The federal courts are currently split on the question of whether an employee can be held civilly liable under the Computer Fraud and Abuse Act (CFAA) for misappropriating confidential company information that the employee is permitted to access within the scope of his or her employment. The CFAA, 18 U.S.C. § 1030 et seq., is primarily a criminal statute but provides for a private cause of action against a person who “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains…information from any protected computer.” 18 U.S.C. 1030(a)(2). Recently, the Ninth Circuit, in LVRC Holdings LLC v. Brekka, et. al., joined a significant number of federal courts that have found that an employee who (before the termination of his or her employment) has permission to access the confidential information in question does not meet the definition of “without authorization” under the CFAA, regardless of the employee?s improper motive or misuse of the information.
Please see full publication below for more information.