against former employees by establishing wrongful access to information, employers should tighten access controls on key company systems and databases to limit access to company information on a strict need-to-know basis only, and should clearly establish in company policies and non-disclosure agreements that access to company information is permitted on that basis only. Doing so may have the beneficial effect of expanding the range of company information that should be subject to CFAA claims depending on the context and the controlling interpretations of the CFAA based on the argument that employees who access company information for something other than on a strict need-to-know basis are violating the CFAA prohibition on wrongful access to information. Note that the case discussed here does not address other non-CFAA claims that employers can raise against former employees in comparable situations, such as tortious interference with business relations, misappropriation of trade secrets, breach of duty of loyalty, and the like. See Power Equipment Maintenance, Inc. v. AIRCO Power Services, Inc., S.D. Ga., Case No. CV 413-55 (June 28, 2013) at http://docs.justia.com/cases/federal/district-courts/georgia/gasdce/4:2013cv00055/60130/43/.