Webinar: Trade Secrets 2011 Webinar Series - The Anatomy of a Trade Secret Audit: Is the Data That Drives Your Company Adequately Protected?

Posted on May 19, 2011 by Seyfarth Shaw LLP

Trade Secrets 2011 Webinar Series - The Anatomy of a Trade Secret Audit: Is the Data That Drives Your Company Adequately Protected?

May 25, 2011

10:00 am - 11:00 am Pacific
11:00 am - 12:00 pm Mountain 
12:00 pm - 1:00 pm Central
1:00 pm - 2:00 pm Eastern

CLICK HERE TO REGISTER

 

 


With the economy recovering in some sectors, the risk of trade secret theft to businesses has increased with greater employee mobility and the incumbent pressures on production and sales, together with the alarming frequency of targeted data theft attacks and the explosion of social media and cloud computing. Companies cannot simply react to these real business risks to their data once the data is compromised but should employ a thoughtful and comprehensive approach to the protection of their trade secrets and confidential information.
 
It is not uncommon for companies to find themselves in situations where important assets are overlooked or taken for granted. Yet, those same assets can be lost or compromised in a moment through what is often benign neglect. Authoritative sources estimate that companies lose hundreds of billions of dollars as a result of trade secret theft. At the same time, companies sometimes find themselves, through poor controls, exposed when they inadvertently obtain others’ trade secrets. Recent jury verdicts across the nation demonstrate the risk is real. Moreover, once the trade secret is lost, it is lost forever along with the value the company derives from the information.
 
To address these recurrent issues, Seyfarth Shaw helps clients protect their important assets and effectively manage risk by conducting Trade Secret Audits. Our experience has shown that companies gain tremendous value by taking a proactive, systematic approach to assessing and protecting their trade secret portfolios through a Trade Secret Audit. Please join us for the second webinar of the 2011 series which focuses on Trade Secret Audits.

Topics will include:

  • Identifying trade secrets and secrecy protections
  • Effective secrecy protections, including employment and non-compete agreements.
  • Effective hiring and termination protocols, including effective exit interviews and termination protocols.
  • Employing a comprehensive approach and trade secret protection plan
  • Managing and working to protect computer-stored data,including responding to emergency issues related to computer fraud and security breaches
  • This informative presentation will include a question and answer portion and checklists.

Our panel consists of attorneys with experience advising clients on issues related to trade secret audits. CLE credit will be available for participants.*

For questions, please contact events@seyfarth.com and reference this event.

Tags: , , , , , , ,

What Georgia's Restrictive Covenant Act Means - and Doesn't Mean - for Employers

Posted on May 16, 2011 by Guest Author for TradeSecretsLaw.com

By Dan Hart, Atlanta

Following Georgia Governor Nathan Deal’s signing of House Bill 30 (“H.B. 30”) on May 11, Georgia’s Restrictive Covenant Act is now law, effective immediately. The Governor’s signing of the bill caps months of debate and speculation about the effective date of a nearly identical bill that the Legislature enacted in 2009. That legislation, H.B. 173, was contingent on voters’ approval of a ballot referendum to amend the Georgia Constitution – a measure that voters overwhelmingly approved last November. Although the legislature clearly intended the 2009 bill to become effective the day after last November’s election, uncertainty about the effective date of the constitutional amendment raised concerns about the effective date of the statute.  Accordingly, the legislature enacted H.B. 30 to fix these problems. (For our previous posts on this issue, see here and here.)   The new law thus applies to all restrictive covenants entered into on or after the statute’s May 11 effective date.

