A recent federal court ruling illustrates the importance of establishing and enforcing policies relating to employees’ use of technology.
Isthihar Hossain was a production manager at American Furukawa, Inc. (AFI), an advanced technology automotive supplier. AFI had established a “Removable Media Policy” that requires employees to obtain permission from a manager before accessing files with removable media.
AFI filed a lawsuit against Hossain, alleging that, in March 2014, Hossain downloaded over 1,700 files and years of email to an external hard drive. Hossain was on a medical leave of absence during part of the time of the alleged downloading. Upon returning, Hossain resigned and began working for a competitor. AFI argued that Hossain’s actions violated the Computer Fraud & Abuse Act (CFAA), a federal law prohibiting unauthorized access to another’s computer.
Hossain filed a motion asking the court to dismiss the CFAA claim, which the court denied. The court held that AFI properly stated a claim that Hossain: (a) “exceeded his authorized access” by downloading the files and emails in contravention of AFI’s Removable Media Policy and (b) during Hossain’s medical leave, he was not supposed to be working at all, so that access to AFI files during that time was “without authorization”.