Businesses have become more dependent than ever on computers for their everyday business needs, from communications to filing, presentations to trademark creation. While this has made modern business more flexible and efficient, it has also made it easier for computer-savvy employees to abuse the system and steal a company’s trade secrets, surreptitiously work with a competitor, or simply delete information crucial to the business’ success. Modern business owners and managers need to be aware of how their rights extend into the digital realm, and how computer forensics investigators can be used to track down miscreants and provide crucial evidence for lawsuits.
Your Legal Rights. Employers that own their own computers should remind employees, in a carefully-worded section of the Employee Handbook, that the computers belong to the company, not to the employees, and that all data contained on those computers also belongs to the company. Employers without handbooks can incorporate the same policies into a confidentiality and/or non-competition agreement with each employee. At the end of the employment relationship, the company’s policy should require the employee to return the computer and all data thereupon to the company. If the employees use their own computers, the company should still maintain the policy that all data on the computer obtained as a result of the employment belongs to the company and not the employee, and that after the employee is terminated the data should be returned to the company and all copies thereof remaining on the employee’s computer should be deleted. An employee who fails to follow the company’s procedures will be in violation of their duties to the employer.
In many cases, businesses fall victim to the same acts that employees in the pre-digital age committed—the only difference is that a computer is now the typical tool of choice instead of hardcopy files or phone calls. Thus, standard business torts, such as tortious interference with business relations, violation of an employment contract’s non-compete covenant or confidentiality agreement, or the unauthorized use of company trade secrets as prohibited under the Virginia Trade Secrets Act, could all be proven by evidence obtained through computer forensics. However, Virginia law provides added protection to businesses through the Virginia Computer Crimes Act (“VCCA”).
The VCCA allows businesses to recover against those who attack or harm their computers or computer networks under Va. Code § 18.2-152.12. The VCCA applies to a variety of acts, but of particular note to employers the Act prohibits the following:
- Computer Fraud, defined as the use of a computer or computer network “without authority” and with intent to (1) obtain property or services by false pretenses; (2) embezzle or commit larceny; or (3) convert the property of another. Va. Code § 18.2-152.3. Under this section, an employee who accesses a company’s computer after being terminated to obtain company files for their own use would be engaged in computer fraud under this section. See Physicians Interactive v. Lathian Systems, 69 U.S.P.Q.2d 1981 (E.D.Va. Dec. 5, 2003).
- Computer Trespass, covering unauthorized actions targeting the computer or software itself, including (1) the temporary or permanent removal, disabling, or halting of any computer data, programs or software; (2) causing a computer to malfunction; (3) erasing any computer data, programs, or software; (4) creating or altering a financial instrument or transfer of funds; (5) causing physical injury to the property of another; or (6) making an unauthorized copy of any computer data, program, or software residing in, communicated by, or produced by a computer or computer network. Va. Code § 18.2-152.4. For example, an employee that releases a virus into the company’s computer network or even deletes information off of the company’s computers the day before s/he resigns would violate this statute.
- Computer Invasion of Privacy, which encompasses the unauthorized use of a computer or computer network to examine any personal or financial information relating to any other person. Va. Code § 18.2-152.5. Some businesses may accumulate personal and financial data on their customers, and an individual who obtains that information without authorization would be in violation of this statute.
- Theft of Computer Services, covering any unauthorized use of a computer or computer network to obtain “computer services.” Va. Code § 18.2-152.6. Technically, this statute would apply any time a former employee uses the employer’s computers or network without authorization.
- Forgery, defined as the “creation, alteration, or deletion of any computer data contained in any computer or computer network, which if done on a tangible document or instrument would constitute forgery[.]” Va. Code § 18.2-152.14.
All of these potential causes of action can be raised by an employer in addition to any other avenues of relief available.
So let’s say that an employer terminated an employee, and then later discovered that not only were many documents and e-mails missing from that employee’s work computer, but it looks like that employee is now contacting the employer’s customers, possibly through the use of a client list that the employer maintains on its network. What should the employer, who might not be very tech-savvy, do? That is where computer forensics experts come in.
Cybersleuthing: Computer Forensics Services. As soon as an employer suspects that a company’s computer, network, or data are being affected in an unauthorized fashion, the employer must act quickly to preserve evidence. In the above example of a terminated employee, the first order of business is to get physical possession over that employee’s computer. Computer forensics analysis can determine whether certain files have been deleted, when they were deleted, what information was accessed, and where that information was sent. In effect, computer forensics experts may be able to uncover everything the malefactor did and how they did it.
A recent case in Virginia is instructive. SouthBanc Mortgage terminated an employee, Theresa L. Ritter, but later learned that Ritter had started a competing refinancing company and was contacting many of SouthBanc’s customers using the exact same methods that SouthBanc had perfected. SouthBanc quickly filed suit against Ritter and her new company, and sent “preservation letters” advising them to not delete or dispose of any relevant evidence, including electronic data.
In discovery, SouthBanc’s computer forensics team analyzed Ritter’s computer and discovered that she had downloaded some of SouthBanc’s proprietary information onto her computer, and then attempted to delete those files after receiving the preservation letters. After learning of this, the Virginia court not only ordered Ritter and the other defendants to pay SouthBanc’s costs in performing the forensics, but ruled that the court would allow the jury to infer evidence against the defendants as a result of the failure to preserve the evidence. The defendants ultimately chose to settle the case for $10.5 million.
The SouthBanc example shows that computer forensics can be a valuable ally for employers seeking to defend themselves against former employees. Not only can computer forensics experts track down e-mails and documents through computer networks, PDAs and mobile phones; they can also locate hackers and retrace what steps the hacker took on a business’ computer network. These digital footprints are very difficult to avoid leaving behind.
Since businesses today depend on the security of their computers and networks more than ever, it is often a wise investment to have a computer forensics specialist perform a risk assessment to identify potential holes and exposures in the IT infrastructure, so that problems can be fixed before they arise.
General Counsel, P.C. would like to thank Robert Lane with NISA, Inc. (703-652-9372 or http://nisanet.info) for his advice and assistance on this article.