The statute effects a sea-change in the law in Georgia, which historically has been an inhospitable forum for employers seeking to enforce restrictive covenants against former employees. Among other changes, the Act creates statutory presumptions under which courts must presume that restraints two years or less in duration are reasonable in time and that restraints more than two years in time are unreasonable. It also eases the drafting requirements for specific restrictive covenants, abolishes the previously existing requirement of a time-restriction for non-disclosure provisions, and creates a statutory burden-shifting regime whereby, if employers can meet an initial burden of showing that restrictive covenants are in compliance with the statute, parties challenging such restrictive covenants bear the burden of establishing that the covenants are unreasonable. Perhaps most significantly, the new law also permits Georgia courts to “blue pencil” (i.e., partially enforce) restrictive covenants that otherwise would be overbroad and, therefore, completely unenforceable under existing Georgia case law.

With the new law now officially enacted, should employers now assume that Georgia courts will always uphold restrictive covenants against their employees? Not exactly. As ESPN’s Lee Corso might say, “Not so fast, my friends!” Employers should continue to exercise caution in this area for at least three reasons:

First, the Restrictive Covenant Act applies only to restrictive covenants entered into on or after May 11, 2011.   Existing Georgia case law applies to restrictive covenants entered into on or before November 2, 2010 (the day that Georgia voters approved a constitutional amendment upon which the new law depends), and might also apply to restrictive covenants entered into between November 3, 3010 and May 10, 2011. For that reason, employers may continue to face an uphill battle in enforcing restrictive covenants that predate the new law unless they meet the narrow requirements that previously existed under Georgia law.

Second, while the Act permits Georgia courts to partially enforce overbroad restrictive covenants, it does not require that they do so. Until case law develops under the new statute, employers and their lawyers cannot be certain of what situations Georgia courts will exercise or decline to exercise their blue-penciling power. Based on law in other jurisdictions, however, it appears likely that Georgia courts may decline to exercise their blue-penciling power in cases where they believe that employers have unreasonably overreached for the purpose of creating an in terrorem effect on employees. Thus, employers should continue to exercise restraint when drafting restrictive covenants and should avoid drafting unreasonably broad covenants with the expectation that they will be fixed by the courts.

Third, although most provisions of the Act are beneficial to employers, the Act places restrictions on the types of employees who may be subjected to true non-compete provisions (as opposed to non-solicitation or nondisclosure provisions). Such provisions may be enforced only against employees who:

·        “Customarily and regularly solicit for the employer customers or prospective customers;”

·        “Customarily and regularly engage in making sales or obtaining orders or contracts for products or services to be performed by others;”

·        Perform specified management duties (which are set forth in the Act using language that closely follows the U.S. Department of Labor’s (“DOL) definition of the Fair Labor Standards Act’s (“FLSA”) “executive” exemption);

·        Perform the duties of a “key employee” (which the Act defines as “ an employee who . . . has gained a high level of influence or credibility with the employer's customers, vendors, or other business relationships or is intimately involved in the planning for or direction of the business of the employer or a defined unit of the business of the employer” or “an employee in possession of selective or specialized skills, learning, or abilities or customer contacts or customer information who has obtained such skills, learning, abilities, contacts, or information by reason of having worked for the employer”); or 

·         Perform the duties of a “professional” (which the Act defines using language that closely follows the DOL’s definition of the FLSA’s “professional” exemption.

Before requiring employees to execute new non-compete agreements, employers should ensure that employees who are subject to the restriction fall within one of the definitions included in the statute.

Notwithstanding these necessary precautions, employers might consider revamping their standard restrictive covenants to take full advantage of the changes created by the Act. When undertaking such an effort, employers may want to consider the following issues:

·        Are your non-solicitation provisions consistent with the language approved by the Act? The Act provides that “[a]ny reference to a prohibition against ‘soliciting or attempting to solicit business from customers’ or similar language shall be adequate [for non-solicitation restrictions] and narrowly construed to apply only to: (1) such of the employer’s customers, including actively sought prospective customers, with who the employee had material contact; and (2) products and services that are competitive with those provided by the employer’s business.” Because this provision loosens the previously-existing rules for drafting non-solicitation covenants, employers may be able to streamline the language that they use for such covenants.

