The Computer Fraud and Abuse Act, and Protecting Employer’s Electronic Data

The Southern District of New York recently joined a number of other jurisdictions in foreclosing one avenue of recovery for employers seeking to recover against employees who steal company information for competitors.  In Advanced Aerofoil Technologies, AG v. Todaro,  2013 WL 410873 (S.D.N.Y. Jan. 30, 2013), the court ruled that the Computer Fraud and Abuse Act’s private right of action does not extend to cover employees’ theft of information when it is stolen using channels of access that are authorized.  In doing so, the Southern District joined the Eastern District of New York and the Ninth Circuit in a narrow reading of the statute, while citing opposing holdings out of the First, Seventh, Fifth, and even other courts in the Southern District, which would give the CFAA a more expansive reading.

In Advanced Aerofoil Technologies, the plaintiff company Advanced Aerofoil Technologies (AAT) sued a number of defendants for procuring customer lists and proprietary information and funneling the information to their own new competing venture.  The list of defendants included former employees of AAT who allegedly used their unfettered access to divert clients and investors toward a new company that they formed while still employed.  According to the plaintiff’s summary judgment brief, the defendants continued their employment after the secret formation of their new company for the purpose of collecting information, and deleted entire swaths of information upon their departure in order to cripple AAT.  AAT brought a private suit (allowed under 18 U.S.C. § 1030(g)), citing violations of 18 U.S.C. § 1030(a).  Nevertheless, the court ruled that the language of this section of the statute hinges on subsection (a)(2), which disallows the intentional accessing of a computer without authorization to obtain information with the intent to defraud.  Because the defendant employees in AAT had “unlimited and unfettered access,” by definition they could not have exceeded their authorization.  The court therefore held that there was no violation of the CFAA, and dismissed the case.

What can employers take away from this case?  Simply this: that by carefully defining “authorized use” in personnel policies, employers may give courts that are reluctant to broaden the CFAA a reason to side with them in cases of blatant employee theft.

If you would like additional information on non-compete agreements and trade secrets law, please contact one of the Burr & Forman Non-Compete & Trade Secrets team members.