Employers can take a lot of internal steps to protect confidential and proprietary information. Confidentiality and non-disclosure policies, limiting distribution to a need-to-know basis, passwords to secure data, locks for file cabinets, and security cameras are some of the more common tools at an employer's disposal. One thing that is difficult to guard against, though, is a disgruntled employee purposely sabotaging or destroying data, which is exactly what Fox News is reporting happened to an architectural firm in Jacksonville, Florida. An employee saw a help-wanted ad in the newspaper for her job, assumed she was about to be fired, went into the office late at night, and erased 7 years' worth of drawings and blueprints worth $2.5 million.
In cases such as these, where an employee erases data, the employer has a federal statutory remedy – the Computer Fraud and Abuse Act. This criminal statute generally prohibits one from causing the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization to a protected computer.
The seminal case for employee liability under this statute is International Airport Centers v. Citrin. In that case, Citrin decided to quit his employment with IAC and going into business for himself. Before returning his laptop to IAC, he wiped the hard drive loading a secure-erasure program, permanently erasing all of the stored data. His intent was not only to prevent his employer from recovering his work product, but also to hide the improper conduct in which he had engaged before he decided to quit. The 7th Circuit permitted IAC to pursue a private cause of action against Citrin under the Computer Fraud and Abuse Act. To date, no Ohio Court that I am aware of has ruled on whether this liability is available under the CFAA.
While courts are still wrestling with the limits of the CFAA in the employment context, it provides employers with a powerful weapon against disgruntled employees and employees who seek to harm an employer for anti-competitive purposes. To try to deter this type of conduct in your workplace, think about putting language into employee handbooks that informs employees that it would be a violation of federal law to engage in this type of industrial espionage.
[Hat tip: Strategic HR Lawyer]