One of your employees emails your customer list to a competitor. Illegal, right?
Not necessarily. It’s only a violation of the Computer Fraud and Abuse Act if you’ve got a specific company policy against distributing such sensitive material.
That’s the upshot of a recent federal appeals court ruling in California. Here’s the case.
David Nosal worked for an executive search firm for eight years. Then he struck out on his own.
He enlisted three of his former colleagues to help him in the new startup. They provided Nosal with names and contact information from their company’s customer database — described by Nosal’s former employer as “one of the most comprehensive databases of executive candidates in the world.”
Nosal and his accomplices were indicted under the CFAA.
The three company employees argued they couldn’t be in violation of the law, because they were all authorized to access the customer database.
Written policies were key
An appeals court in San Francisco ackowledged that the three were, indeed, authorized to access the customer list.
What they weren’t authorized to do was provide the information in the database to a competitor — because the company had a formal policy against doing so.
And the company had ample evidence it had a policy of protecting the information. It controlled electronic access to the database and restricted physical access to the computer servers that contained the information.
Employees received unique usernames and created passwords for gaining access to the database.
And, perhaps most importantly, the employer required all of its employees to enter into agreements that both explained the proprietary nature of the information and restricted the use and disclosure of the material except for legitimate company business.
The judge ruled that the employees had violated the employer’s clear rules on handling sensitive company data — and therefore violated federal law.
Covering the bases
Sure seems like it should be against the law for employees to hand over customer lists to competitors.
But in today’s bizarro would of employment law, nothing’s simple.
Which is why smart companies don’t take anything for granted — they set out clear, strict policies about what employees can and can’t do with the information they use to do their everyday jobs.
Perhaps a recent alert from the law firm Fisher & Phillips puts it best:
No Rules = No Recourse Against Employees Who Steal Your Information From Your Computers.
Cite: U.S. v. Nosal. For a look at the full decision, go here.
Why Trust Us?
Our HR editorials undergo rigorous vetting by HR and legal experts, ensuring accuracy and compliance with relevant laws. With over two decades of combined experience in Human Resources thought leadership, our editorial team offers profound insights and practical solutions to real-world HR challenges. This expertise not only enhances the credibility of our content but also makes HRMorning a dependable resource.
For more information, read our editorial policy.
Why do we need your credit card for a free trial?
We ask for your credit card to allow your subscription to continue should you decide to keep your membership beyond the free trial period. This prevents any interruption of content access.
Your card will not be charged at any point during your 21 day free trial
and you may cancel at any time during your free trial.
During your free trial, you can cancel at any time with a single click on your “Account” page. It’s that easy.
