U.S. companies’ vulnerability to data security incidents through computer hacking has garnered unprecedented public awareness in the last 12 months. Given our increasing volume of user data generated in business and its significant value, hacking will remain a common feature in the data landscape. In one respect, the most sophisticated hack is no different than the first stagecoach robbery: A crime has occurred.
Both the Computer Fraud and Abuse Act and Stored Communications Act contain criminal penalties for certain violations (see 18 U.S.C. §§ 1030 & 2701, respectively) and, depending on the particular data taken from the victim, other federal statutes may be implicated as well. Therefore, in the rush to respond to the hack, the victim needs to assess whether the involvement of law enforcement is appropriate.
