Computer Use Policies – Do They Even Matter?

They Certainly Do!

If a company has a policy or contractual agreement that places limitations on the permissible reasons for accessing the company computer or permissible uses for the data on that computer, it will usually be enforceable according to a majority of the federal courts of appeals that have addressed the issue.

What does this mean?

It means the company can authorize people to have only limited access to the computers for a specific intended use and can only use the data on those computers for the specified intended use. The person accessing the computer must comply with those restrictions. The restrictions can be set forth in a company policy that is promulgated so that everyone knows it; the the restrictions can be in an employment agreement; or, the restrictions can be set forth in any other type of contractual agreement between the company and the people it is authorizing to access its computers.

What can happen?

If the person violates the restrictions, he may be considered to have “exceeded authorized access” in violation of the federal Computer Fraud and Abuse Act (“CFAA”). A violation of the CFAA may, under certain circumstances, be prosecuted as a federal crime or give the company a basis to sue the person for a civil claim for which it may recover economic damages as well as get an injunction against the person who violated the restrictions.

What should you do?

If you are in charge of a company, business, or any other organization that has computers to which other people are authorized to access, you should have policies or contractual agreements that define and limit the authorization by clearly restricting the permissible limits and intended use of access to the computers and the data on the computers.

If you use or access computers that belong to others, for whatever reason, you should be aware of any policies, contracts (including the computer “click-through” type agreements), or other types of restrictions that the owner of the computer places on your use or access of the computer. Not only should you be aware of them, but you must understand them and appreciate what their limitations really are. Then, most important of all, you must abide by them for a failure to do so can lead to serious consequences for violating the CFAA.

If You Need Help Sleeping …

These general principles do not apply in all jurisdictions though this line of reasoning was recently adopted the Ninth Circuit Court of Appeals in the case United States v. Nosal. This brief summary is an over-generalization of the legal issues and analysis involved. If you are interested in reading a more thorough analysis or if you just need some help getting to sleep at night, please read my earlier post Bye Bye Brekka–Hello Nosal! Ninth Circuit Warms-up to Intended-Use Theory of “Access” Under the Computer Fraud and Abuse Act

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s