Well, sure, you can.
But winning that case — especially if you’re thinking about a claim under the Computer Fraud and Abuse Act — may be another story.
The CFAA is designed to prevent unauthorized access or malicious interference with a computer system. Often used as an employer-sword, to state a claim for a violation of the CFAA, a company must prove that an employee actually caused damage to its computer system or data. The CFAA defines “damage” as “any impairment to the integrity or availability of data, a program, a system, or information.”
In Instant Technology, LLC v. DeFazio (opinion here), the former employee deleted all of her work emails from her inbox.
Well, damn, that sure sounds like an impairment to the availability of data.
Yeah, except, in this case, all those “deleted” emails remained in two places: (i) the former employee’s email trash folder and (ii) on the company’s email server. Therefore, because the company did not show that any data was lost or impaired, it could not demonstrate “damage” and, therefore, lost its CFAA claim.
But, had the former employee double-deleted her email — like any good scoundrel — and the company’s email server been wiped, there could have been a CFAA violation.
To avoid these problems, as a best practice, be sure to remind your employees that any work emails are company property and should be held/deleted consistent with your company’s computer use/email policy.
If you’re on LinkedIn, consider joining the discussion of news, trends and insights in employment law, HR, and the workplace, by becoming a member of The Employer Handbook LinkedIn Group. Tell ’em Meyer sent you.