More and more employers are suing employees who abscond with sensitive company information to either start their own business or work for a competitor. As we near that time when 100 percent of business information is electronic, those renegade employees find it easier to take that information with a few clicks and keystrokes. They also know how to hit the delete button to seemingly erase the trail of misconduct.
These employees are not deterred by company policies or employment-related agreements that prohibit the misappropriation of company information or contain covenants against competition. Those documents are typically signed and forgotten long before the misdeeds occur. Employees view them as written for lawyers to use in court, not for reminding them of their duty of loyalty. And case law and legislation has developed restrictions on enforcement. Now, however, help is on the way, thanks to an opinion issued on April 28, 2011, in United States v. Nosal by the Ninth Circuit Court of Appeals (which has jurisdiction over Washington and Oregon).
Nosal contains a helpful interpretation of the federal Computer Fraud and Abuse Act that breathes new life into employer policies and employment agreements. The Act prohibits persons from improperly accessing and using computerized information. The Act allows criminal enforcement and permits employers to sue employees who violate it. Before Nosal, some court opinions, including in the Ninth Circuit, held that an employee does not exceed "authorized access" to a computer by accessing information unless the employee had no authority under any circumstances to take the information. This meant that employees who took information that they were entitled to use properly (for example, a customer list or other proprietary information) but then misused it (perhaps to start another company or go to work for a competitor) could not be liable under the Act. Now, thanks to Nosal, as long as an employer has a clear policy on access to its computerized information that it communicates to the workforce, the employer can go after an employee who violates the policy for the unauthorized access of electronic records under the Act. So can the prosecutor.
Therefore, the wise employer should revisit its policy on the use of its computers. Does the policy limit what can be forwarded to an employee's home computer and personal e mail address? Does it explain restrictions on the use of information? Are restrictions customized for specific employees or levels of authority? Does the company warn that violations of the limits on access and use may be violations of the civil and criminal provisions of the Act?
In Nosal, employees accessed the company computer system to transfer a database of source lists, names, and contact information to their home e mail accounts, so that they could then start a competing executive-search firm. The trial court—relying on previous cases—determined that there had been no violation of the Act and dismissed the case. Now that the Ninth Circuit has reversed that decision, these former employees face potential jail time and fines.
Stay tuned to see how this decision will be applied in the civil context. We predict that it will strengthen employers' abilities to obtain remedies against disloyal employees. We'll provide an update on this encouraging development, and other potential remedies that go beyond the traditional covenants not to compete and confidentiality policies that courts often disdain, in our fall seminar.
About the author: Bruce Rubin is a partner in the Portland office who has been trying employment-related lawsuits on behalf of employers for over 30 years. In recent years, he has focused on seeking remedies against disloyal employees.