The U.S. Supreme Court recently issued a ruling interpreting the scope of the Computer Fraud and Abuse Act (CFAA), a 1986 federal statute that imposes civil and criminal liability for unauthorized computer access. In short, the Court decided that as long as an individual is authorized to access a computer and data, he doesn’t violate the CFAA’s “exceeds authorized access” clause. In other words, his intended use for the computer and/or the data isn’t relevant to whether he violated the statute. As a result, employers may need to reconsider their employee handbooks, policies, and procedures.
