Contact Us
Subscribe to this blog via RSS
Join us on LinkedInCategories
- FTC
- Emotional Support Animals
- Service Animals
- Employee Agreement
- Remote Work
- Federal Trade Commission
- LGBTQ
- Minors
- United States Department of Justice ("DOJ")
- Work from Home
- Arbitration
- Workplace health
- Trade Secrets
- Corporate
- Center for Disease Control
- Americans with Disabilities Act ("ADA")
- FFCRA
- Opioid Epidemic
- Occupational Safety and Health Administration (“OSHA”)
- COVID-19
- Families First Coronavirus Response Act
- H.R.6201
- Health Care Law
- IRS
- Paid Sick Leave
- Temporary Leave
- Treasury
- Coronavirus
- Worker Misclassification
- Labor Law
- Overtime
- Kentucky Unemployment Insurance Commission
- Sexual Harassment
- FMLA Retaliation
- Overtime Rule
- Employer Wellness Programs
- Employment Non-Discrimination Act ("ENDA")
- Genetic Information Nondiscrimination Act ("GINA")
- Independent Contractors
- Kentucky minimum wage
- Minimum wage
- Paid Time Off ("PTO")
- Sick Employees
- Wage and Hour
- Employee Benefits
- Employment Discrimination Laws
- ERISA
- Fair Labor Standards Act (FLSA)
- Human Resource Department
- Kentucky Civil Rights Act (“KCRA”)
- OSHA
- Overtime Pay
- Social Media
- Social Media Policies
- U.S. Department of Labor
- Union
- ADA Amendments Act of 2008 (“ADAAA”)
- Adverse Employment Action
- Amazon
- Americans with Disabilities Act
- Bring Your Own Device
- BYOD
- Civil Rights
- Compliance
- Copyright
- Department of Labor ("DOL")
- EEOC
- Employee Handbook
- Employee Misconduct
- Employment Law
- Family and Medical Leave Act (“FMLA”)
- Intellectual Property
- National Labor Relations Act (NLRA)
- National Labor Relations Board (NLRB)
- Portal-to-Portal Act of 1947
- Pregnancy Discrimination Act
- Security Screening
- Title VII of the 1964 Civil Rights Act
- U.S. Equal Employment Opportunity Commission (“EEOC”)
- U.S. Supreme Court
- Uncategorized
- Volunteer
- Work for Hire
- Young v. UPS
- Department of Health and Human Services
- Federal contractors
- Kentucky Labor Cabinet’s Occupational Safety and Health Program (KOSH)
- Micro-unit
- Security Checks
- Specialty Healthcare & Rehabilitation Center of Mobile
- Cloud
- Creech v. Brown
- EEOC v. Hill Country Farms
- Equal Employment Opportunity Commission v. Kaplan Higher Education Corp.
- Lane v. Franks
- Mine Safety and Health Administration ("MSHA")
- Non-exempt employees
- Northwestern
- Shazor v. Prof’l Transit Mgmt.
- Web Content Accessibility Guidelines
- Whistleblower
- "Ban-the-box"
- 2013)
- At-will employment
- Berrier v. Bizer
- Bullying
- Chapter 11 Bankruptcy
- Chenzira v. Cincinnati Children’s Hospital Medical Center
- Citizens United v. Federal Election Commission
- Companionship services
- Compensatory time off
- Conestoga Woods Specialties v. Sebelius
- Consumer Credit Protection Act (“CCPA”)
- Crystalline Silica
- Davis-Bacon and Related Acts
- Drug-Free Workplaces
- Earnings
- Ehling v. Monmouth-Ocean Hospital Service Corp.
- Federal Stored Communications Act (“SCA”)
- Government employees
- Government shutdown
- Home Health Care Workers
- Illness and Injury Reports
- Job applications
- Jury duty
- Kentucky Department of Workers’ Claims
- Kentucky Wage and Hour Act
- KYSHRM 2013
- Mandatory vaccination policies
- Maternity Leave
- McNamara O’Hara Service Contract Act
- NFL Bullying Scandal
- Payroll
- Permissible Exposure Level ("PEL")
- Private employers
- Sebelius v. Hobby Lobby Stores
- Senate Bill 157
- SHRM
- Small Business Administration (SBA)
- Violence
- Wage garnishment
- WorkSmart Kentucky
- COBRA
- Defamation
- Defense of Marriage Act (“DOMA”)
- EEOC v. Fabricut
- EEOC v. The Founders Pavilion
- Employee Hazards
- Employee of the Month Programs
- Employee Training
- Employer Group Health Plans
- Employer Mandate
- Employment Practices Liability Insurance
- Endorsements
- Federal Workplace Agencies
- FICA
- Freedom of Speech
- Gatto v. United Airlines and allied Aviation Services
- Giant Food LLC
- Health-Contingent Wellness Programs
- HIPAA
- Litigation
- Madry v. Gibraltar National Corporation
- Medical Exams
- Megivern v. Glacier Hills Incorporated
- Motivating Factor
- Obesity
- Online Account Protection
- Online Defamation
- Participatory Wellness Programs
- Pennington v. Wagner’s Pharmacy
- Pension Plans
- Play or Pay
- Record Retention
- Reference checks
- Sequester
- Severance Pay
- Social Media Ownership
- Supervisor
- Supplemental Unemployment Compensation Benefits
- Tangible employment actions
- Tax Refund
- Title VII retaliation cases
- Troyer v. T.John.E Productions
- Unfair Labor Practice
- United States v. Quality Stores
- United States v. Windsor
- University of Texas Southwestern Medical Center v. Nassar
- Vance v. Ball State University
- Contraceptive Mandate
- Employee Arrests
- Employee Forms
- Employee photographs
- Form I-9
- House Labor and Industry Committee
- Job Description
- Job Requirement
- Kentucky’s Whistleblower Act
- KRS 391.170
- Municipal Liability
- Patient Protection and Affordable Care Act
- Posting Requirements
- Public Sector Liability
- Religious Employer
- Right to Work Bill
- Social Privacy Laws
- Strategic Enforcement Plan (SEP)
- Telecommuting
- U.S. Citizenship and Immigration Services
- White v. Baptist Memorial Health Care Corp.
