Employees Beware: Computer Fraud & Abuse Act May Restrict Ability To Retain Documents

Employees need to be especially cautious in retaining documents that may be considered the property of the employer. A law Congress passed to deter computer hackers is now being wielded by corporations in litigation against their former employees. The broad scope of this law is now on display in federal court here in Massachusetts.

The Computer Fraud and Abuse Act (“CFAA”) is a federal law that establishes civil liability for anyone who:

“[k]nowingly and with the intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud or obtains anything of value.

18 USC Section 1030 (a)(4).

Sounds like a law designed to punish computer hackers, right? Well, like the civil RICO act, it’s another broad federal statute that is being put to use in different contexts by clever lawyers. In CFAA’s broad contours, some employment defense lawyers see a weapon for use against former employees who wish to sue their former employer for civil rights violations or other workplace torts.

As the Third Circuit Court of Appeals has noted: “Employers…are increasingly taking advantage of the CFAA’s civil remedies to sue former employees and their new companies who seek a competitive edge through wrongful use of information from the former employer’s computer system.” P.C. Yonkers, Inc. v. Celebrations the Party and Seasonal Superstore, LLC, 428 F.3d 504, 510 (3rd Cir. 2005).

Now a CFAA claim against a former employee is being litigated in New England’s own First Circuit. In a recent opinion in federal district court in Massachusetts, Judge Nathaniel M. Gorton denied a Motion to Dismiss filed by Thomas Pullen after his former employer, Guest-Tek Interactive Entertainment, Inc., sued Pullen for (among other things) allegedly downloading corporate files to a personal USB device. Pullen, as Guest-Tek’s former North American Vice President of Sales, had virtually unrestricted access to data on Guest-Tek’s computers. However, Judge Gorton found that, at least at this early stage, the lawsuit against Pullen should not be dismissed because Pullen’s use of Guest-Tek’s computers might have been “without authorization” or in excess of his “authorized access,” notwithstanding the fact that, as a high-ranking executive, Pullen was permitted access to all of the files at issue in the case.

Although the allegations in the Pullen case are egregious — Guest-Tek alleges that Pullen took the files in order to share them with his new employer and help the new employer gain a competitive advantage over Guest-Tek — employees should take heed. If you are a victim of workplace discrimination or sexual harassment and you wish to take home with you computer files that support your claims, you may expose yourself to a counterclaim by your employer under CFAA for doing so.