Tell staff: Break data rules, risk prosecution

June 16, 2011
in Employment Law

When explaining your computer-use policy, make sure employees understand they may be criminally prosecuted if they violate the rules and gain access to information they have no business reading.

That should make them think twice about obtaining confidential in­­for­ma­tion and passing it on to the competition.

Recent case: David Nosal worked for the executive-search firm Korn/Ferry International for about eight years. When he left, he agreed not to compete against the company for 12 months—in exchange for 12 monthly payments of $25,000.

After Nosal left, federal prosecutors began to suspect that he had enlisted the help of several current Korn/Ferry employees to gain access to company databases containing the names of executives worldwide. The authorities believed Nosal intended to use the information to set up a competing executive-search firm.

Nosal and his accomplices were charged under the Computer Fraud and Abuse Act (CFAA).

At trial, prosecutors pointed out that Korn/Ferry had a policy that said em­­ployees could only use electronic information to conduct official company business. In addition, whenever employees accessed the system, they received a warning explaining the policy and warning them that violating it could be grounds for termination and prosecution.

The 9th Circuit Court of Appeals ruled that Nosal’s alleged accom­plices could be charged with CFAA violations based on their unauthorized use of confidential information, as long as they had been warned not to do so. That was true even though they hadn’t violated any rules on accessing the information—only on how they used the information. (U.S. v. Nosal, No. 10-10038, 9th Cir., 2011)

Final note: Now is the time to review your computer-use policies.

Leave a Comment