Print

The Protections of the Computer Fraud and Abuse Act

Volume 5, Issue 14
November 3, 2006

The federal Computer Fraud and Abuse Act, 18 U.S.C. § 1030, which creates criminal liability for computer hackers, may offer protection to employers from disgruntled or competitive employees who tamper with computer systems. The law prohibits the unauthorized access, or the exceeding of authorized access, into protected computers to obtain information or something of value or which causes damage, as well as the transmission of an extorting threat to cause damage to a protected computer. The law defines protected computers broadly as any computer "which is used in interstate or foreign commerce or communication."

This broad definition, which is likely to encompass most employers' computer systems, offers potential recourse against employees who erase or corrupt data contained on computers before they leave employment, or who acquire, through unauthorized use of the employer's computer, anything of value, such as confidential or proprietary information. In addition to criminal liability, the Act also permits an employer to sue an employee who engages, or attempts to engage in, unlawful conduct which causes at least $5,000.00 in damages, physical injury, a threat to the public health or safety, the modification or impairment of the medical examination, diagnosis, treatment or care of an individual, or damage to a computer system used by the government in the furtherance of the administration of justice, national defense or national security.

Nevada law also prohibits certain acts in relation to computers via Nevada Revised Statues §§ 205.473-.513. Nevada's statutory scheme creates misdemeanor and potential felony liability for those who, stated generally, take or damage computer data or computer equipment without authorization. Victims are authorized to file a lawsuit for certain acts in violation of the statutes. Notably, under Nevada law, an employee is presumed to have authority to access and use the computer facilities (including the data contained on the computer) of his or her employer unless clear and convincing evidence is shown to the contrary.

An employer's ability to use these statutes against an employee or former employee who engages in computer-related misconduct will depend, in large part, upon the extent to which the employee had authorization to access the computer or information at issue. As such, policies and procedures specifying what employees are authorized to access both generally as employees and specifically in relation to their specific positions will be important tools in seeking redress against computer-related misconduct. Employers hiring a competitor's employee should also consider cautioning the new hire against unauthorized access of his/her current employer's systems as he/she departs.

To review the specific provisions of the federal and state statutes, click on these links:

Relevant Nevada Revised Statutes: http://www.leg.state.nv.us/NRS/NRS-205.html#NRS205Sec473
Federal Computer Fraud and Abuse Act: http://www.justice.gov/jmd/ls/legislative_histories/pl99-508/cr-s14453-1986.pdf

Employer Report articles are for general information only; they are not intended and should not be construed to be legal advice. Reading or replying to such articles does not establish an attorney-client relationship. In addition, because the subject matters and applicable laws discussed in Employer Report articles are often in a state of change and not always applicable to every type of business entity or organization, readers should consult with counsel before making decisions based on the same.