- Wilson v. City of Central City
- Workplace Politics
- Class Action Waivers
- Criminal Background Checks
- Crisis Management
- Employee Performance Reviews
- Employee Personnel Files
- Federal Arbitration Act (FAA)
- Federal Department of Labor
- Informal Discussion Letter (“EEOC Letter”)
- Kentucky Labor Cabinet
- Labor and Pensions ("HELP")
- PhoneDog v. Kravitz
- Salary Threshold
- Social Networking Online Protection Act (SNOP)
- Workplace Discrimination, Harassment and Retaliation
- Business Insurance
- Communications Decency Act
- Employee Contracts
- Hiring and Firing
- Hosanna-Tabor Opinion
- Insurance Coverage
- Internet & Media Law
- Internet Defamation
- National Labor Relations Act
- Non-Compete Agreement
- Retaliation by Association
- Unemployment Benefits
- Uniformed Services Employment and Reemployment Rights Act
- USERRA
Supreme Court: Bad Intent Not Enough to Violate the Computer Fraud and Abuse Act
In an unlikely 6-3 decision where Justices Barrett, Gorsuch, and Kavanaugh joined the three so-called “liberal justices,” the United States Supreme Court held on June 3, 2021, that a police officer did not violate the Computer Fraud and Abuse Act, 18 U.S.C. §1030(a)(2) (“CFAA”), by accessing a law enforcement database to retrieve information to commit a crime. This case may have far-reaching implications for companies that provide access to trade secrets and confidential information to employees, and it’s probably time for them to review their contracts and policies.
The CFAA makes it a crime and prescribes civil liability to a person who “intentionally accesses a computer without authorization or exceeds authorized access.” 18 U.S.C. §1030(a)(2). See Van Buren v. United States, 593 U.S. ___ (2021) ( Slip Op.). The CFAA defines the phrase “exceeds authorized access” to mean “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” Id. at §1030(e)(6). Prior to the Van Buren decision, the Eleven Circuit followed the interpretation in its circuit and that mere misuse of information available in a computer networks violates the statute, and, on that ground, affirmed Van Buren’s conviction for violating the CFAA. Slip Op. at 4.
Consistent with the Supreme Court’s decision, the CFAA must now be interpreted as leading to criminal or civil liability where a person “accesses a computer with authorization but then obtains information located in particular areas of the computer—such as files, folders, or databases—that are off limits to him.” Slip Op. at 20. Therefore, if someone is authorized to access an area of a computer and uses information in that area of the computer—even for unlawful purposes, that person has not run afoul of the CFAA. That is what Officer Van Buren did when he accessed license plate records, of which he had unauthorized access, to illegally sell them to a known criminal for profit. On the other hand, the CFAA will still impose both civil and criminal liability if the person uses a computer to access areas of the computer or a network to access information to which he is not authorized. That is the way courts in the Second, Sixth, and Ninth Circuits had already interpreted the CFAA, and it previously was not the binding interpretation everywhere. See Slip Op. at 4, n. 2.
Companies that provide their employees and/or contractors with network access to trade secrets or confidential business information will need to update their policies and contracts following this case. This case limits a company’s ability to use CFAA to remedy unauthorized access or trade secret theft. As a result, contracts and/or handbooks should be revised to make clear that the information contained in the company’s databases or electronic records may qualify as a trade secret and define the parameters of authorized access. Additionally, do not forget to amend your electronic terms of service agreements to reflect the restrictions on access to company data and information.
Bruce Paul is a Member of McBrayer law practicing in the firm's Louisville office. His law practice primarily focuses on intellectual property, copyright law, trademarks, commercial and business litigation, employment law, and infringement litigation. Mr. Paul can be reached at bpaul@mcbrayerfirm.com or (502) 783-6245.
Cynthia L. Effinger, Member with McBrayer, is located in the firm’s Louisville office. Ms. Effinger’s practice is concentrated in the areas of employment law and commercial litigation. Her employment law practice is focused on drafting employment manuals and policies, social media, wage and hour, non-compete agreements and workplace discrimination. Ms. Effinger can be reached at ceffinger@mcbrayerfirm.com or (502) 327-5400, ext. 2316.
Services may be performed by others. This article does not constitute legal advice.
