The United States Supreme Court recently granted a petition for certiorari in Van Buren v. United States addressing the issue of whether it is a violation of the Computer Fraud and Abuse Act (“CFAA”) when an individual who is authorized to access information on a computer, accesses the same information for an improper purpose. The Supreme Court will have a chance to resolve the long-standing circuit split regarding the scope of the CFAA. Some circuits (the 2nd, 4th and 9th) take a narrow view of the CFAA, allowing claims against employees who lacked any authorization to access information stored on computers, but not allowing claims against employees who were permitted access and misused that access for allegedly improper purposes. Other circuits (the 1st, 5th, 7th, and 11th) permit CFAA claims against employees for misusing information stored on the computer even though they otherwise were authorized to access such material.
Jackson Lewis’s Privacy, Data and Cybersecurity practice group, in conjunction with the Non-Competes and Protection Against Unfair Competition practice group, published an article on the Jackson Lewis website, explaining the Van Buren case and its potential impact.
Regardless of how the Supreme Court rules in Van Buren, employers should consider reviewing and clarifying their policies concerning which employees have access to what data, particularly in light of the spike in remote work. We will monitor the Van Buren case and provide updates.