Despite the increased recognition by Congress on the importance of the protection of intellectual property in recent years, it has not seriously considered enacting a federal law protecting trade secrets and has instead focused on amending existing laws including criminal laws that protect intellectual property. Companies and their general counsel … even when faced with a nightmarish situation when, for example, a number of individuals leave to join a competitor and take with them vitally important trade secrets … have a variety of imperfect options as to how to proceed. They can report the theft to the local U.S. Attorney for investigation of violations of federal criminal laws, including the Economic Espionage Act. However, there is no assurance that federal authorities will open an investigation and, even if they do so, there is no guarantee that they will prosecute.

Indeed, since the Economic Espionage Act was enacted in 1996, the federal government has prosecuted only slightly more than 50 cases. Alternatively or concurrently they can bring a civil action under state or federal law. While a civil action may offer some possibility of redress, state courts may not be equipped to deal with a sophisticated and extremely large and time-consuming theft of trade secrets and, while federal courts may be better equipped to deal with the issues, companies are often foreclosed from bringing an action in federal court because of lack of jurisdiction.

In an attempt to get around this issue, companies have sought to establish federal jurisdiction by asserting a violation of the federal Computer Fraud and Abuse Act. Courts, however, are increasingly reluctant to find that the CFAA is a replacement for a federal trade secrets act … even where the theft involves electronic information … and have dismissed CFAA claims on the ground that the employee accessed the information with authorization.

It is important for general counsel to be aware of this limitation and should institute a trade secret protection program that not only better protects the companies' trade secrets and confidential information but includes steps that will increase the possibility that a federal court will find jurisdiction under the CFAA in the unfortunate, but increasingly likely event that an employee does steal or attempt to steal a company's trade secrets.

Before turning to the specific steps that a company can take including the outlines of a trade secret protection program, it is first important to understand the limitations of the CFAA and specifically the split between the “narrow” and “broad” view that has arisen in the context of theft of trade secrets. The CFAA defines seven sections that can give rise to civil and criminal liability.[FOOTNOTE 1] In general terms, the CFAA provides a federal cause of action against a person who intentionally accesses a protected computer, which is simply a computer connected to the internet. Such access must be without authorization or in excess of authorization and as a result of that access, the individual obtains information or acts with the intent to defraud and obtain something of value.[FOOTNOTE 2] In other instances, the individual intentionally accesses a protected computer with authorization, and as a result of such conduct, causes damage.[FOOTNOTE 3]

In addition to proof that the defendant has committed one of the aforementioned acts, civil liability requires a showing that defendant's conduct involves one of the factors set forth in six subclauses of subsection (c)(4)(A)(I). In turn, subclauses (I) through (VI) include: “(I) loss to 1 or more persons during any 1-year period … aggregating at least $5,000 in value;” (II) “the modification or impairment … of the medical examination, diagnosis, treatment, or care of 1 or more individuals”; (III) “physical injury to any person”; (IV) “a threat to public health or safety”; or (VI) “damage affecting 10 or more protected computers during any 1-year period.

via Law.com – CFAA Can Protect Trade Secrets.