·        Are your definitions of restricted geographic territories and competitive activities consistent with the language approved by the Act? The Act provides that “[a]ctivities, products, or services [covered by a restrictive covenant] shall be considered sufficiently described if a reference to the activities, products, or services is provided and qualified by the phrase ‘of the type conducted, authorized, offered, or provided within two years prior to termination’ or similar language containing the same or a lesser time period.” Likewise, the Act provides that “[t]he phrase ‘the territory where the employee is working at the time of termination’ or similar language shall be considered sufficient as a description of geographic areas if the person or entity bound by the restraint can reasonably determine the maximum reasonable scope of the restraint at the time of termination.” These provisions significantly loosen rules that previously existed for drafting restrictive covenants in Georgia and may likewise provide some employers with an opportunity to streamline their agreements.

·        Are your nondisclosure provisions drafted as broadly as reasonable? Existing case law in Georgia requires nondisclosure provisions to bear a reasonable time limitation (usually a period of two years or less) with respect to any information that does not constitute a “trade secret” as defined by relevant law. Consistent with this requirement, many employers in Georgia historically have drafted their nondisclosure covenants to apply to a period of two years or less. Because the Act abolishes the requirement of a time limitation for nondisclosure covenants, employers should consider whether they want to revise the language in their existing nondisclosure covenants.

If you are interested in reviewing your existing restrictive covenant agreements for compliance with the new statute, or if you would like assistance drafting such agreements for your workforce, contact a Seyfarth Shaw Trade Secrets Group attorney.

Tags: , , , ,

Seyfarth Shaw Attorney To Lead Presentation On Trade Secrets At LegalTech West Event

Posted on May 16, 2011 by Seyfarth Shaw LLP

Seyfarth Shaw partner Robert Milligan will present at the LegalTech West Conference on Tuesday, May 17, 2011 at the Westin Bonaventure Hotel in Los Angeles, California at 1:00 p.m. His presentation is entitled "Trade Secret Investigations: The Legal and Technical Perspective" and will cover areas of computer forensics that corporations and law firms may have previously overlooked, including artifacts that may be available when conducting forensic analysis, legal issues and challenges when dealing with trade secret issues in different jurisdictions and facts about the statistical makeup of trade secret cases. Registration information can be found at

Tags: ,

Outside Counsel Fees May Be a Qualified Loss to Meet the CFAA's $5000 Jurisdictional Requirement

Posted on May 15, 2011 by Robert Milligan

By David Monachino

The Computer Fraud and Abuse Act (“CFAA”) requires, among other things, that a plaintiff demonstrate a “loss” of $5,000 or more. See 18 U.S.C. § 1030(c)(4)(A)(i)(I). 

In Animators at Law, Inc. v. Capital Legal Solutions, LLC, et al., Case No. 10-CV-1341 E.D.Va. (May 10, 2011) (unpublished) (TSE) two former employees of Animators’ abruptly left to join a competitor. Shortly thereafter, Animators’ president noticed that one of the former employee’s laptop containing sales and other confidential information was missing.   Thus, Animators initiated an investigation concerning whether defendants copied, deleted, or otherwise misused Animators’ confidential information after leaving Animators’ employment, including an (i) outside forensic analysis, (ii) internal investigation, and (ii) outside counsel investigation. Capital Legal disputed whether the outside forensic analysis constituted a qualified loss under the CFAA, because Animators did not “actually pay” cash for these services, as well as the propriety of the other two investigations. 

 The District Court first noted that “hindsight must not guide such an analysis of whether such actions were reasonably necessary in response to a CFAA violation … perpetrators of unauthorized access should foresee that their actions may result in significant investigations and costs far exceeding the actual damage to the system.” The District Court then held that “the CFAA does not require losses to be paid for in cash. Indeed, a holding that CFAA losses must be reduced to a cash exchange would conflict with the principle that a CFAA plaintiff may recover damages for its own employees’ time spent responding to CFAA violations.” Finally, the District Court stated that it appears that well documented internal investigations and outside lawyer’s fees also “appear to be” qualifying losses: “[w]hile defendants may contend that [the outside lawyer] is not the appropriate person to oversee the investigation and response to the intrusion, given his high hourly rate and legal, rather than technical expertise, even a reduction or outright elimination of [the outside lawyer]  charges would still leave Animators with well over $5,000 in qualified losses.” 

