Trade Secrets and Noncompete Blog : Non-Compete Lawyer & Attorney : Epstein Becker Green Law Firm : Trade Secrets & Confidentiality Agreements

Earlier this year, Aon Risk Services Northeast Inc. (“Aon”) brought suit in the United States District Court for the Southern District of New York against Marsh USA Inc., Marsh & McLennan Companies, Inc. (together, “Marsh”), and three former employees. In its Amended Complaint, Aon asserted that the defendants transferred a “pre-packaged book of business” to Marsh, primarily by the former employees’ “illegal downloading of Aon proprietary trade secret information.” Aon asserted a claim under the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. §1030, against the three former employees, and asserted nine common law claims, including misappropriation of trade secrets, breach of contract and unfair competition, under New York state law against Marsh and the former employees.

The Court issued an Order granting an application by defendants to dismiss all of the state law claims, on the grounds that they are different from and substantially predominate over Aon’s lone federal claim under the CFAA. See Aon Risk Servs. Northeast, Inc. v. Kornblau, 10 Civ. 2244 (RMB), 2010 U.S. Dist. LEXIS 38140 (S.D.N.Y. Apr. 19, 2010). The state law claims were dismissed without prejudice to their renewal in an appropriate forum. On April 23, 2010, Aon re-filed its nine state law claims in the Supreme Court of the State of New York, New York County, Index No. 601058/10.

The three former employees have now moved to dismiss the only remaining claim, under the CFAA. In their brief, they argue that the CFAA claim is deficient because they did not exceed their authorized access to Aon’s computers. The former employees state that the CFAA prohibits unauthorized access to protected computers, not unauthorized use of those computers and the confidential information thereon. This issue -- the application of the CFAA to alleged employee computer abuse -- is the subject of numerous court decisions across the country, some of which interpret the CFAA’s “without authorization” language broadly, and some of which interpret it narrowly, as the former Aon employees urge.

The procedural history of the case so far shows that Aon’s pairing of the CFAA claim with its state law claims -- the gravamen of its Complaint -- has not worked out well. If the CFAA claim was included in order to secure federal jurisdiction over the dispute, it was unsuccessful; the Court’s Order dismissing the state law claims led Aon to commence a second action in state court. While the Court has yet to rule on the former employees’ motion to dismiss the CFAA claim, Aon’s CFAA claim may lack the requisite allegations to withstand the motion to dismiss. If so, Aon’s efforts to go on the offensive against the alleged unfair competitors will result in two setbacks straight out of the gate.
 

This week the Ninth Circuit Court of Appeals issued a published opinion rejecting an employer’s argument that its former employee violated the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030, when he emailed company client lists and financial data to himself for personal use. LVRC Holdings LLC v. Brekka, ___ F.3d ___, 2009 WL 2928952 (9th Cir. 2009).

The Seventh Circuit reached the opposite conclusion in International Airport Centers, LLC v. Citrin, 440 F.3d 418 (7th Cir. 2006), reasoning that when an employee breaches his duty of loyalty to the employer, the agency relationship terminates and the employee is no longer “authorized” to access the employer’s computer within the meaning of the CFAA.

The Ninth Circuit rejected this statutory interpretation as contrary to the rule that where a statute has both criminal and noncriminal applications, courts should interpret it consistently in both contexts and resolve ambiguity in favor of lenity, avoiding interpretations that are “surprising and novel.” Because the employee in LVRC Holdings was authorized to use the company computer and to access the information, he did not violate the statute regardless of his motivation.

The opinion suggests that the result might have been different if the employer had a policy prohibiting employees from emailing company data to their personal email accounts or requiring employees to return or destroy confidential information upon the conclusion of their employment.
 

Employers looking to protect their intellectual property and proprietary information, and wondering whether they can punish the departing employees that ignore demands to return laptops and other transportable electronic devices that hold such data, may now have a newly invigorated weapon at their disposal — the Computer Fraud and Abuse Act.  A recent federal district court decision found that an employer establishes the required “loss” and “damage” elements of a CFAA claim against a former employee by showing that such employees “refused to return their computers” when requested, that such employees “deleted information from their computers,” and that the employer “had to perform a forensic investigation to determine what information was deleted from” these laptops. Because the CFAA provides a statutory claim that applies to all electronically stored information (confidential or not), provides for federal court subject matter and allows for the recovery of a variety of damages and costs, including those related to expert fees, employers and intellectual property owners may find it attractive. For further details and analysis of these issues, see, by clicking here, the May 5, 2009 article by Jim Flynn appearing in IP Law 360 and Employment Law 360.