A California federal district court recently gave an employer the go-ahead to sue an employee for accessing company computers after his resignation. Hat World Inc. v. Kelly (E.D. Cal. 2012).
Hat World is suing former employee, Kevin Kelly, for violating the federal Computer Fraud and Abuse Act (CFAA). The CFAA is a criminal law that allows civil lawsuits to be brought against individuals who access protected computers without authorization or who access them in unauthorized ways for wrongful purposes. Hat World alleged that Kelly violated the CFAA by accessing customer information on company computers while employed to use in his competing business and by accessing company computers following his resignation.
The court allowed Hat World’s claim based on Kelly’s unauthorized access following his resignation to proceed. The court, however, rejected Hat World’s other claim based on Kelly’s unauthorized access while employed because the CFAA can only be used to sue individuals for unauthorized procurement or alteration of information, not for its alleged misappropriation or misuse. The court also denied Hat World’s request for a preliminary injunction because Kelly’s transfer of company information to his personal email account appeared to be for tying up loose ends from his employment, not to misappropriate the company’s trade secrets.
When it comes to protecting company information, employers should hope for the best and plan for the worst. Employers should perhaps reconsider whether and how employees are allowed to remotely access confidential information or take it off-site in written or electronic form. And, former employees’ access to company information should be cut off immediately.