Accordingly, apart from obtaining the return of their valuable data, the potential recovery of outside counsel fees under the CFAA, as well as computer forensic examiner fees, may provide a necessary element and a significant incentive to companies to pursue CFAA claims should their data be compromised by departing employees.

Tags: , , , , , , , ,

Georgia Governor Signs New Restrictive Covenant Act

Posted on May 11, 2011 by Seyfarth Shaw LLP

Aimed at eliminating a potential issue regarding the effective date of the earlier statute and to fix certain drafting anomalies identified after previous passage, Georgia's Restrictive Covenant Act  (version 2011), is now law, as the Governor signed the bill as passed by the House and Senate late this afternoon (May 11, 2011). 

The legislature made clear that the impetus for the re-enactment of the Restrictive Covenant Act was the potential issue regarding the effective date.  In Section 1 of the Act, the legislature wrote:

During the 2009 legislative session the General Assembly enacted HB 173 (Act No. 64, Ga. L. 2009, p. 231), which was a bill that dealt with the issue of restrictive covenants in contracts and which was contingently effective on the passage of a constitutional amendment. During the 2010 legislative session the General Assembly enacted HR 178 (Ga. L. 2010, p. 1260), the constitutional amendment necessary for the statutory language of HB 173 (Act No. 64, Ga. L. 2009, p. 231), and the voters ratified the constitutional amendment on November 2, 2010. It has been suggested by certain parties that because of the effective date provisions of HB 173 (Act No. 64, Ga. L. 2009, p. 231), there may be some question about the validity of that legislation. It is the intention of this Act to remove any such uncertainty by substantially reenacting the substantive provisions of HB 173 (Act No. 64, Ga. L. 2009, p. 231), but the enactment of this Act should not be taken as evidence of a legislative determination that HB 173 (Act No. 64, Ga. L. 2009, p. 231) was in fact invalid.

The primary substantive change to O.C.G.A. Section 13-8-56, which is now clarified to show that it applies both to in-term covenants and to post-term covenants.  No substantive changes were made to other sections in the statute as they were in the version passed by the General Assembly and signed by the Governor in 2009. 

The Governor's signing should end a period of uncertainty since the enabling amendment was passed.  (For our previous post on that issue, see here.) 

Tags: , , , , ,

Iowa - Sophisticated Employees Bound by Reasonable Restrictive Covenants; Plaintiff to Post $2 Million Bond

Posted on May 11, 2011 by Paul Freehling

 A recent Iowa U.S. district court decision upheld two-year, geographically reasonable, non-compete agreements signed by 26 veterinarians while they were employed by Iowa Veterinary Specialties, P.C. (IVS), a Des Moines, Iowa clinic they owned. When two of the vets and IVS’s operations manager learned that its sale to ISU Veterinary Services Corporation (VSC) was imminent, they used IVS’s business information and facilities to assist them in opening a competing veterinary clinic. VSC is a non-profit subsidiary of Iowa State University (ISU) which is home to the oldest veterinary college in the U.S. The purchase of IVS was made with public funds and was intended to be part of ISU’s mission to regain and enhance its veterinary college academic preeminence. The acquired assets included the non-compete agreements.   

VSC sued the two vets and the operations manager, seeking a preliminary injunction. Except as against the operations manager, who had not signed a non-compete agreement, the injunction was entered. The court held that VSC had met its burden of showing a likelihood of success on the merits and that the balance of the equities favored VSC, and the court concluded that “enforcement of valid non-competition agreements serves the public interest.” However, the court did order VSC either to post a $2 million surety bond or to provide a binding representation from ISU that it will pay any judgment the vets may obtain against the University. ISU Veterinary Services Corp. v. Reimer, 2011 WL 1595337 (S.D. Iowa Apr. 27, 2011).

