In order to be a “protected computer” within the meaning of the federal Computer Fraud and Abuse Act (the “CFAA”), the computer must be used in interstate commerce at the time of the allegedly unauthorized access of the computer, the U.S. District Court for the District of Massachusetts held.  Pine Env. Servs., LLC v. Charlene Carson and Palms Env. and Survey, LLC, No. 1:14-cv-12830-IT (D. Mass. August 20, 2014).

Defendant Charlene Carson was employed by Plaintiff.  When she resigned her employment to join a competitor, she did not return her company-owned laptop.  Approximately two months after leaving her employment, Carson’s roommate observed her in their apartment working on the laptop.  The roommate left the room and when he returned found a note from Carson asking that he return the laptop to Plaintiff.

After Carson’s roommate returned the laptop, Plaintiff performed a forensic analysis of the laptop and learned that a software program called CCleaner was installed on the laptop and was used after Carson’s last day of employment with Plaintiff to destroy data and files, the internet browsing history, and event log entries on the laptop.  Plaintiff brought several state law claims against Carson and her new employer as well as a CFAA claim.  The CFAA protects computers that are used in or affect interstate commerce or communication from unauthorized use or access.

The CFAA provides a private right of action in certain situations where there is a loss of at least $5,000 when someone (1) knowingly and with intent to defraud, accesses a protected computer or exceeds authorized access and by such means furthers the intended fraud and obtains anything of value; or (2) knowingly causes the transmission of a program, information, code, or command, and as a result intentionally causes damage without authorization to a protected computer; or (3) intentionally accesses a protected computer without authorization and as a result causes damage and loss.  Plaintiff asserted the laptop was a protected computer because the company was engaged in providing rental equipment to other businesses throughout the country, Plaintiff’s principal place of business was in a different state from the one in which Carson lived and worked, and the laptop was used in interstate commerce and communication.

The court dismissed the CFAA claim because the laptop was only being used in interstate commerce when Carson was employed by Plaintiff.  Carson’s use of the laptop during her employment was authorized.  The unauthorized use of the laptop happened after the end of Carson’s employment with Plaintiff and thus occurred at a time when the laptop was not being used in interstate commerce.  The court found that the fact that the laptop formerly was used in interstate commerce did not make the later deletion of files from the laptop an action that was “interstate” in nature.

This decision highlights the importance of requiring employees to return all company-owned devices immediately upon their separation from employment.

 

Tags: CFAA, Computer Fraud and Abuse Act, interstate commerce, protected computer
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Michael R. Bertoncini Michael R. Bertoncini

Michael R. Bertoncini is a Principal in the Boston, Massachusetts, office of Jackson Lewis P.C. He practices labor and employment law, with a particular emphasis on labor relations, employment law counseling and litigation, and data privacy and security law.

In labor relations matters…

Michael R. Bertoncini is a Principal in the Boston, Massachusetts, office of Jackson Lewis P.C. He practices labor and employment law, with a particular emphasis on labor relations, employment law counseling and litigation, and data privacy and security law.

In labor relations matters, he regularly counsels clients on the practice of positive employee relations, negotiates collective bargaining agreements on behalf of organized clients, represents clients in labor arbitrations and National Labor Relations Board proceedings, and counsels clients with respect to rights and obligations under collective bargaining agreements and applicable labor and employment laws. He also has extensive experience in advising organizations responding to corporate campaigns and negotiating neutrality agreements.

Mr. Bertoncini’s privacy and data security practice focuses on advising clients on complying with HIPAA and other state and federal privacy and data security laws. He regularly reviews and develops policies and procedures, written information security plans and integrated compliance programs to assist clients in meeting their obligations under privacy and data security laws. Mr. Bertoncini has represented clients in investigations of alleged data breaches and advises them on their reporting obligations in the event of a data breach. He also conducts workplace training programs on HIPAA compliance and related privacy and data security topics.

Before joining Jackson Lewis, Mr. Bertoncini was Deputy General Counsel for a hospital system that is the largest fully integrated community care organization in New England. He was responsible for all of the system’s labor and employment law matters, and was involved in its acquisition by a private equity firm as well as its growth from six to ten hospitals in a twelve-month period. His three years as in-house counsel for this large health care system give Mr. Bertoncini a keen understanding of the impact of labor and employment law issues on clients’ business operations.

In addition to his labor relations and privacy experience, Mr. Bertoncini has extensive experience in conducting internal investigations and counseling clients on whistleblower and retaliation matters, as well as negotiating executive agreements, both employment and separation agreements. Mr. Bertoncini also represents clients in the litigation of employment matters. His litigation experience includes matters before federal and state courts and administrative agencies. He has appeared before United States Courts of Appeals and District Courts, Massachusetts and New York state courts, the Equal Employment Opportunity Commission, and the Massachusetts Commission Against Discrimination.

Mr. Bertoncini is a frequent speaker and trainer on labor and employment law topics for various organizations including Massachusetts Continuing Legal Education, Council on Education in Management, Lorman Education Services, the Boston Bar Association, and several chambers of commerce.

While attending Boston College, he received the John A. McCarthy, SJ Award for the most distinguished Scholar of the College thesis.

Read more about Michael R. Bertoncini
Show more Show less
Related Posts
Recent HIPAA Settlement Offers Lessons on Data Disposal and the Meaning of PHI
August 24, 2022
Massachusetts Legislature Evaluates Its Own Comprehensive Consumer Privacy Law
February 15, 2022
The RIPTA Data Breach May Provide Valuable Lessons About Data Collection and Retention
January 12, 2022