(Text for those without flash or javascript) Fulcrum's professionals are experienced CPAs, MBAs, ASAs, CFAs, affiliated professors and industry specialists Our expertise encompasses damages analysis, lost profit studies, business and intangible asset valuations, appraisals, fraud investigations, statistics, forensic economic analysis, royalty audits, strategic and market assessments, computer forensics, electronic discovery and analysis of computer data.
Computer Forensics / Electronic Discovery

CFAA Provides Federal Jurisdiction In Employment Matters Involving Theft Of Computerized Data

May 2006
Library Sections:

The Computer Fraud and Abuse Act (CFAA) provides an additional means of seeking recovery and damages involving stolen computerized property from former employees.  When CFAA was first passed in 1984, it covered mainly classified information on government computers. Amendments in 1994, and recent court cases have greatly expanded its scope.  This originally criminal statute can now be appropriately used in civil cases.   

CFAA provides the following advantages over similar actions that are commonly brought under state laws: 

  1. Under CFAA, employers can bring actions in federal court because CFAA bestows federal jurisdiction. Restrictive state noncompete or unfair competition laws that generally protect employees, such as those that exist in California, can be avoided.

  2. Because CFAA's focus is not on the type of information or data stolen but instead on abuse of a computer system to obtain that information, employers can bring CFAA claims without proving the information wrongfully accessed was a trade secret, constituted confidential or proprietary information, or breached an employment, confidentiality, or noncompete agreement.  

The need for additional tools to prosecute employee thefts arises because the means of taking data from employers allow such thefts to be more effective, and easy.  (See Employees' Personal Storage Devices Create Challenges).   

CFAA is located within 18 U.S.C. Section 1030(a).  It covers situations in which an employee and/or his new employer intentionally accessed a "protected computer" (i.e., one used in interstate or foreign commerce) "without authorization" or "exceeded authorized access". These requirements apply to company insiders, and not just outside hackers.   

 

For CFAA to apply, damages must exceed $5,000.  Damages are defined broadly to include "any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service."    

 

The following cases establish civil liability against insiders: 

  1. Shurguard Storage Centers, Inc. vs. Safeguard Self Storage, Inc. (119F.Supp. 2nd 1121 W.D. Washington, 2000)

  2. EF Cultural Travel BV EF vs. Explorica Inc. (274 F.3rd 577 1st Cir, 2001)

  3. Pacific Aerospace & Electronics Inc. v. Taylor (295 F. Supp. 2d 1188, 1197 E.D. Wash. 2003).

  4. P.C. Yonkers vs. Celebrations the Party and Seasonal Superstore (2005 WL 2931940, 3d Cir. Nov. 7, 2005).

  5. Charles Schwab & Co. v. Carter  (2005 WL 351929, N.D. Ill. Sept. 27, 2005)

  6. International Airport Centers, LLC vs. Citrin (2006 U.S. App. LEXIS 5772 7th Cir. March 8, 2006)

Whether pursued in state or federal court, plaintiffs need to preserve evidence that will support their claim.  Much of this information likely resides in the plaintiff's computers, but this data must be preserved before the computer is used further.  For more information see Computer Forensics Deserve a Place in Your Human Resource Toolkit     

Fulcrum Inquiry provides damages analysis, investigations, and computer forensics services.  We have substantial experience involving trade secrets and stolen information in employment matters.