The Supreme Court’s recent decision in Van Buren v. United States, 141 S.Ct. 1648, 1653 (2021), resolved a circuit split regarding the scope of liability under the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. §1030 et seq. Specifically, the court held that a person does not “excee[d] authorized access” under the CFAA when the person accesses information on a computer for an improper purpose if he or she was authorized to access the information. Van Buren, 141 S.Ct. at 1662. The decision provides guidance for employers and employees regarding the scope of criminal and civil liability under the CFAA for the access and use of sensitive company information; it will also have broad implications for trade secret litigation in federal court.

The CFAA subjects to criminal liability anyone who “intentionally accesses a computer without authorization or exceeds authorized access,” and thereby obtains computer information. 18 U.S.C. §1030(a)(2) (added emphasis). Although the Third Circuit had not interpreted the “exceeds authorized access” before Van Buren, “[d]istrict courts in the Third Circuit have held, in the employer-employee context, that an employee who may access a computer by the terms of her employment is ‘authorized’ to use that computer for purposes of the CFAA even if her purpose in doing so is to misuse or misappropriate the employer’s information.” Beauty Plus Trading, Co. v. Adamo, Civil Action No. 17-7469 (JLL), 2018 U.S. Dist. LEXIS 23267, at *5 (D.N.J. Feb. 13, 2018).