The vets contended that an injunction would bankrupt them, but the court turned that contention against them by stating it showed that VSC had no satisfactory remedy at law. Moreover, VSC proved that the purchased entity had experienced a decline in its revenue and in the number of its patients since the defendants became competitors, thereby showing how harmful denial of injunctive relief would be. 

The court also rejected arguments made by the vets regarding the supposed unfairness or ambiguity of the non-compete agreements, adding that the vets were highly compensated, sophisticated and well-educated, and that the non-compete had substantial monetary significance. So, they should have retained counsel for advice before signing. Assertions that Iowa law prohibits public bodies from competing with private enterprise, and that Iowa’s Veterinary Practice Act prohibited VSC from practicing veterinary medicine, likewise were to no avail.  

Iowa law says that “discharge by the employer is a factor opposing the grant of an injunction” to enforce a non-compete agreement. One of the vets had not been offered a position by VSC. However, that individual had “expressed a complete unwillingness to remain” after the acquisition, and so an offer to him of employment would have been futile. 

The principal message of the VSC case is that sophisticated signatories to reasonable non-compete agreements have an uphill battle when faced by an injunction action. Nevertheless, a very substantial bond requirement (as here) could prove to be a significant obstacle to enforcement of an injunction.

Tags: , , ,

"Under Pressure" Not Enough To Make Agreement Unenforceable.

Posted on May 6, 2011 by Eddy Salcedo

Employment Agreement’s forum, venue and personal jurisdiction clause upheld despite argument that the agreement was signed “under extreme pressure” and without sufficient time for counsel to review.  CLP Resources, Inc. v T. Salerno, 2011 WL 1597677 (W.D.Wash.) (April 27, 2011).

Plaintiff CLP Resources, Inc. (“CLP”), a large provider of temporary construction workers, sued a former employee, defendant Salerno, and his new business, Defendant Alliance Project Staffing (“Alliance”), claiming causes of action for breach of contract, misappropriation of trade secrets and tortious interference with existing and prospective contracts. CLP’s causes of action were based upon allegations that Salerno, while employed as an Account Manager at CLP, started a directly competing business, Alliance, using CLP resources. CLP asserted that Salerno’s conduct violated the terms of his Employment Agreement with CLP.

Defendant Salerno moved to dismiss the action upon the arguments (1) that the Western District of Washington lacked personal jurisdiction and (2) that venue was not proper in that court as he had worked for CLP in central California, not Washington.

In response, CLP argued that the action was commenced in the United States District Court for the Western District of Washington pursuant to the terms of the Employment Agreement, which directed that venue for any action to enforce the agreement would be either the State Court in Pierce County Washington, or the Federal Court in the Western District of Washington. It was further argued that the Employment Agreement also contained covenants that Salerno would submit to the personal jurisdiction of either of those courts, would not raise personal jurisdiction as a defense to any action premised upon the Employment Agreement, and finally that the laws of the State of Washington would govern any dispute. 

Salerno attempted to counter the enforceability of the Employment Agreement by claiming that he signed the agreement “under extreme pressure," three days after he began working for CLP, and after he had irrevocably relocated from Tennessee to work for CLP in California.  He further claimed that he did not have an attorney review the document, and did not have time to review it himself, thereby making the jurisdiction, venue and  are unenforceable due to duress and fraud. Finally, he claimed that the agreement was not supported by consideration because he had already begun working at the time he signed it.

In addition to his common law defenses to the agreement, Salerno added a statutory defense, alleging that the Employment Agreement also contained a non-competition provision which was not consistent, and as such void under, California Code §16600.

The Western District of Washington rejected all of Salerno’s arguments, denying his motion in its entirety. In denying the motion and upholding the jurisdiction, venue and choice of law provisions of the Employment Agreement the court held as follows.

