In cases filed to enforce non-compete agreements, employers often include a claim against a former employee under the Computer Fraud and Abuse Act.
In a typical claim, the employer asserts that the employee accessed confidential business information on a work computer, emailed the information to a personal computer and then used the information in connection with the employee’s new job. Based on these allegations, the employer asserts a claim under (a)(4) or (a)(5) of the Act.
Section (a)(4) of the Act states that a violation occurs when an individual who "knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value". A key issue is whether the employee’s actions were authorized by the employer.
Employers have had mixed success with these claims. Some courts have adopted an expansive construction of the Act in recognizing that employers have stated claims under the Act. These courts have concluded that, while an employee may have been authorized to access information, that access was terminated when the employee accessed and appropriated the information for their own personal gain and against the interest of their employer.
Last month, a Nebraska federal district court in Ervin & Ervin Smith Advertising v. Ervin joined those courts which have sided with employers in adopting a liberal construction of the Act. In Ervin, the defendants were former executives who emailed documents to their home computers when they were preparing to compete with the company. There was no dispute that the computer access was done prior to the end of employment. Based on these facts, the court denied the employee’s motion to dismiss the claim under the Act.
Neither the tenth circuit, nor Colorado’s federal district courts have provided much guidance on the Act. The tenth circuit or Colorado’s federal district courts may adopt the approach in Ervin which favors employers. As a result, any employee who transfers company information from his work computer to his personal computer for use in his future employment incurs the risk that a claim may be asserted under the Act. An employer also may be able to assert additional state law claims for breach of the employee’s duty of loyalty or breach of the employee’s agreement to maintain the confidentiality of information.