Departing Employee Taking Data from “Restricted” but Unsecured Folder Doesn’t Violate CFAA

Shawn E. Tuma writes:

When an employer intends to keep a network folder restricted from employees, but fails to (1) objectively communicate this intention or (2) secure the folder from general access, an employee who accesses the folder and takes data from it does not violate the Computer Fraud and Abuse Act (CFAA), even if he does so for an improper purpose.

In Tank Connection, LLC v. Haight, 2016 WL 492751 (D. Kan. Feb. 8, 2016), the court granted the former employee’s motion for summary judgment against the employer’s CFAA claim.

Read more on the Cybersecurity Law Blog.

UN Cybercrime Convention to be signed in Hanoi to tackle global offences
ModMed revealed they were victims of a cyberattack in July. Then some data showed up for sale.
Confidence in ransomware recovery is high but actual success rates remain low
Protected health information of 462,000 members of Blue Cross Blue Shield of Montana involved in Conduent data breach
Resource: NY DFS Issues New Cybersecurity Guidance to Address Risks Associated with the Use of Third-Party Service Providers
TX: Kaufman County Faces Cybersecurity Attack: Courthouse Computer Operations Disrupted

Departing Employee Taking Data from “Restricted” but Unsecured Folder Doesn’t Violate CFAA

Related:

1 thought on “Departing Employee Taking Data from “Restricted” but Unsecured Folder Doesn’t Violate CFAA”