You could be sued by a current or former employer if you access your current or former employer’s computers, phones and tablets without permission, under a new law that takes effect October 1, 2015.  But the law may not be as powerful as employers think, and suing an employee could actually backfire on them.

The law, which you can read here, takes effect October 1, 2015.  It applies to employees who, without approval, access information on an electronic device that required a password, security code or device to view.  That is actually a very narrow set of circumstances.  The three most common scenarios that would get you into trouble include (a) using someone else’s password, code or device to gain access, (b) hacking into the system without a legitimate password, code or device, and (c) using a legitimate password, code or device to gain access after your employment has ended.  So the law is really limited to situations where current or former employees would know without doubt that they did not have legitimate access.

It does not apply at all to computer or devices that don’t use have a barrier to access.  In other words, the law doesn’t apply at all if the computer or device has no password, locked screen or code to get in.  This forces employers to first take steps to protect the information before they can claim a current or former employee improperly gained access.  It also protects employees who use a work device that has no protection against random access.  Thus claims by an employer that “he should have known he wasn’t permitted to use it” won’t fly.  If the employer doesn’t require passwords or codes, there is no claim under this law.

The one scenario where I could foresee risk is to former employees who use their own passwords and codes to get back into the former employer’s system.  Not every employer thinks to cancel passwords upon separation.  Some employees may see a still-valid password as a legitimate tool to download and/or forward information that was on the system.  My advice? Don’t do it.  Treat the separation as a bright-line end to your right to access your former employer’s systems, even if your codes still work.

The penalties for violations appear limited, even if the employer can prove unauthorized access.  So I’m not sure how much this actually helps.  What are the penalties? An employer can recover “lost profits,” “economic damages,” and “profits” gained by the employee who wrongly accessed the system.  The employer might also be able to recover the cost of an evaluation by a computer expert to see if the system was damaged or if information was transferred.  These penalties really don’t apply at all to the typical improper-access situation.  An employee who is logging on just to be nosy, or to download family photos or personal emails, isn’t going to trigger lost profits or damages.  I don’t see much value in this law to an employer unless the employee has stolen information or is using it to set up a competing business, for example.

The important thing is to just be aware of the law.  Some employers might try to harass or frighten you by claiming you improperly accessed a computer, phone or tablet.  But if the device isn’t password-protected, or if it is and you have a proper password or code of your own, you’re at no risk.  (Keep in mind that there are other laws that pertain to improper access to your employer’s information.  When in down, confer with an experienced employee-rights lawyer before accessing, copying or removing employer information).

Thanks.

Jim

Categories: Uncategorized