Computer Fraud and Abuse Act In Connecticut

Posted on July 6, 2010 by N. Kane Bennett

Previously, I have posted about non-compete agreements and the duty of loyalty for employees.  Many times, businesses do not have written contracts to protect confidential and proprietary information from not only competitors and vendors, but also their own employees.  Without a contract, the common law of Connecticut concerning breach of fiduciary duty is one of the ways attorneys can seek to protect business clients against improper use of confidential information.

Another method for attorneys to seek to protect their clients' confidential information stored on a computer system or network is through the federal Computer Fraud and Abuse Act (CFAA).  The CFAA is largely a criminal statute, but is being used more frequently in civil cases on behalf of businesses faced with loss or theft of confidential and proprietary information and trade secrets.   The CFAA, 18 U.S.C. 1030, essentially provides for civil liability for unauthorized access to protected computers with intent to defraud or cause damage.  There are civil enforcement provisions that allow private actions for recoverable loss related to prohibited conduct if a series of factors can be proved in court.

Recently, Peter J. Toren wrote an excellent article in the New York Law Journal  where he detailed methods in which the CFAA might be useful for attorneys to protect client trade secrets and other confidential information.   Peter listed the six factors necessary for proof of damages.  Peter also noted some of the limitations of the CFAA when it comes to employee theft of trade secrets and described the narrow and broad views taken by different courts when interpreting improper access of a protected computer without authorization. Peter further provides some useful tips for businesses on how to construct a policy in light of the different court interpretations of improper access. 

Lee Berlik, publisher of the Virginia Business Litigation Blog, also has a recent post about the series of hurdles necessary for attorneys to prove loss or damages under the CFAA.  Lee's post describes a threshold of $5,000 in value that must fit into the categories of potential loss defined in the CFAA.  Similar to Peter's article, Lee also describes how a case was unsuccessful in court because of insufficient facts to show loss under the CFAA.

In Connecticut federal courts, the reported cases under CFAA, largely have been unsuccessful for a variety of reasons, many of which Peter's article details.  Some cases were dismissed for failing to meet damages thresholds (Register.com v. Verio, 356 F.3d 393 (2004)) , while another case was dismissed because the facts were insufficient for unauthorized access (Cenveo, Inc. v. Rao, 659 F. Supp. 2d 312 2009)).   However, in a recent case, in the federal district court, Judge Vanessa Bryant issued an order of sanctions and for production of electronic devices for forensic inspection in a case based, in part, and the CFAA. (Genworth Financial Wealth Mngmt. Inc., v. McMullan). 

The takeaway here is that the CFAA provides another potential basis for a business to protect its confidential and proprietary information when the information resides on a computer system or network.  Of course, there are a series of factors that must be met before liability can be established.  Some of these factors may not apply and eliminate the CFAA as a method of recovery as we have seen in several reported cases.  However, the CFAA should be considered and evaluated in any case involving unauthorized access of confidential information through a computer system as it provides an additional basis for potential recovery.  Also, advanced planning with sound internal policies might provide a business with a better chance of success under the CFAA.

I will do a post soon on another statute, Connecticut's Computer Crime Act, that may provide additional remedies for improper access of a computer system or network.

 

 

Tags: , , , , , , , , , , ,

Do You Need A Contract To Stop A Former Employee From Competing?

Posted on November 3, 2009 by N. Kane Bennett

The short answer is yes, a business does need a contract, also known as a "non-compete agreement," to prevent a former employee from fairly competing in business once the employee resigns.  Even with a written agreement, there are limitations on non-compete agreements because they are viewed as a restraint of trade.  To be enforceable, the restrictions in the agreement must be reasonable in time, scope, and geography. The restrictions also must be reasonable in relation to legitimate business interests you are seeking to protect.   

A poorly drafted agreement, or no agreement at all, can leave a business with little legal recourse to stop a former employee from fair competition once the employee resigns.  Simply put, the law in Connecticut permits fair competition upon resignation.  However, the lack of a written agreement does not give free license to employees to unfairly compete in all circumstances. 

For example, what about an employee that starts competing against your business without your knowledge while continuing to work for you?  Is this fair competition that should be freely permitted?  Depending on the circumstances, this type of conduct can be actionable in a civil case for damages.  The actionable conduct is breach of the employee's common law duty of loyalty, which exists without a written agreement in certain circumstances.  There are also statutes in Connecticut that can protect businesses in certain situations that do not require contracts such as unauthorized computer access or misappropriation of trade secrets.   

I just read a story about a recent case that demonstrated some of the legal issues involved when there are no contracts in place with former employees.  According to the small business report by Carlye Adler of CNN, Charter Oak Lending, located in in Danbury Connecticut, lost a trial against several former employees who allegedly left to work for a larger company, CTX Mortgage.  Charter Oak alleged it lost more than a third of its business and a million dollars in fees after a sudden departure of 10 employees to CTX. The litigation lasted four years and ended with a defense verdict for the former employees. Charter Oak is appealing the decision. 

It appears that the decision against Charter Oak was based in part on the lack of contracts and the categorization of the defendants as independent contractors rather than employees.   The Trade Secrets Blog by Womble Carlyle picked up the story and had an interesting take focused on pure versus unfair competition.  The blog post supports the legal concept that a line can be crossed turning pure competition into unfair business. 

Charter Oak's appeal of this case will be interesting to follow.  The outcome will likely depend on what evidence existed at trial to demonstrate unfair competition prior to the employees' departure along with consideration of the duty of loyalty.  The takeaway is that it is always better to have written agreements to protect your business' customers, client lists, and confidential information.  However, the lack of such an agreement will not always give free license to former employees to unfairly compete in all circumstances.   A close examination of the facts of each case must be undertaken to consider common law and statutory remedies that do not necessarily require agreements. 

Tags: , , , , , , , , ,