CFAA Case Reminds Employers to Limit Employee Data Access

When Hardev Sidhu took a medical leave from his job at consulting giant Accenture in 2009, his employer continued his pay, benefits and access to its secure online network, which contained proprietary information.

Accenture did not know that Sidhu had fabricated the illness and started working for HCL, a direct competitor, two months into the leave. About a year later, Accenture discovered the deception and found that Sidhu had downloaded more than 900 documents during his leave.

Courts in Conflict

When Congress passed the CFAA in 1984, its primary goal was to enhance the government's ability to prosecute criminals who access computers to steal information or disrupt networks. However, the private right of action established under the CFAA can help businesses recoup losses in some cases of employee data theft, says Jackson Lewis Partner Joseph Lazzarotti.

Employer-Centric Cases

At the other end of the spectrum from Brekka are enforcement-friendly cases. In 2006, the 7th Circuit in Int'l Airport Centers LLC v. Citrin recognized that previously authorized use of a computer system may become unauthorized when an employee breaches his duty of loyalty to his employer and reversed the district court's dismissal of CFAA claims by the employer against a former employee.

Michael Kozubek

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.