computer fraud and abuse act

Given all the recent headlines about data theft as well as a resurgence of interest in the Computer Fraud and Abuse Act (CFAA), a December 18, 2020 ruling from a federal trial court in Colorado may be of interest to our readers. MCS Safety Solutions, LLC v. Trivent Safety Consulting, LLC, No. 19-cv-00938-MEH (D. Colo. Dec. 18, 2020) (2020 WL 7425874).

Although the Computer Fraud and Abuse Act (CFAA) (18 U.S.C. § 1030) is a federal statute that primarily protects against unauthorized computer access such as hacking, it can also impact employers in the realm of social media.  Originally enacted in 1984, CFAA makes it illegal to access knowingly or intentionally a “protected computer” without authorization or in excess of authorized access. Protected computers are defined broadly to include all computers that are used in or affect interstate commerce, and thus include most employer-owned computer systems.  Violations of CFAA may result in criminal penalties, and CFAA also permits individuals (and employers) to bring a civil action for damages or injunctive relief.  Employees rarely sue their employers under CFAA, but employers should nonetheless consider CFAA in formulating their social media policies and determining how they will regulate employee use of social media.