According to an Associated Press story and a Hartman Group study, 31% of spa-goers in the United States are men (that number is 29% in Canada).  Of those men who do go to spas in the US, two-thirds of them do so while traveling.  In Canada, that number was 49%.  Men reported that they go to spas to relax, grow calm, and feel refreshed.  A Hartman Group spokeswoman said that men don't usually opt to go to a spa when they're at home.  However, if they're staying at a hotel for business, then they're likely to go to a spa for a massage or other treatments or services.

 

With the holidays fast approaching, it's important to remember to take time for yourself!  Relax and enjoy the holidays through advance planning and fun activities.

Computer Fraud and Abuse Act is a Powerful Tool

 

---

If an employee leaves your company to join the competition, you may have recourse to stop the former employee from accessing your computer system to take client lists and / or trade secrets. Companies are increasingly turning to the Computer Fraud and Abuse Act (“CFAA”). While amendments have greatly expanded this 1994 law, recent court decisions make the CFAA an attractive weapon against disloyal employees.

Damages and injunctive relief are available and, more importantly, according to Nixon Peabody LLP, a federal cause of action that does not require that confidentiality, trade secret, and / or noncompete agreements be in place.  The law’s power was expanded even further in 1996 when the “unauthorized access” requirement was removed, thereby covering company insiders in addition to outside hackers.

The CFAA provides for recovery in the event of “loss” or “damage,” according to the Metropolitan Corporate Council. “Loss” is defined as “any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.” “Damage” is “any impairment to the integrity or availability of data, a system, or information.”

The damages and injunctive relief, they point out, “Supply another arrow in the quiver of an employer faced with a disloyal employee.”

The CFAA can also be used against employees who leave and delete all the files from their computer, according to the Iowa Employment Law Letter as it was in International Airports Centers v. Citrin. This case centered on Jacob Citrin, a worker at International Airports Centers (IAC), who wasn't a happy camper.  He eventually decided that he could make more money on his own. “He quit IAC to go into business for himself, violating his employment contract (bad idea). Before he turned in the company laptop, he purged all of the detailed business data he had been collecting for IAC (worse idea), deleted other data in the computer (worst idea), and trashed data that would have revealed his improper conduct before he decided to quit (at least that probably seemed like a good idea at the time).”

Unfortunately for him, pushing the delete key does not delete all the information on the computer, and Nixon Peabody LLP claims that the subsequent ruling against him in March gives the CFAA the teeth it needs to be a deterrent for employees who become disloyal to their employer.

The CFAA is so powerful that it has been used as a threat to prevent mobility of employees to competitors, according to The Computer & Internet Lawyer.  

But be careful, it says, because “the comparative ease with which the CFAA can be used by companies seeking to reign in departing employees is a double-edged sword. In a world in which information is transmitted instantaneously and employees can change jobs almost as quickly, every company that has a serious interest in protecting its competitive computer information is equally at risk of being accused of stealing someone else's. Liability under the CFAA is not limited to cases of intentional theft or industrial espionage. Every time a departing employee ‘accesses’ information from a current employer's computers after accepting employment at a new firm or downloads materials from company computers and forgets to return them before starting a new job, both the former employee and the new employer face a risk of exposure to the CFAA's criminal and civil penalties.”

Some notable cases that CFAA has been used in include:

• Charles Schwab & Co., Inc. v. Brian D. Carter, Acorn Advisory Management, L.L.C., et al. (2005)

According to Phillips Ziner LLP, in this case the court held that a principal can be held vicariously liable under the CFAA for its agent's accessing without authorization another's computer system in violation of the CFAA at the principal's direction. The Court denied the motion of defendant Acorn which sought to dismiss claims advanced by plaintiff Charles Schwab & Co. Inc. to hold Acorn liable under the CFAA for the acts of defendant Brian Carter. Carter, a former employee of Schwab, had allegedly downloaded without authorization confidential information and trade secrets from Schwab's computer system at the behest of Acorn, by whom he was subsequently employed.

• Shurgard Storage Centers Inc. v. Safeguard Self-Storage Inc. (2000)

According to Nixon Peabody LLP, “former Shurgard employees — while still on its payroll — used its computers to send trade secrets and proprietary information to Safeguard, the new employer they had already agreed to join. CFAA covers intentional access to a computer without authorization and obtaining information from a computer by exceeding authorized access. The former employees argued that they retained their existing authority to access Shurgard’s computer system as long as they remained its employees and, therefore, had not acted without authority or in excess of their authority. The court swiftly dismissed this argument, noting the employees’ authority to access Shurgard’s computer system evaporated when they began acting as agents for Safeguard.”

Southeast Tech Wire suggests making sure that your company policy addresses this issue: “That policy may be part of an employee manual or may even be based on the computer itself. In some cases, a written agreement may be best. In any event, companies should have such a policy in place in order to protect themselves from the possibility of unfair competition from defecting employees. A one-size-fits-all computer usage policy, however, is not likely the best. When determining which forms of protection work best, business should consult with lawyers who know their companies, their industries, and understand the nuances of the CFAA and other critical issues surrounding trade secrets.”

While Iowa Employment Law Letter suggests: “First, you would be wise to educate your workforce about the potential impact of the Computer Fraud and Abuse Act. Prosecution may await any employee who impairs or damages your company computer system. You might think it's common sense that those actions are a ‘no-no.’ Nevertheless, you can protect your business better by being up-front about the applicability of federal and state laws that protect your computer assets. Let your workforce know that you'll pursue any employee who attempts to impair your computer data or system. Also remind your employees of their fiduciary duty of loyalty to your company. The duty of loyalty is rarely mentioned inside or outside the workplace. Still, many state courts have recognized an employee's obligation to act in his employer's best interests at all times. Of course, that duty means taking no actions that damage or otherwise harm the company's business…By periodically reminding them of their duty of loyalty, you can better insulate yourself against the type of sabotage that could cause a severe business interruption.”

“Communication is key,” states Michael Maciekowich, National Director for Astron Solutions.  “Many employees have likely not heard of the CFAA.  However, ignorance of the law is no excuse.  Combine information on the CFAA with ethics, policy, or other general training provided to all employees.”  While it may seem that additional training creates a current additional burden for HR, ensuring everyone knows of the law – and its ramifications – may save your organization time and money down the road from lawsuits prevented.