Riley Brennan reports:
The U.S. Court of Appeals for the Third Circuit clarified this week that an employee’s purported violations of workplace computer use policies cannot be criminalized under federal law as long as there is no evidence of hacking or violations of trade secrets.
On Tuesday, the federal appellate court affirmed the U.S. District Court for the Middle District of Pennsylvania’s decision finding that defendants Nicole Durenleau and Jamie Badaczewski didn’t violate the Computer Fraud Abuse Act (CFAA) by violating computer policies of their employer, debt collection firm National Recovery Agency Group. National Recovery claimed that Durenleau and Badaczewski violated its computer policies and trade secrets when Durenleau sent her passwords to Badaczewski to access her work computer while she was out sick and working remotely.
In a matter of first impression, the Third Circuit concluded the employees were authorized to access National Recovery’s computer systems as employees of the company.
“Indeed, there are many other causes of action—breach of contract, business torts, fraud, negligence, and so on—that provide a remedy for employers when employees grossly transgress computer-use policies,” said Judge Thomas L. Ambro, who authored the decision and was joined by Judges Thomas Hardiman and Theodore McKee. “The CFAA is the wrong tool for NRA’s project. With today’s holding, we mean to turn future litigants to other causes of action so that we do not make ‘millions of otherwise law-abiding citizens [into] criminals.'”
Read more at Law.com.