The U.S. Supreme Court will soon hear Nathan Van Buren v. United States to decide on a case with far-reaching implications for how employers should establish and enforce policies to regulate and secure information accessed in the workplace. Specifically, the case raises questions about the legality of accessing information (e.g., whether access is authorized or prohibited) and ultimately will decide how the Computer Fraud and Abuse Act (CFAA) is interpreted. The CFAA makes it a federal crime when someone “accesses a computer without authorization or exceeds authorized access, and thereby obtains information from the computer.” The forthcoming Supreme Court ruling will decide on whether someone commits a federal crime when they use a computer that is permitted, but data access is in violation of an employer’s policy, website terms of service agreements, or other legal restrictions.
The Van Buren case arose following conduct by Nathan Van Buren, a police officer who accessed state and governmental databases to look up a license plate for someone in exchange for payment and not associated with any law enforcement purpose. The lower court held that Van Buren committed a federal crime under the CFAA.
The implications for the workplace of a very broad interpretation of the CFAA may be enormous, leading employers to report unauthorized information access and violation of information policies by employees to law enforcement. Most employers have policies regarding the use of computers by employees, including limiting an employee’s ability to access the internet and certain internal databases and systems. These policies, if a broad interpretation of the CFAA is defined by the ruling, would be imbued with the force of law. Such an interpretation could fundamentally impact the enforcement of employer policies.
Takeaway: Upcoming Supreme Court decision may fundamentally impact enforcement of an employer’s computer usage in the workplace policies.
The postings on this blog were created for general informational purposes only and do not constitute legal advice or a solicitation to provide legal services. Although we attempt to ensure that the postings are complete, accurate, and current as of the time of publication, we assume no responsibility for their completeness, accuracy, or timeliness. The information in this blog is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. Readers should not act upon this information without seeking professional legal counsel.
This blog may contain links to independent third party websites and services, including social media. We provide these links for your convenience, and you access them at your own risk. We have no control over and do not monitor the content or policies (including privacy policies) of these third-party websites and have no responsibility for, and no liability with respect to, their content, accuracy, or reliability. Unless expressly stated, we do not endorse any of the linked websites or any product, service, or publication referenced herein or therein. We will remove a link to any site from this blog upon request of the linked entity.
We grant permission to readers to link to this blog so long as this blog is not misrepresented. This site is not sponsored or associated with any other site unless so identified.
If you wish for Wilentz, Goldman & Spitzer, P.A., to consider representing you, please obtain contact information from the Contact Us area of this blog or go to the firm’s website at www.wilentz.com. One of our lawyers will be happy to discuss the possibility of representation with you. However, the authors of Wilentz blogs are licensed only in New Jersey and/or New York and do not wish to represent anyone who viewed this site in a state where the site fails to comply with all laws and ethical rules of that state.