Cal-Peculiarities: How California Employment Law is Different 2022 Edition

©2022 Seyfarth Shaw LLP  www.seyfarth.com 2022 Cal-Peculiarities | 335 12.5.5 Additional remedy under the federal Defend Trade Secrets Act? The federal Defend Trade Secrets Act (DTSA) creates a new cause of action for trade secret misappropriation. The DTSA shares some features with the CUTSA, but does not preempt the CUTSA. Among the differences between the federal DTSA and the state CUTSA is that the DTSA does not contain an express preemption provision displacing common law claims based on the misappropriation of trade secrets. But it remains questionable that a California DTSA plaintiff could pursue state tort claims based on taking confidential information, because tort claims may be preempted by the CUTSA, regardless of whether a CUTSA claim is actually pleade d. 53 In any event, the DTSA has allowed employers to sue in federal court for trade secret theft where they may been limited to state court before. 12.6 Preventing Data Theft with the Computer Fraud and Abuse Act? Until recently, California employers could augment trade secret claims against former employees with claims brought under the federal Computer Fraud and Abuse Act . 54 A lthough a criminal statute, the CFAA authorizes civil remedies for certain violations, including unauthorized access of computer systems to steal company data. The CFAA has enabled employers to obtain injunctions requiring the return of stolen data and the recovery of the employer’s investigation costs, regardless of whether the misappropriated information was a trade secret. So it was that a Ninth Circuit panel, in United States v. Nosal , held that a former employee “exceeds authorized access” to data on the employer’s computer system under the CFAA where the employee takes actions on the computer that are contrary to the employer’s written policies on acceptable use, such as prohibitions against copying files to help a third party compete with the employer . 55 But then the Ninth Circuit, en banc , held that so long as the employer has authorized an employee to use the computer, there is no CFAA liability for taking information from the company database, even if that action violated company policy . 56 Nosal makes California and other states within the Ninth Circuit peculiar in that Nosal rejects the views of three other circuits that have permitted employers to pursue CFAA claims against employees who violate computer-use policies or who violate their duties of loyalt y. 57 The U.S. Supreme Court recently held, however, that an individual does not “exceed authorized access” within the meaning of the CFAA by misusing access to obtain information that is otherwise available to that person, consistent with the Ninth Circuit approach outlined in Nosal . 58 But Nosal left open the possibility of viable claims against former employees who, after leaving the company’s employ, have gained gain unauthorized access to company computers. A federal jury eventually convicted Nosal under the CFAA for conspiring with other former employees to use the password of a current company employee (Nosal’s former secretary) to access his former employer’s computers. The Ninth Circuit affirmed the conviction, finding that the statutory definition of “without authorization” was unambiguous, and that “[u]nequivocal revocation of computer access closes both the front door and the back door” to protected computers, thus making use of a password shared by an authorized system user to circumvent the revocation of the former employee’s access a crime . 59 12.7 California Penal Code section 502: An Alternative to the CFAA In 2015, the Ninth Circuit, while remaining hostile to CFAA claims against employees who have “exceeded authorized access” to employer computers, identified an alternative to the CFAA. In United States v. Christense n , 60 six individuals, convicted of computer fraud, bribery, racketeering, wiretapping, and identity theft,