Search thinkILG.com
Employment Posters Guide

Download the 2018 employment posters required by State and Federal law for free.

Login
« New NLRB Poster Rule | Main | No News is Great News! »
Wednesday
Nov162011

Combat Computer Mischief

If an employee uses your computer to (1) download sensitive data to compete with you, (2) access personal information on your customers, owners or employees, (3) destroy your valuable data or (4) disrupt your workplace as part of a union campaign, what can you do?

Recent federal cases decided this year now make clear that you can use the federal Computer Fraud and Abuse Act (CFAA), 18 U.S.C. 1030(g), to sue and file criminal charges against employees that steal or destroy your electronic data. This was not always the case. You must first, however, notify employees of restrictions on access to your computer data.

 

Early Decision – No Help

In 2009, the 9th Circuit Court of Appeals (covering Oregon, Alaska, Washington, Idaho, Montana, Nevada, Arizona, California and Hawaii) held the CFAA’s restrictions on unauthorized computer access did not apply to employees stealing data from their employers because employees have permission to access their employers’ computers.

 

2011 Case Changed Everything

Earlier this year, however, the 9th Circuit allowed a criminal conviction of an employee that downloaded confidential information before leaving to work for a competitor. The court said the difference in this case was that the employer had a policy limiting access to the employer’s computer information.

This year, the 3rd, 6th and 8th Circuits have also found misuse of employers’ computers to be CFAA violations. The impermissible conduct included stealing personal information of customers, union sabotage and mere unauthorized viewing of computerized information.

 

Employer Action Steps

At the time of the 2009 decision, we were confident that the comprehensive Electronic Tools section of the employee handbook we provide to clients would protect employers. The 2011 cases prove we were right. The policy we recommended includes specific restrictions on copying, recording or transmitting confidential information.

Authorized Use. The language the court relied on to reach its 2011 result is nowhere near as comprehensive as our Electronic Tools policy. Still, it should be added to all employee handbooks and computer use policies. Better yet, don’t limit the language just to computer use, but instead apply it to all electronic tools, now including telephones, voicemail, fax machines, copiers, cell phones, online or “cloud” storage systems, etc. . . .

You should make clear what use of your computer system and other electronic tools is authorized and what use is not. At the most basic, you should clearly state that use of your computer systems and the data stored on or accessed by those systems may be used for authorized business purposes and for no other purpose. Any other access, use, viewing or disclosure is prohibited.

Comprehensive Policy. In light of the 9th Circuit Court decisions, the language discussed above is important. It is not, however, a substitute for a comprehensive policy that addresses business and personal use of all of your electronic devices and systems. Social media, cameras, camera phones and music players all present unique problems that should also be addressed. Finally, your ability to view information on your systems and your employees’ expectation of privacy (you should make clear there is no expectation of privacy) should also be addressed.

Criminal Warning. Finally, in light of these decisions this year, we are going to add a statement to the employee handbook we draft for clients that unauthorized access, use or misuse could result in criminal prosecution. You should do the same.

How much could you lose if an employee stole your confidential data, sabotaged your computer system or destroyed your business records? Federal court decisions now give you tools for preventing mischief, for stopping former employees and their new employers from using your data and for recovering damages for harm you incur. Update your employee handbook and computer use policies to implement these new protections.

PrintView Printer Friendly Version

EmailEmail Article to Friend

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
All HTML will be escaped. Hyperlinks will be created for URLs automatically.