FEDERAL COMPUTER FRAUD AND ABUSE ACT
By Timothy K. Cutler
A little known and underused federal act regarding the misappropriation of computer data by an employee is the Federal Computer Fraud and Abuse Act, 18 U.S.C. 1030 (the "Act").
An employee and his current employer may be liable to a former employer under the Act for the misappropriation and misuse of computer data. The Act provides that it is unlawful to access a protected computer without authorization. It is further unlawful to access data on a protected computer if the access exceeds the authorization.
A protected computer is any computer connected to the internet. Without authorization, means copying or using computer data without the employer's permission. Included in the definition of unauthorized use is the destruction of data.
A current employer is liable under the theory of an agency relationship if the misappropriation takes place while the employee is employed by the current employer. Current employers are also subject to a claim for injunctive relief. The trend appears to be to expand liability of current employers for the wrongdoing of their employee under the Act.
Any former employer who sustains a loss or damage resulting from the unauthorized access to computer data by a former employee (or current) can maintain a private cause of action if the damages/losses exceed $5,000. Loss is defined as "any reasonable cost to any victim, including the cost of responding to an offense, conducting damage assessment, and restoring the data, program, system or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service."
The courts are divided as to whether claims of lost profits or goodwill damages are recoverable. However, injunctive relief is readily available under the Act, as well as the opportunity to file a claim in federal court.
This is certainly a law that both employers and employees should be aware of and employees and subsequent employers should be cognizant of their liability for the misappropriation of computer data.