Four recent decisions handed down by four different federal courts of appeals during the past year have, in combination, greatly enhanced the ability of businesses to use the Computer Fraud and Abuse Act (CFAA) as a tool to protect competitively sensitive data and personal information stored in company computers. The CFAA is the federal computer crime statute that permits companies that have been victimized by theft ordestruction of data to file a civil action against the perpetrator for damages and injunctive relief. 18 U.S.C. 1030(g).
The U.S. Court of Appeals for the 9th Circuit settled the issue of an employer’s ability to use the CFAA against employees, although just last week it granted an en banc rehearing of its decision; the 6th Circuit permitted the statute to be used against a labor union that shut down an employer’s computer system through a massive spam attack; the 3d Circuit broadened the definition of unauthorized access to the company computer to mean accessing without a business purpose; and the 8th Circuit expanded the definition of what it means to obtain information from the computer to include the simple viewing of data as opposed to physically taking or copying data.