CFAA Conundrum

Brent Cossrow, a Philadelphia partner and member of the Employee Defection and Trade Secrets Practice Group, was quoted in the May issue of InsideCounsel magazine for the article "CFAA Conundrum." The article recounts the case where an employee fabricated an illness, took leave, then went to work for his employer's competitor and downloaded more than 900 documents belonging to his original employer. The company had policies covering confidentiality, security and dual employment and sued the employee under the Computer Fraud and Abuse Act (CFAA). A court tossed the suit. Brent said, "[The decision] crystallizes the importance of taking additional steps to limit employee access to trade secrets and confidential information on computer systems." He said that the perceived reluctance by some courts to enforce the CFAA in employer-brought cases could be because "it would federalize certain misappropriation-related claims against disloyal employees, which for the most part already give rise to state-law causes of action. These decisions are well-reasoned analyses that reflect a legitimate, robust debate within the federal judiciary." Brent suggested that companies prepare a checklist for employee separations to ensure remote access is terminated, and all data on flash drives and other mobile media is returned. He said that in some instances, it might be worth having a forensic expert review employee e-mail accounts.