U.S. Supreme Court Addresses the Burden Placed Upon a Plaintiff Claiming Superior Qualifications Illinois Supreme Court Endorses Enforcing Arbitration Agreements in the Employment Setting Georgia Supreme Court Gives Green Light to Enforcement of No-Solicit Covenant California Supreme Court Clarifies Plaintiff's Burden of Proof in Sexual Harassment Claims Workstation Modifications to Enhance Health and Safety Overall Must Still Accommodate Specific Disabilities D.C. Circuit Remands NLRB's 2004 Bunting Bearings Corp. Decision and Questions Legality of Lockout of Non-Probationary Workers McDonnell Douglas — An Evolving Proposition Stale Non-Competes Raise Enforceability Questions Schiff Hardin's Labor and Employment Group Welcomes Eric L. Barnum Back to Newsletter

The U.S. Court of Appeals for the Seventh Circuit recently addressed how employers can protect themselves against the misuse, deletion and destruction of valuable company information stored on employer-owned computers. In International Airport Centers, LLC v. Citrin, an employer sought to hold its employee liable under the Computer Fraud and Abuse Act ("CFAA"), the federal statute enacted to protect companies from destructive and fraudulent acts to their computers. The Act provides for civil and criminal penalties against an individual who "knowingly causes the transmission of a program, information code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer..."

International Airport Centers ("IAC"), a company engaged in the real estate business, hired Citrin to identify properties for possible purchase by IAC, and loaned Citrin a laptop to record the data that he collected in the course of his work. Citrin decided to leave the company and start his own business. Before returning the computer to his employer, Citrin deleted the proprietary data he had obtained on IAC's behalf. He did not merely press delete; he installed a "secure-erasure program" which wrote over deleted files and prevented data recovery. The employer did not have another source or duplication of the deleted information.

When IAC filed suit against Citrin claiming that his deletion of files violated the CFAA, Citrin contested liability, arguing that act of erasing a file did not qualify as a "transmission". The Seventh Circuit disagreed and found that the act of downloading a secure-erasure program with the intent to damage the computer's files was, in fact, a "transmission" in violation of the Act. The court relied on the statutory language "includ[ing] 'any impairment to the integrity or availability of data, a program, a system, or information'" in reaching this decision, and made a special distinction between the mere deletion of information or removal of index entries and pointers to the data files, and the actual download of a secure-erasure program. Because Citrin's download of the secure-erasure program caused damage through the deletion of important proprietary information, he committed a "transmission" and violated the Act. The court also noted that it would be reluctant to find a "transmission" solely in an act such as pressing the delete or erase button.

This case serves as a reminder that employees who violate the CFAA can be assessed penalties. Employers would be wise to check computers returned from departing employees to determine whether any secure-erasure programs or viruses were downloaded, or whether the employee improperly deleted proprietary data or related information.