Lawyer Article

Published in the November 22, 2005 issue of Southeast Tech Wire.

In an economy more driven by information than large capital investment, one of the greatest risks faced by many companies is the prospect of its most valuable assets – its employees and the knowledge in their heads – walking out the door. Few companies can easily withstand the shock of losing key members of a sales force, top R&D personnel, or their best marketers to the competition. More frightening still are circumstances where nearly whole departments defect to competitors or decide to start their own competitive businesses.

In the past, companies have made use of a limited number of legal tools in seeking to prevent employees from competing using the confidential information of their former employers. For the most part, companies have tried (1) non-compete agreements which limit post-employment competition with the former employer, (2) non-solicitation agreements which attempt to wall off the former employee from his old employer’s customers, and (3) confidentiality agreements which attempt to provide legal limitations on the use of the employer’s information. In addition, most States have adopted trade secrets protection acts which forbid persons from using the trade secrets of others, including those of former employers.

All of these legal tools have their uses and their drawbacks. A series of recent cases, including an important pharmaceutical industry case from a North Carolina federal court, illustrate that a new tool for protection of trade secrets may be available to counter the problems arising from the departure of key employees. That tool is the federal Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030, a statute originally enacted in 1984 to protect the federal government’s computers and computer data.

In 1996, just as the Internet was assuming a predominate role in the economy, Congress expanded the CFAA to cover any “protected computer” defined to include a computer “which is used in interstate or foreign commerce or communication.” As a practical matter, the CFAA now covers virtually any computer linked to the Internet. More importantly, the CFAA forbids access of such a computer “without authorization” and prohibits a person with access from “exceeding the authorized access.” Many (if not most) employee departures and defections to competitors make some use of the former employer’s computer data, often by emailing confidential information to the competitor or downloading the information onto computer disks and bringing those disks to the new employer.

The initial use of the CFAA in this context did not occur until 2000 in Shurgard Storage Centers v. Safeguard Self Storage, 119 F. Supp. 2d 1121 (W.D. Wash. 2000). Shurgard was an action between two competitors in the self-storage business. The plaintiff was the industry leader; the defendant hired away plaintiff’s Regional Development Manager who had full access to plaintiff’s confidential business plans, expansion plans and other trade secrets. According to the complaint, the manager sent emails to the defendant containing those trade secrets and proprietary materials.

The plaintiff brought an action which included a claim for violation of the CFAA. Federal jurisdiction was based on the Act. Defendants challenged the basic notion of whether the CFAA applied at all in this context. The court rejected each of defendants’ challenges based on the statutory language and the legislative history of the Act. Among other important holdings, the court first ruled that even though the manager was generally authorized to access the information, his authorization ended when he began acting as an agent for the corporate defendant. In other words, the CFAA did not apply solely to “outsiders.” Second, in order to be covered under the CFAA, plaintiff did not need to show that the alleged violation affected the national economy, but only that the computer was used in interstate commerce. Third, even though the data accessed and transmitted was not altered or destroyed, it was damaged within the meaning of the Act because it was no longer maintained in its protected state as a result of the violation.

The recent North Carolina federal case, Biovail Corp. v. Verum Pharmaceuticals, Inc., 5:02-CV-868-BO(3) (U.S.D.C., E.D.N.C.), presents another illustrative example. In that case, five key employees of the plaintiff, Biovail, left the company to go to work for a competitor, the defendant, Verum. Biovail brought suit for breach of contract (including certain non-compete agreements), misappropriation of trade secrets, unfair and deceptive trade practices, and violations of the CFAA. Biovail claimed that defendants intentionally accessed its computer system without authorization by inducing another employee to send an email containing confidential information to Verum. The court ruled as an initial matter that such an allegation, if true, could violate the CFAA. As a general matter, any disloyal employee who acts surreptitiously by accessing his employer’s computer for the benefit of a competitor could be violating the CFAA. (The case is currently on appeal in the United States Court of Appeals for the Fourth Circuit.)

The most difficult aspect of establishing a claim against a former employee is showing that the former employee was “without authorization” to access the computer or exceeded his authorization in doing so. In most cases, a company’s ability to establish the no-authorization element will be determined by looking to the company’s computer usage policy. That policy may be part of an employee manual or may even be based on the computer itself. In some cases, a written agreement may be best. In any event, companies should have such a policy in place in order to protect themselves from the possibility of unfair competition from defecting employees.

A one-size-fits-all computer usage policy, however, is not likely the best. When determining which forms of protection work best, business should consult with lawyers who know their companies, their industries, and understand the nuances of the CFAA and other critical issues surrounding trade secrets.

© Pressly M. Millen, 2003.