Employee Did Not Violate the Stored Communications Act or Computer Fraud and Abuse Act by Permanently Deleting Information From Employer’s Computer

Recently, a Washington court dismissed an employer’s claims under the Stored Communications Act (SCA) and Computer Fraud and Abuse Act (CFAA) against an employee who copied and permanently deleted employer files from an employer-provided computer. Before resigning to work for a competitor, the employee accessed the information on the employer’s computer, some of which was stored only on the computer’s hard drive, and permanently deleted the files. The employer sued, claiming violations of the SCA and CFAA, as well as state law claims including breach of contract and misappropriation of trade secrets. The court found that the employer’s computer was not a “facility” for purposes of the SCA, following the reasoning of previous courts holding that if a “personal computing device” is a “facility,” other parts of the SCA become illogical. To avoid a fractured or nonsensical reading of the statute, courts have distinguished between service providers and personal computers or their users. Additionally, the court found that the information accessed and deleted by the employee was not “in electronic storage” as required to find a violation of the SCA. Finally, the court found that the employee did not violate the CFAA, which protects against the unauthorized access of information but does not reach misuse of information. Because the employee was authorized to use both the employer’s computer and the information stored on it, the court dismissed the employer’s CFAA claim.

TIP: Employers should be aware that federal statues such as the Stored Communications Act and the Computer Fraud and Abuse Act may not protect against employee misappropriation of the employer’s information.