Probably not successfully. But that didn’t stop one employer from trying. In Lee v. PMSI, Inc., the plaintiff sued her former employer for pregnancy discrimination. The employer filed a counterclaim under the Computer Fraud and Abuse Act (CFAA). The basis for the claim was that Lee engaged in “excessive internet usage” and “visit[ed] personal websites such as Facebook and monitor[ed] and [sent] personal email through her Verizon web mail account.” That’s right–the employer sued its former employee on the basis that the employee’s on-duty Facebook use constituted a violation of the CFAA.
As you may imagine, the federal district court did not find merit in this claim. U.S. District Judge Steven D. Merryday, of the Middle District of Florida, Tampa Division, granted the employee’s motion to dismiss, finding that the employer had failed to allege either of the two bases for a CFAA violation–that the employee caused damages to the computer system or that the employee obtained information to which she was not entitled.
Additionally, the employer failed to allege that the employee “exceeded authorized access.” This prong has been the sticking point for those courts that are split as to whether the CFAA–a statute intended for use in the prosecution of computer hackers–should be applied in the employment context. Although there is a split of authority on when it is that a disloyal employee loses her authorization to access the employer’s computer network, these facts seem to go beyond any reasonable interpretation of the statute.
I suppose we could give the employer some credit for its attempted “novel” application of the CFAA. But I think more credit should be allocated to the court for rightly applying what can be a complicated law.
Thanks to Michael R. Greco at Fisher & Phillips, LLP’s Non-Compete and Trade Secrets Blog, whose post alerted me to the case.