The issue of whether a departing employee has misappropriated the trade secrets of his or her employer often arises in the context of restrictive covenant enforcement. Indeed, some judges in New York City, will not issue a TRO in a restrictive covenant matter unless the court is presented with compelling evidence of theft of trade secrets. Given that such trade secrets are often downloaded from an employer’s computer database it may involve a breach of the federal Computer Fraud and Abuse Act (CFAA) and thus provide a plaintiff a pathway into federal court.
The CFAA makes it a federal crime to access a protected computer without proper authorization. It additionally provides a private right of action for, among others, an employer who has suffered loss or damage from violations of the CFAA by an employee to bring a civil action for relief. Originally an anti-hacking statute which targeted third-party individuals who accessed private computer systems without any authority, the CFAA’s language is ambiguous leaving the courts to determine whether it also applies to an employee who has authorized access to a computer, but then exceeds the scope of the authorized access uses a company computer to facilitate the misappropriation of confidential information.
District courts within the Second Circuit are split in their interpretation of the CFAA. Some have adopted a “broad approach,” and have allowed CFAA claims for alleged violations of an employer’s computer policies such as accessing a company computer to steal documents or for example, trading algorithms and surreptitiously mailing them to their home email address or to a third party. Other courts within the Circuit have embraced the “narrow approach” and prohibited CFAA claims against former employees.
The recent United States District Court for the Southern District of New York case, JBCHoldings NY LLC v. Pakter, addressed the issue of employee misuse of his employer’s computer. 931 F.Supp.2d 514 (S.D.N.Y. 2013). In JBCHoldings, defendants Janou Pakter and Jerry Tavin owned an executive search firm, which was purchased by plaintiff JBCHoldings NY (“JBCHoldings”). Under the purchase agreement, Pakter was required to “continue to participate in the business” and help plaintiffs build their executive search business. Both Pakter and Tavin agreed not to compete with plaintiffs and to help attract new clients to work with plaintiffs. However, plaintiffs allege that while under contract, Pakter and other co-defendants were operating a competing business and using their association with JBCHoldings to misappropriate proprietary information in order to advance this competing business. Plaintiffs theorized that “Janou (or a co-defendant) obtained this information either by (1) copying it to her personal laptop and sharing it with her co-defendants; (2) lifting it from JBC’s computers using a flash drive; and/or (3) obtaining it remotely via spyware.” Id. at 518-519.
The court highlighted how district courts within the Second Circuit have split in their views of how the CFAA should be interpreted in the employment context. Id. at 522. For example, in United States v. Aleynikov, where the defendant accessed, copied, and transferred his employer’s confidential information to an outside server, the court took a narrow approach and stated that “[t]he phrases ‘accesses a computer without authorization’ and ‘exceeds authorized access’ cannot be read to encompass an individual’s misuse or misappropriation of information to which the individual was permitted access. What use an individual makes of the accessed information is utterly distinct from whether the access was authorized in the first place.” 737 F.Supp.2d 173, 190-194 (S.D.N.Y. 2010). In contrast, in Calyon v.
Mizuho Securities USA, Inc., the defendants with broad access to their employer’s computer system copied proprietary information to use at a competitor bank. No. 07 Civ. 2241, 2007 WL 2618658 (S.D.N.Y. Sept. 5, 2007). There, the court took a broad approach stating that the “plain language of the statute seems to contemplate that, whatever else, ‘without access’ and ‘exceeds authorized access’ would include an employee who is accessing documents on a computer system which that employee had to know was in contravention of the wishes and interests of his employer.” Id. at *1.
The Second Circuit has yet to provide guidance on the interpretation of “unauthorized access” under the CFAA in situations where an employee, who is permitted access to his employer’s computers, misuses or misappropriates the employer’s confidential information. Assuming your assigned trial judge has not adopted the “narrow” approach, the CFAA remains a viable cause of action and avenue for access to Federal court. However, a plaintiff would be wise to have a plan “B” ready to proceed in the corresponding state court…just in case.