Thursday, September 15, 2011

Does the Illinois Computer Crime Prevention Law Benefit Employers?

The Illinois Computer Crime Prevention Law (ICCPL) is a scaled back version of the federal Computer Fraud and Abuse Act. Effectively, it is a penal statute (contained entirely within the Criminal Code) that criminalizes improper computer conduct, such as hacking or improper access of a computer system.

It does contain one civil remedy, however, and that potentially gives employers another weapon to combat unfair competition. An increasing number of employment competition cases at least raise the specter of whether the employee transferred confidential data or information prior to his departure. Often, this can color a trade secrets or non-compete claim. It is more frequent that an employee's communications will tip off the employer what he or she is planning to do, and it may even reveal sensitive details of a future business opportunity.

Some departing employees, to be frank, are not that clever. They try to cover their tracks by wiping a hard-drive clean with off-the-shelf software like "Window Washer" or "Evidence Eliminator." (Yes, the program names are as sinister as they sound.) The ICCPL potentially gives employers a statutory claim if a departing employee installs and runs one of these programs which has the effect of deleting data from a work computer. This information could consist of stored e-mails or even a detailed competing business plan.

What does this ICCPL claim get an employer? Perhaps not much. I am not a huge fan of piling on claims just so I can see my own work product on paper. In my mind, the claim ought to give the client some other type of relief - injunction, attorneys fees, punitive damages - or an alternative path to victory.

The ICCPL allows for damages and discretionary fee-shifting, but an employer likely has those claims anyway. However, there may be an issue on the type of damages the ICCPL allows and which may not otherwise be recoverable. From a plain reading of the statute, the damages seemingly would have to relate to the lost data. Potential damages, therefore, could include time spent on a forensic examiner to assess and recover lost data. It theoretically could include indirect damages, such as the value of employee time spent recreating the substance of what was lost. This is not clear, but if so, this may be a potentially valuable add-on claim. I am not so sure the typical business tort or contract-based claims would allow for those types of damages.

As one might expect, there are virtually no cases under the ICCPL (certainly none of note). The ICCPL also contains several other provisions, none of which provide for a civil remedy.

No comments:

Post a Comment