Employers have increasingly turned to the Computer Fraud and Abuse Act (CFAA), 18 USC §1030, for a cause of action against disloyal employees who allegedly misappropriated confidential or proprietary information from company computers. Originally enacted to combat the problem of computer hacking, the CFAA criminalizes unauthorized access to a private computer and also provides for private parties suffering harm from such conduct to bring civil actions for relief in federal court.
Recently, however, in WEC Carolina Energy Solutions v. Miller, 687 F.3d 199 (4th Cir. 2012), the U.S. Court of Appeals for the Fourth Circuit held that the CFAA may not be used to impose liability on an employee who is given lawful access to an employer’s electronic information but later improperly uses that information. With this narrow interpretation, the Fourth Circuit followed in the footsteps of the U.S. Court of Appeals for the Ninth Circuit, but departed from the broader interpretation adopted by the First, Fifth, Seventh and Eleventh circuits, which have held that the CFAA covers employee misappropriation or other violations of employers’ computer use policies. This month’s column discusses this deepening circuit split over whether the CFAA is available for employers against rogue employees.
