As the year draws to a close, employer claims under the Computer Fraud and Abuse Act (“CFAA”) against departing employees for stealing or otherwise diverting employer information without authorization to do so are dying slow deaths in many federal courts across the nation. As noted over on the Non-Compete and Trade Secrets Report, the U.S. federal circuits are split regarding whether an employee acts “without authorization” under CFAA when he or she steals employer confidential data at or near termination. The Second, Ninth and Fourth Circuits hold that as long as the employee was permitted to be on a computer for any purpose, diversion of employer information is “authorized” under CFAA. In contrast, the First, Fifth, Seventh, and Eleventh Circuits have adopted a broad construction, allowing CFAA claims alleging an employee misused employer information that he or she was otherwise permitted to access.
Now, in North Carolina at least, employers may have better luck under fighting malevolent employees under the North Carolina statutory corollary to CFAA. In Sprirax Sarco, Inc. v. SSI Eng’g, the Eastern District of North Carolina put teeth into the North Carolina Computer Trespass Act (“NC Computer Trespass Act”) giving employers a new weapon in the fight against trade secret and confidential information misappropriation by departing employees. The NC Computer Trespass act, N.C. Gen. Stat. § 14-458, provides, in relevant part:
(a) . . . [I]t shall be unlawful for any person to use a computer or computer network without authority and with the intent to do any of the following:
(1) Temporarily or permanently remove, halt, or otherwise disable any computer data, computer programs, or computer software from a computer or a computer network. . . .
(3) Alter or erase any computer data, computer program or computer software. . . . [or]
(5) Make or cause to be made an unauthorized copy, in any form, including, but not limited to, any printed or electronic form of computer data, computer programs, or computer software residing in, communicated by, or produced by computer or computer network.
Unlike the CFAA, the NC Computer Trespass Act defines “without authority” clearly. An employee acts “without authority” when either the employee has no right or permission to use a computer, or the employee uses a computer in a manner exceeding the right or permission given by the employer. The United States District Court for the Eastern District held that a departing employee who intentionally used his employer-issued laptop to download vast quantities of computer files to his own media devices and Dropbox account, was acting “without authorization” under the NC Computer Trespass Act. The Court also noted that the former employee also deleted vast quantities of computer files from the Spirax-issued laptop “without authorization” to so.
Spirax provides employers with employees in North Carolina a new tool for protecting corporate information access without the need to tread into the murky waters of the CFAA.