It is scary when the law gets into computing…

March 28, 2007 at 12:57 pm | Posted in News, Technical | Leave a comment

This week a district court in Florida will rule on a lawsuit alleging an employee violates the Computer Fraud and Abuse Act (CFAA) by deleting files and emails from a company-owned computer. The CFAA was intended to protect networks from hackers, but was unfortunately written in a rather short-sighted manner. It says anyone who ‘knowingly causes damage without authorization’ to a networked computer can face civil and criminal liability.

This isn’t the first time an employer has taken an employee to court for performing an unauthorized deletion of files.  There was a case last year in the 7th Circuit Court, International Airport Centers  v. Citrin (2006) with essentially the same scenario. An executive is leaving the company, and uses a permanent deletion utility to remove files from a company-owned laptop. The company finds out, gets really mad that they can’t view his files, and takes him to court.

In the IAC v Citrin matter, the Illinois courts had denied the plaintiff’s case, but they appealed, and the decision was reversed by the federal court.

The case in Florida,  PharMerica v. Arledge is just getting off the ground, and one year after the IAC v. Citrin, it doesn’t look good for Arledge.

So, if you’re leaving your employer and you’ve got personal data stored on your company-owned PC, what should you do?

First, I’m not a lawyer, so I’m not the one to ask.

If you want my off-the-cuff response, though, if it’s on the work computer already, it’s too late to do anything about it. You should talk with your company to negotiate a peaceful and agreeable way to remove your personal information for privacy reasons.

The best thing to do, though, is not to get in that situation if you can avoid it. You should never ever store anything on a company-owned computer that you don’t want everyone in the company to see after you leave. Store your data on an external device that you personally own, or store it in a web-based service owned by a third party, such as your Gmail account. Whatever is on that company-owned computer is subject to a pretty nebulous law which seems to be open to a very broad field of interpretation. Better safe than sued, I think.


TrackBack URI

Blog at
Entries and comments feeds.

%d bloggers like this: