View Cart View Cart
<< Back to Electronic Communications

Information Database

Employee Transfer of Confidential Documents to Home Computer Not a Violation of CFAA

Kristine E. Kwong, Hinshaw & Culbertson LLP

In LVRC Holdings LLC v. Christopher Brekka (9th Cir. 2009), the Ninth Circuit Court of Appeals held that an employee did not violate the Computer Fraud and Abuse Act (CFAA) when he transferred documents from his employer's computer to his personal email account.  The employer, LVRC Holdings, allowed Brekka to commute between his home in Florida and LVRC in Nevada.  Brekka was assigned a computer at LVRC.  While commuting back and forth between Florida and Nevada, he emailed documents in connection with his work to his personal computer.  Most significantly, LVRC did not have a company policy that prohibited employees from emailing work-related documents to their personal computer.

Brekka emailed the LVRC's financial statements, marketing budget, admission reports, and other confidential documents to his personal computer while he was in negotiations with LVRC to purchase an ownership interest in the company.  After negotiations broke down, Brekka terminated his employment with LVRC.  Thereafter, a routine check of Brekka's work computer revealed that while employed, he emailed confidential documents to his personal email account.  LVRC sued Brekka under the Computer Fraud and Abuse Act for transferring documents without permission.  The court ruled in favor of Brekka.

The court said that in order to prove a claim under the Computer Fraud and Abuse Act, the employer must show that the employee intentionally accessed the computer without authorization and obtained information in violation of company policy.  The court held that LVRC failed to show that Brekka violated any company policy regarding the removal of confidential documents.  The court found that the LVRC gave Brekka authority and authorization to access the documents that were found in his personal computer.  The court held that there was ample evidence that Brekka had permission to access the computer and the job required him to transfer documents to his personal computer.  This case illustrates the importance of having very clear written policies describing when employees may access documents and a policy prohibiting the removal or transfer of any work-related documents to non-work-related computers without specific authorization.

Kristine E. Kwong, Hinshaw & Culbertson LLP.  You can contact Ms. Kwong at kkwong@hinshawlaw.com.