Navigating The Circuit Split on the Computer Fraud and Abuse Act
Navigating The Circuit Split on the Computer Fraud and Abuse Act and Its Use Against Employees Who Access Protected Electronic Information “Without Authorization”:
The primary statute that many rely upon to enforce breaches or thefts of electronically stored information is the Computer Fraud and Abuse Act (CFAA). The CFAA allows victims to maintain a private cause of action against someone who intentionally accesses a protected computer “without authorization” or “exceeds authorized access,” in order to obtain information, perpetrate a fraud, or cause damage. 18 U.S.C. § 1030(a), (g). The question that many pose is to what extent can a company or employer realistically rely upon the CFAA as a means to protect its information in the case of a breach or unauthorized access to its computing systems. In this regard, there are divergent views among the courts regarding two key elements of the statute that are a potential limit to its true reach: (i) the meaning of “authorization”; and (ii) the scope of recoverable damages.
Posted by John Rosenthal at 12:42 PM - Categories: The Computer Fraud and Abuse Act (CFAA) | The Courts | Case Law
