If you’re worried that an employee or ex-employee will break into your computer network and damage the company, a new court ruling gives you more teeth to enforce your policy.
And it gives employees something to think about before they commit e-sabotage.
Recent case: Under the federal Computer Fraud and Abuse Act (CFAA), an employee can be punished if he or she “knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value.” (18 USC§1030(a)(4)).
The government used the CFAA to bring criminal charges against David Nosal, a former director at global executive search firm Korn/Ferry.
When he left the company after eight years, Nosal signed a one-year noncompete agreement. However, he then allegedly enlisted three Korn/Ferry employees to help him open his own competing firm. The employees used their secret login codes to gain access to restricted databases. Once there, they copied proprietary data and gave it to Nosal.
Nosal was indicted under the CFAA for exceeding authorized access to a computer network. Nosal tried to get the CFAA claims dismissed, but the court said no, noting that Korn/Ferry employees, “were subject to a computer-use policy that placed clear and conspicuous restrictions on the employees’ access both to the system in general and to the [compromised] database in particular.” (United States v. Nosal, 9th Cir., No. 10-10038)
The lessons: First, it’s essential to have a computer- and network-usage policy. Without a policy, the court said, the company couldn’t argue there was a breach of it.
Second, monitor computer usage. It will help you spot red flags, such as downloading databases, so there can be an intervention to stop it.
Finally, protect your proprietary data like the crown jewels. In this case, the court really liked all the electronic reminders, written agreements and distributed policies that Korn/Ferry had in place to protect the confidential information.
Who’s watching your crown jewels?
- How to Fire an Employee the Legal Way: 6 Termination Guidelines
- California Supreme Court expands plaintiffs’ PAGA rights
- Using GPS tracking devices without violating employee privacy
- Was that really a layoff, or just an excuse to get rid of a squeaky wheel?
- With eye toward defending disability lawsuit, track medical condition before termination