First, whether California Code §16600 would ultimately be dispositive of CLP’s claims was not relevant at this stage in the litigation because “it plainly does not apply to the consent to personal jurisdiction, forum selection and choice of law provisions.”  Further holding that “[t]his California statute is not a defense to jurisdiction or venue in this Court.”

Next, with respect to Salerno’s argument that the Employment Agreement was procured by fraud or duress, or was otherwise not enforceable because Salerno was “coerced” into signing without adequate time to review the document, and without the benefit of the advice of counsel, the court held that “[t]here is no authority for the proposition that such time or attorney review is a prerequisite for the execution of a binding Employment Agreement. Nor is it novel that one seeking employment is offered the same conditioned on the acceptance of the terms of an employment agreement.”  

Finally, with respect to Salerno's claim that he did not see the actual agreement before he began working for CLP, the court found that “…it is undisputed that his employment was always expressly conditioned upon his agreement to those terms. His claim about the consideration provided for his agreement is not enough, therefore, to negate his assent to the terms of the Employment Agreement.”

Tags: , , , ,

Indiana Court Upholds A Covenant Not To Solicit Recent Customers, But Prohibitions Against Contact or Accepting Referrals With Such Customers Are Stricken

Posted on May 4, 2011 by Paul Freehling

A recent Indiana Court of Appeals opinion, designated as non-precedential, discussed that state’s law concerning non-competition agreements. Most significant, the court upheld a commitment not to solicit the employer’s current or recent customers for two years even though the covenant contains no geographical limitation. However, provisions precluding any “contact with” such customers, and forbidding acceptance of “referrals of” them, were “blue penciled.” The court reversed the entry of summary judgment for the ex-employees and remanded for trial. Think Tank Software Dev. Corp. v. Chester, Inc., No. 64A03-1003-PL-172 (Ind. Ct. Appeals, Apr. 11, 2011).

Think Tank Software Development Corporation, and a number of companies affiliated with it (collectively, “Think Tank”), sued 10 former employees almost all of whom went to work for defendant Chester, Inc. Think Tank and Chester are competitors, engaging in what the court called “computer-related business activities.” Think Tank alleged violation of covenants not to compete and misappropriation of trade secrets. 

After more than five years of motion practice and discovery, the trial court granted summary judgment to the defendants on the grounds that the covenant not to compete “is overbroad and is therefore unenforceable . . . and cannot be reformed,” and that the property rights in which Think Tank claimed confidentiality did not constitute trade secrets. What the trial court apparently viewed as the covenant’s fatal flaw was that it was unlimited as to an applicable territory. Further, the affidavit of a former Think Tank director of technology seemingly demonstrated that the company had no protectable business information.

The Court of Appeals disagreed. Although upholding a two-year restriction on solicitation of recent former customers, the appellate court struck as unreasonable the prohibition against contacting them. Similarly, the court approved a ban on selling to, servicing, consulting, or negotiating with those customers, but a prohibition on acceptance of referrals of new customers -- for example, by the ex-employer’s customers -- was invalidated. Indiana recognizes “blue penciling” as an option for a court. The absence of a territorial restriction was not fatal, according to the court, because “the class of prohibited contacts [customers who had been such within two years of the former employees’ termination] is well defined and specific, thereby eliminating the need for any geographical limitation.” 

As for trade secrets, the appellate tribunal held that Think Tank sufficiently raised genuine issues of material fact with respect to whether the company’s “customer identities” and “tailored solutions to the customers’ information technology needs combine to form confidential information.” Similarly, Think Tank provided enough evidence of “its extensive security provisions in protecting” that information to withstand a motion for summary judgment.

The enforceability of a non-compete and non-solicitation agreement in a particular case frequently turns on the applicable facts and circumstances, the precise wording of the restriction, and the jurisdiction. The question of whether particular information qualifies as a trade secret also is fact-intensive. When in doubt, contact a Seyfarth Shaw Trade Secrets Group attorney.

Tags: , , , , ,

The Federal Computer Fraud and Abuse Act is Back in Play for Employer Suits Against Dishonest Employees in the Ninth Circuit

Posted on May 2, 2011 by Robert Milligan

By Scott Schaefers and Robert Milligan

On April 28, 2011, the Ninth Circuit Court of Appeals held in an important decision upholding legal protections for employer data that employees may be held liable under the federal Computer Fraud and Abuse Act (18 U.S.C. 1030 et seq.) in cases where employees steal or remove electronic files or data in violation of their employers' written computer-use restrictions.

In U.S. v. Nosal (9th Cir. No. 10-10038), the Ninth Circuit held that a former employee "exceeds authorized access" to data on his employer's computer system under the CFAA where the employee takes actions on the computer that are prohibited by his employer's written policies and procedures concerning acceptable use (e.g. prohibitions against copying or e-mailing files to compete or help a third party compete with the employer).

The court rejected the argument that it was overruling its 2009 decision in LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (9th Cir. 2009), which dismissed an employer's CFAA claim against an employee who had e-mailed confidential documents to his personal address when working for the employer, and used those files post-termination to compete with the employer. The Brekka panel said that so long as the employee was authorized to use the computer for any purpose and such authorization had not been completely rescinded, the employee could not be held liable under the CFAA for using files for unauthorized purposes.

In distinguishing Brekka, the Nosal panel held that the employer in Brekka did not place any restrictions on employees e-mailing themselves confidential files, and thus the employees could not be said to have exceeded any such computer-use restriction. The employer in Nosal, on the other hand, had password-protected computers, written computer-use agreements with its employees which restricted access to computers to employer business, and automatically placed restrictive legends on its confidential database printouts advising readers that the printouts were confidential and company property.

The employers' computer-use restrictions, the Nosal court held, were the key distinction from Brekka, and the touchstones for "exceeding authorized access" under the CFAA. The Nosal majority noted that it was siding with the First, Fifth, and Eleventh Circuits' decisions in prior cases which similarly upheld employer CFAA claims against dishonest employees for exceeding authorized access by stealing employer files.

The dissent in Nosal argued that the majority’s decision goes too far, and potentially criminalizes otherwise innocuous employee use and access of his employer's computer. The definition of "exceeding authorized access" under the intent-to-defraud provision of the CFAA (i.e. Section 1030(a)(4)), the dissent said, was inconsistent with the statute's use of the same phrase in section 1030(a)(2), which made such access a crime whether or not the employee intended fraud. Any time the employee even technically violated an employer's restrictions, the employee could be indicted at the whim of the government.

With the Nosal decision, employers in the Ninth Circuit now have a clear CFAA remedy against dishonest employees who exceed their authorized access of their employers' computer systems. Employer computer-use restrictions determine whether an employee exceeds authorized access under the CFAA. Conversely, employees looking to avoid federal indictment or civil liability under federal law should strictly adhere to their employers' computer-use restrictions.

To avail themselves of the helpful Nosal decision, employers should ensure that they have written computer-use policies which prohibit improper computer use and activities. The policies should prohibit the use of company computers to copy, e-mail, or otherwise distribute company files to compete or help a third party compete with the employer. Computer access should be authorized for work activities only. Employers should also consider prohibitions on the distribution of company data to employees' non-work e-mail accounts and prohibitions or limitations on the use of electronic storage devices, such as external hard drives and data sticks. Employers should also audit employee computer use and access activity to ensure that employees are following company policies. Recurring training on acceptable computer usage is also critical. Employers should carefully circumscribe employee access to company prized data to only those employees who truly need to have access to such data to perform their jobs. Employers should also require employees to return all company data upon termination, as well as all company computers and other electronic devices.  

The Nosal decision provides employers with a viable remedy to help address employee data theft but employers must be vigilant and ensure that they have crafted thoughtful computer-use policies to maximize their protections under the CFAA.

Tags: , , , , , ,