{"id":122,"date":"2019-05-14T10:32:48","date_gmt":"2019-05-14T14:32:48","guid":{"rendered":"http:\/\/blogs.duanemorris.com\/delawarebusinesslaw\/?p=122"},"modified":"2019-05-14T10:32:48","modified_gmt":"2019-05-14T14:32:48","slug":"delaware-court-of-chancery-weighs-in-on-federal-computer-fraud-and-abuse-act","status":"publish","type":"post","link":"https:\/\/blogs.duanemorris.com\/delawarebusinesslaw\/2019\/05\/14\/delaware-court-of-chancery-weighs-in-on-federal-computer-fraud-and-abuse-act\/","title":{"rendered":"Delaware Court of Chancery Weighs In on Federal Computer Fraud and Abuse Act"},"content":{"rendered":"<p>When employees leave their employment and take with them their former employer&#8217;s confidential information, the ensuing litigation often contains a claim against the former employee for violations of the Computer Fraud and Abuse Act (the &#8220;CFAA&#8221;).\u00a0 This was so\u00a0in the recent decision by the Court of Chancery in the case <a href=\"https:\/\/courts.delaware.gov\/Opinions\/Download.aspx?id=289470\" target=\"_blank\" rel=\"noopener noreferrer\"><em>AlixPartners, LLP, et al. v. Benichou<\/em>, C.A. No. 2018-0600-KSJM (May 10, 2019).<\/a> \u00a0 In a matter of first impression for the state courts of Delaware, the Court of Chancery was asked to interpret and apply the CFAA&#8217;s provision creating liability for any person who &#8220;intentionally accesses a computer without authorization, or exceeds authorized access, and thereby obtains\u00a0 . . . information form any protected computer.&#8221;<\/p>\n<p>In this case, the complaint alleges that the former employee downloaded company confidential information to a personal hard drive on two occasions&#8211;once before his resignation and a second time after he was given a notice of his dismissal and was no longer performing work for the employer.\u00a0 At issue were the terms &#8220;without authorization&#8221; and &#8220;exceeds authorized access&#8221; of the CFAA, and how they might apply to this factual scenario.<\/p>\n<p>In ruling, the Court of Chancery discussed in detail the split in authority on the application of those terms into a &#8220;broad&#8221; approach and a &#8220;narrow&#8221; approach.\u00a0 Under the more broad interpretation, courts have found that conduct might violate the CFAA where a person has accessed &#8220;a computer or information in violation of\u00a0 one&#8217;s use obligations,&#8221; which will often involve an examination of the person&#8217;s intent or use of such information.\u00a0 The Court, however, applied principles of statutory construction and adopted the more narrow approach to the application of this provision of the CFAA.\u00a0 Under that interpretation, the Court held that the terms &#8220;without authorization&#8221; and &#8220;exceeds authorized access&#8221; apply &#8220;only when an individual accesses a computer or information on that computer without permission.\u00a0 The statute does not impose liability for misusing information to which the individual had authorized access.&#8221;<\/p>\n<p>Given this ruling, the Court dismissed the CFAA claims against the former employee related to first instance of downloading of files (when he was authorized to access the files), but allowed the claims related to the second instance&#8211;after he was allegedly no longer authorized to access the company&#8217;s computer system&#8211;to proceed.<\/p>\n<p>Ultimately, while the Court\u00a0ruled that claims under the CFAA may not be available to address situations where persons who are technically authorized to access computers or information have nonetheless misused that information, that misuse of data may still very well violate certain contractual duties of use and non-disclosure or other state law causes of action (for instance, under an applicable Uniform Trade Secrets Act).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>When employees leave their employment and take with them their former employer&#8217;s confidential information, the ensuing litigation often contains a claim against the former employee for violations of the Computer Fraud and Abuse Act (the &#8220;CFAA&#8221;).\u00a0 This was so\u00a0in the recent decision by the Court of Chancery in the case AlixPartners, LLP, et al. v. &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/blogs.duanemorris.com\/delawarebusinesslaw\/2019\/05\/14\/delaware-court-of-chancery-weighs-in-on-federal-computer-fraud-and-abuse-act\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Delaware Court of Chancery Weighs In on Federal Computer Fraud and Abuse Act&#8221;<\/span><\/a><\/p>\n","protected":false},"author":108,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[122,123,121,119,120],"ppma_author":[153],"class_list":["post-122","post","type-post","status-publish","format-standard","hentry","category-general","tag-cfaa","tag-computer-fraud-and-abuse-act","tag-confidentiality","tag-nda","tag-trade-secrets"],"authors":[{"term_id":153,"user_id":108,"is_guest":0,"slug":"rlrenck","display_name":"Richard L. Renck","avatar_url":"https:\/\/blogs.duanemorris.com\/delawarebusinesslaw\/wp-content\/uploads\/sites\/16\/2014\/08\/renckrichard-125x150.jpg","author_category":"","last_name":"Renck","first_name":"Richard L.","job_title":"","user_url":"http:\/\/www.duanemorris.com\/attorneys\/richardlrenck.html","description":"<a href=\"http:\/\/www.duanemorris.com\/attorneys\/richardlrenck.html\">Read Richard's bio.<\/a>"}],"_links":{"self":[{"href":"https:\/\/blogs.duanemorris.com\/delawarebusinesslaw\/wp-json\/wp\/v2\/posts\/122","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.duanemorris.com\/delawarebusinesslaw\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.duanemorris.com\/delawarebusinesslaw\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/delawarebusinesslaw\/wp-json\/wp\/v2\/users\/108"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/delawarebusinesslaw\/wp-json\/wp\/v2\/comments?post=122"}],"version-history":[{"count":0,"href":"https:\/\/blogs.duanemorris.com\/delawarebusinesslaw\/wp-json\/wp\/v2\/posts\/122\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.duanemorris.com\/delawarebusinesslaw\/wp-json\/wp\/v2\/media?parent=122"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/delawarebusinesslaw\/wp-json\/wp\/v2\/categories?post=122"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/delawarebusinesslaw\/wp-json\/wp\/v2\/tags?post=122"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/delawarebusinesslaw\/wp-json\/wp\/v2\/ppma_author?post=122"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}