U.S. Supreme Court Limits Employers’ Recourse Against Errant Employee Computer Usage - American Society of Employers - Michael Burns
Member Dashboard
Course Catalog
Career Opportunities
Contact Us
Pay Invoice
Join

EverythingPeople this week!

EverythingPeople gives valuable insight into the developments both inside and outside the HR position.

Latest Articles

U.S. Supreme Court Limits Employers’ Recourse Against Errant Employee Computer Usage

supreme courtAs the U.S. Supreme Court’s (SCOTUS) 20/21 term wraps up, last week it issued a ruling impacting employers’ employee computer usage policy. In its Van Buren v. United States (No.19-783) case SCOTUS ruled the Computer Fraud and Abuse Act (CFAA) could not be used against employee abuse of company owned computers and databases. 

Before this decision, an employer could seek both criminal and civil liabilities against an employee that both misused their computer access as well as used and obtained information that the employer did not intend them to have. With the Van Buren decision, employers now only have civil recourse when pursuing employees that misuse the company’s computer system.

Why is this important? Employers have long been concerned about employee trade secret theft. The CFAA’s criminal reach gave employers an effective tool to fight employees’ unauthorized access and theft of the employer’s data and intellectual property residing in their computer systems.

In the case of Nathan Van Buren, the defendant was a police officer caught selling information from the police force’s license plate database. When caught, Van Buren was fired and also charged with a felony violation of the CFAA. From this he got an 18-month jail sentence. Officer Van Buren had access to the system but was not authorized to sell the information to outsiders. SCOTUS saw this different from accessing the computer without authorization. 

SCOTUS looked at the CFAA’s “exceed authorized access” language and ruled it was not meant to apply in cases where the employee was given access to the database or computer system. The CFAA would only apply if the employee used the system to access data or information they did not have authorization to access. This decision overruled an 11th Circuit Court of Appeals ruling.

Before this decision, employers had access to this criminal tool to use for any unauthorized use of their computers. Thus, making the possibility that an employee could go to jail for playing a game or performing other “minor but unauthorized tasks on company owned computers.” The SCOTUS ruling narrowed down the impact of this law to avoid a “crazy result” from enforcement.

With the loss of the federal criminal prosecution threat, employers should review their computer security policy with an eye toward both crafting better computer security features that limit access to data and shoring up policies to protect against or pursue employee intellectual property theft. Specifically, check the policy prohibitions that would address unauthorized use of data or information that the employee may have access to through the company’s computer system.

The below IT policy language is a sample of IT system rules. It is intended as an example of some (not all) IT system policy rules an employer can put in place giving notice to employees of prohibited activity. It is not intended to be a complete or exhaustive IT security policy.

Information Exchange

In keeping with the Standards of Conduct signed by all employees, ABC Company software, documentation, and all other types of internal information must not be sold or otherwise transferred to any non-ABC Company party for any purposes other than business purposes expressly authorized by management. Exchanges of software and/or data between ABC Company and any third party may not proceed unless a written agreement has first been signed.

Employees may not use our Systems:

  • To download, save, send or access any discriminatory or obscene material;
  • To download anything from the internet (including shareware or free software) without the advance written permission of their supervisor;
  • To download, save, send or access any site or content that the organization might deem “adult entertainment;”
  • To access any “blog” or otherwise post a personal opinion on the Internet (see Social Media policy);
  • To solicit employees or others;
  • To attempt or to gain unauthorized or unlawful access to computers, equipment, networks, or systems of the organization or any other person or entity;
  •  In connection with any infringement of intellectual property rights, including but not limited to copyrights; and
  • In connection with the violation or attempted violation of any law.

 An employee may not misrepresent, disguise, or conceal his or her identity or another’s identity in any way while using Electronic Communications; make changes to Electronic Communications without clearly indicating such changes; or use another person’s account, mail box, password, etc. without prior written approval of the account owner and without identifying the actual author.

Employees must always respect intellectual property rights such as copyrights and trademarks.  Employees must not copy, use, or transfer trade secrets or proprietary materials of the organization or others without appropriate authorization.

All Systems passwords and encryption keys must be available and known to the organization.  Employees may not install password or encryption programs without the written permission of their supervisor.  Employees may not use the passwords and encryption keys belonging to others.

Numerous state and federal laws apply to Electronic Communications.  The organization will comply with applicable laws.  Employees also must comply with applicable laws and should recognize that an employee could be personally liable and/or subject to fine and imprisonment for violation of applicable laws.

This policy does not limit an employee's rights under Section 7 of the National Labor Relations Act.  Nothing in this policy is meant to restrict an employee's right to discuss the terms and conditions of his/her employment during non-working hours using non-organization systems.

Violations of this policy may result in disciplinary action up to and including discharge as well as possible civil liabilities or criminal prosecution.  Where appropriate, the organization may advise legal officials or appropriate third parties of policy violations and cooperate with official investigations.  We will not, of course, retaliate against anyone who reports possible policy violations or assists with investigations.

 

Additional ASE Resources
ASE Hotline - ASE member can call the ASE HR Research hotline at any time.  Call 248-223-8027.

ASE Handbook Services – ASE provides both classes and consulting on employee handbook development. The next handbook class will be held this fall. For handbook development consulting and services, contact Michael Burns.

 

Source: National Law Journal SCOTUS “Van Buren’ Ruling Makes Policing Employee Conduct More Complicated (6/4/2021)


Filter:

Filter by Authors

Position your organization to THRIVE.

Become a Member Today
Terms  |  Privacy

Copyright 2024 ASE. All rights reserved.
Created by Media Genesis.

Contact
Headquarters
ASE
5505 Corporate Drive, Suite 200
Troy, MI 48098
Phone: (248) 353-4500
Fax: (248) 353-1224

West Michigan
ASE
380 W. Western Avenue, Suite 202
Muskegon, MI 49440
Phone: (231) 759-0916