Today I read a case that has a fascinatingly spiteful set of facts and provides a great example of how an employer can use the Computer Fraud in Abuse Act to get an injunction and put a stop to the mischief caused by an employee that is gone off the deep end.
I have read a lot of Computer Fraud and Abuse Act cases but, in terms of the spitefulness of the parties, this is one of the better ones. While this is an employment case, it is not your usual case of employee leaving to go work for a competitor and taking the employer’s top-secret goodies with him. This one is better! This one is about spite, plain and simple!
The case is Wells Fargo Bank, NA v. Clark, 2011 WL 3715116 (D. Or. 2011) and it involved an employee (Clark) who had a habit of sending inappropriate emails, yelling and swearing at members of Human Resources and engaging in other “unprofessional conduct”. Ultimately, he was fired and that’s where the fun really began. Clark took with him his company laptop, as much confidential and proprietary information as he could get his hands on–including private customer account information. All of this was in violation of his employment agreement and confidentiality agreement.
Clark eventually returned the laptop but, when he did, it was wrapped in a brown paper bag, seriously damaged, could not be opened and, in the court’s words, “every portal appeared to be compromised” … I don’t really know what that means. Anyway, because the laptop was virtually destroyed the bank had a forensic computer expert extract the data from the computer (p.s., if you need computer forensics call my friends at Protegga!). The data remaining on the computer turned up another surprise for the bank.
Not content to just keep the information he had taken, Clark had decided to do one better. He set up a website called “Wells Fargo Homepage Crimepage” where he made available on the Internet every bit of information he had from the bank, including the private customer information such as their names, addresses, details of loans applied for, and other information. Can you say privacy violations and data breach, extraordinaire?
As soon as the bank learned about the website, they demanded that he take it down. Of course he refused.
The bank then used the trump card of the Computer Fraud and Abuse Act’s provision allowing for injunctive relief and went to court and obtained a temporary restraining order forcing Clark to take down the website and stop disclosing the information. The bank also sought a preliminary injunction to keep the restrictions of the temporary restraining order in place during the course of the lawsuit. This case provides a great example of why the injunctive relief provision of the Computer Fraud and Abuse Act is so powerful and why employers should be aware of it when they have employees that go off the deep end the way Clark did!