Violating your e-policies can be a federal crime — Business Management Daily: Free Reports on Human Resources, Employment Law, Office Management, Office Communication, Office Technology and Small Business Tax Business Management Daily
  • LinkedIn
  • YouTube
  • Twitter
  • Facebook
  • Google+

Violating your e-policies can be a federal crime

Get PDF file

by on
in Employment Law,HR Management,Human Resources

If you’re worried that an employee or ex-employee will break into your computer network and damage the company, a new court ruling gives you more teeth to enforce your policy.

And it gives employees something to think about before they commit e-sabotage.   

Recent case: Under the federal Com­puter Fraud and Abuse Act (CFAA), an employee can be punished if he or she “knowingly and with intent to de­fraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value.” (18 USC§1030(a)(4)).

The government used the CFAA to bring criminal charges against David Nosal, a former director at global executive search firm Korn/Ferry.

When he left the company after eight years, Nosal signed a one-year noncompete agreement. However, he then allegedly enlisted three Korn/Ferry employees to help him open his own competing firm. The employees used their secret login codes to gain access to restricted databases. Once there, they copied proprietary data and gave it to Nosal.

Nosal was indicted under the CFAA for exceeding authorized access to a computer network. Nosal tried to get the CFAA claims dismissed, but the court said no, noting that Korn/Ferry em­­ployees, “were subject to a computer-use policy that placed clear and ­conspicuous restrictions on the em­­ployees’ access both to the system in general and to the [compromised] database in particular.” (United States v. Nosal, 9th Cir., No. 10-10038)

The lessons: First, it’s essential to have a computer- and network-usage policy. Without a policy, the court said, the company couldn’t argue there was a breach of it.

Second, monitor computer usage. It will help you spot red flags, such as downloading databases, so there can be an intervention to stop it.

Finally, protect your proprietary data like the crown jewels. In this case, the court really liked all the electronic reminders, written agreements and distributed policies that Korn/Ferry had in place to protect the confidential information.

Who’s watching your crown jewels?

Leave a Comment

Previous post:

Next post: