Password sharing. Don’t do it!!! It’s a common phenomenon in the workplace, yet it can lead to unexpected liability in the employment law context for unwary employees. A new breed of creative lawsuits has emerged holding employees (both those terminated, as well as those still employed) liable for damages when vengeful employees access an employer’s computer system and download sensitive information. The opening salvo usually consists of a terminated employee who uses another employee’s password to gain access to an employer’s computer system and then either deletes or maliciously copies information for their own use. Recent court cases have found both the terminated employee as well as the person who shared the password liable. The weapon employers are using to claw back at these employees? It’s called the Computer Fraud and Abuse Act.
The Computer Fraud and Abuse Act was passed in 1986 and was originally designed as a purely anti-hacking statute put in place to deter hacking of government, banking and military computers. It carries both civil and criminal penalties. Recently, aggressive employment lawyers have turned this tool against former employees who have obtained access to confidential information or those who have violated covenants not to compete. All of the protected information is usually stored on the employer’s computer system. While an employer may remove password and other access of a terminated employee (usually immediately coincident with the termination), employees may still be able to get around this “security measure” and get into the system by asking a co-worker for their own operative password.
The Computer Fraud and Abuse Act provides for remedies when there has been access of a “protected computer” (a computer used in interstate commerce, or by a financial institution or the government) when that access was knowing or intentional, and without authorization or exceeding authorization. A business must prove it was damaged by the breach of its security measures, but the threshold is very low ($5,000.00) and the cost of a forensic specialist to determine exactly the nature and extent of the security breach can easily exceed that amount.
Liability will attach to the terminated employee who wrongfully accesses the system of his former employer. However, a new line of cases emerging stands for the proposition that the individual who initially gave the former employee his or her password may also be found liable!
Bottom line, do not share your office password with anyone. You might also think twice about letting your family members use your Netflix password while we’re at it. The same legal principles will one day apply in that area as well!
With over 30 years’ experience in advising employees and businesses on labor and employment issues, let Boznos Law work with you to ensure you are ready to meet the challenges posed by the ever changing employment law landscape. Call Bill Boznos today at (630) 375-1958 or contact us at www.boznoslawoffice.com/contact-us through our website at www.boznoslawoffice.com