Red Button delete

Red Button delete

Once the decision is made to quit and join a competitor, employees sometimes will delete information on the company laptop issued to them.  Various explanations are offered by employees for the deletions. Employees will claim that the deletions were personal photos or information. Or, that the deletions were done only after hard copies of the documents were placed in the company files. Or, that there wasn’t any information on the computer when the computer was issued and that they were only returning the computer in the same condition as when they received it. Employers, on the other hand, immediately become concerned that the employee deleted information in an effort to gain a competitive advantage. Or, that the information was deleted by the employee in an effort to punish the employer. If the employer concludes that valuable information was deleted, it may retain a computer forensic expert to recreate the information. On a more subtle level, employers often try use the deletions to diminish sympathy for the employee and show that the employee was a “bad” person. We’ve been involved in several civil cases where these kind of allegations have been made, and the allegations have played a major role in how the cases were resolved.

A recent Colorado Supreme Court case, People v. Stotz, demonstrates how an employee can be exposed to criminal  liability if he elects to delete information from his employer’s computer system. In Stotz, the defendants were all former employees of an electrical testing company who had resigned and accepted jobs with a competitor. Once the employees left, the electrical testing company discovered that information was missing from laptops used by the former employees. A computer forensics expert was retained and determined that thousands of documents had been copied and then deleted from the laptops.

When the electrical testing company filed a civil suit against the former employees, it had limited success. After the preliminary injunction hearing, the district court concluded that the employees’ noncompete agreements probably were unenforceable. Among other things, the court found that the former employees had not been managers or executives under the noncompete statute. The district court granted a preliminary injunction but it only barred the former employees from using information related to bids that they had been working on and from submitting bids for their new employer on projects they worked on for the electrical testing company. Once the employees received the Order on the preliminary injunction hearing, they must have felt relief. They must have thought that they had won and that there was little chance that they would be exposed to substantial liability to their former employer.

The electrical testing company was not, however, ready to let the case drop. It submitted a formal complaint to the Denver DA’s office and the former employees were charged with several crimes. A jury eventually convicted the former employees of felony computer crime and awarded $104,920 to the company in restitution. The employees were convicted of the section of the Colorado Computer Crime statute that states:

A person commits computer crime if the person knowingly: …(e) Without authorization or in excess of authorized access alters, damages, interrupts or causes the interruption or impairment of the proper functioning of, or causes any damage to, any computer, computer network, computer system, computer software, program, application, documentation, or data contained in such computer, computer network, or computer system or any part thereof.

After the conviction, the employees appealed and contested the constitutionality of the Colorado Computer Crime statute. They had reason to be optimistic about their appeal. In two other states, courts have found state computer crime statutes were unconstitutional. Nonetheless, the Colorado Supreme Court ruled that the computer statute was constitutional as it applied to employees who had deleted thousands of documents from their computer issued laptops, knowing that they acted without authorization or in excess of their authorization in doing so.

For employees thinking of leaving a company, the lesson is pretty clear. Don’t delete documents from your laptop right before you quit. Don’t delete documents even if you have an innocent explanation for why the documents should be deleted. In Stotz, for example, the employees had testified, among other things, that they had primarily deleted information on their computers from prior employment that they had loaded on the computer. And that they thought that, after their resignations, the IT Department would erase any files before issuing the laptop to another employee. Moreover, the employees testified that they had never received, nor believed they had needed to receive, prior authorization before downloading or deleting documents. They thought that they had full autonomy in adding  or deleting material from their laptops.

Despite this testimony, the Supreme Court found that the prosecution succeeded in showing that the employees knew that they were not authorized to engage in the wholesale deletions committed. The Colorado Supreme Court was unsympathetic to the employees’ arguments that the amount of restitution should be reduced. It found that the amount of restitution was amply supported by evidence that showed how much the electrical testing employees spent as a result of the deletion of the files.

Even if an employee doesn’t risk criminal charges, he should think twice about deleting information from a company computer shortly before quitting. Any deletions may prompt the employer to become more suspicious and provoke a forensic examination of the employee’s computer.