Former Employees' Delay In Returning Corporate Laptops Held to be a "Loss" Under Federal Computer Fraud and Abuse ActFebruary 16, 2009
Many employees carry company-issued laptop computers that contain the company's sensitive, confidential and proprietary information. Setting aside the third party security risks associated with this practice, what happens when an employee is terminated or otherwise leaves the company's employment and remains in possession of the laptop and its contents?
This is precisely what happened recently to Missouri-based Lasco Foods, Inc. ("Lasco") Two of its regional sales managers, Ronald Hall ("Hall") and Charles Shaw ("Shaw"), left their employment with Lasco and formed their own company. Shaw retained possession of his Lasco-issued laptop for a period of 70 days and Hall retained his for 38 days before returning it to Lasco. Lasco alleged that the company information on both laptops had been deleted before they were returned.
As a result of these developments, Lasco filed a nine-count complaint against Shaw and Hall in federal court in Missouri. Two of the counts alleged violations of federal statutes -- the Computer Fraud and Abuse Act ("CFAA") and the Stored Wire and Electronic Communications Act ("SECA"). Shaw and Hall filed a motion to dismiss both counts, claiming that Lasco failed to satisfy certain elements of each act, including damage, loss and an interruption in service under the CFAA.
The court found that Shaw and Hall's delay in returning the laptops and deleting Lasco's information was not just a 'minor gap in time' as the defendants argued, but constituted an interruption in service resulting in a loss to Lasco. The court recognized that Lasco's complaint satisfied both the elements of damage and loss, although only one of the elements, not both, was required. Ultimately, the court granted Shaw and Hall's motion and dismissed Lasco's complaint because Lasco did not properly allege that Shaw and Hall's access to the information was 'unauthorized,' required elements for both a CFAA and SECA violation. Lasco has been given time to file an amended complaint pertaining to these claims.
Taking proactive steps can help protect your organization in an all too common scenario such as this. First, establishing, monitoring and enforcing strong policies regarding the use of corporate-issued computers and corporate confidential and proprietary information is a must. Equally important is having procedures for the prompt return of corporate computers and information by employees exiting the organization and emphasizing the point that former employees are not authorized to access such information. For more information about the Lasco decision, contact Kathy Ossian.
For more information about legislation or litigation involving technology, intellectual property protection of information technology assets or any other Information Technology law issue, contact your Miller Canfield attorney or Kathy Ossian, Leader of our Information Technology Team, or call her direct at 313.496.7644.