Implementing a Policy Review to Ensure You Are Protected Under The Computer Fraud and Abuse Act, Part 1: Why You Should Conduct a Policy Review
Ambrose McCall will be presenting "The Computer Fraud and Abuse Act: Navigating the New Normal of Workplace Technology and Cybersecurity" on Thursday, October 12, 2017, at the 22nd Annual Labor & Employment Seminar. This year's Seminar will be held at the Hilton Chicago-Northbrook in Northbrook, Illinois. Please visit our website for more details.
One size rarely fits all, especially where technology is concerned. So too is employer coverage under the Computer Fraud and Abuse Act (“CFAA”). Cookie-cutter molds for aspects of your business simply do not work.
Certain situations readily qualify for coverage under the CFAA, such as when current or former employees hack into employer databases or files that were always off-limits to the employee, such as:
- Databases that contain highly protected financial data with account numbers that employees could use to misappropriate funds;
- Digital files that contain confidential business strategies that the employee accesses to alter, delete, or erase its digital files so that the employer must reconstruct the file, which usually involves significant costs to the employer; and
- Digital files with confidential proprietary client contact and marketing data that a current employee, acting as a conduit to a former employee who now lacks authorized access, removes or transfers with the purpose of permanently damaging the digital files at great cost to the employer.
The employer's protections under the CFAA, however, extend beyond these more common examples. The CFAA also can protect employers that enforce existing policies against current employees who may have arguably exceeded their authorized access to the employer’s computers, networks, and digital files.
The humility that comes with experience has taught many of us that no magic policy language exists that can transform an employee's marginal violation of your authorized access policy into a clear violation which is covered by the CFAA. Therefore, employers should examine their policies and processes as a whole with an eye toward determining whether their policies and practices work cohesively to prohibit an employee's access to designated computers, networks, and digital files, and that the employer is adequately protected from employee misconduct under the CFAA. In Part 2 of this series, we will provide detailed guidance on how to conduct your policy review and questions that you should consider throughout the policy review to ensure you are protected under the CFAA.
Topics
Featured Insights

Lawyers' Lawyer Newsletter
Jun 29, 2026
Beyond Malpractice: The Rising Threat of Privacy and Statutory Claims Against Lawyers

In The News
Jun 26, 2026
Brian McGrath Discusses Far-Reaching Impact of a NY Foreclosure Ruling on Mortgage Industry

In The News
Jun 26, 2026
Jason Oliveri Discusses AI Companions in Elder Care and the Risks for LGBTQ+ Residents

Event
June 25-26, 2026
Todd Young Speaks on Importance of Financial Literacy to ESOP Culture

Press Release
Jun 25, 2026
Scott Seaman Appointed to DRI Center for Law and Public Policy’s Social Inflation Task Force

In The News
Jun 23, 2026
Michael Dowell Explores New OIG Compliance Expectations for MAOs

Press Release
Jun 23, 2026
Jennifer Driscoll Reappointed as the ABA Antitrust Law Section Co-Chair of Comments

Press Release
Jun 22, 2026
Hinshaw Named a Client Service Standout Firm in BTI Consulting Client Service A-Team 2026

In The News
Jun 22, 2026
Lucy Wang Discusses California Insurance Solvency Regulation Addressing Climate Risks



