Since its enactment in 1986, employers have used the federal Computer Fraud and Abuse Act, 19 U.S.C. Section 1030 (CFAA) to vindicate violations of the employer’s workplace policies regarding use of computers, email accounts, and other electronic information by departing employees. The CFAA inevitably appeared as a claim in an employer’s complaint to address such conduct as downloading information from work computers and email accounts, or wiping devices and removing valuable information. The CFAA potentially provided relief where the information taken might not meet the definition of a “trade secret” in the federal Defend Trade Secrets Act (18 U.S.C. Section 1986), or Pennsylvania’s Uniform Trade Secrets Protection Act (12 P.S. Section 5302). Further, and perhaps providing leverage for employers, the CFAA provided a criminal remedy for such violations. In Van Buren v. United States, 592 U.S. ___ (June 3, 2021), the U.S. Supreme Court may have eliminated that claim for wronged employers.
The CFAA prohibits intentionally accessing a computer with or without authorization or exceeding authorized access of a computer. The act defines “exceeding authorized access” as accessing a computer with authorization and using that access to obtain information in the computer to which the individual is not otherwise entitled. The CFAA imposes criminal liability for violations of these prohibitions. It also imposes civil liability through a private cause of action if there is “damage,” meaning, an impairment to the integrity or availability of data, a program, a system or information.