Computer Fraud and Abuse Act of 1986

Signed into law by Ronald Reagan
October 16, 1986

The Computer Fraud and Abuse Act (“CFAA”) became law in 1986. The CFAA amended a 1984 law known as the Counterfeit Access Device and Computer Fraud and Abuse Act of 1984 (“CADCFAA”). The CADCFAA was a criminal law which prohibited individuals from accessing government computers and certain financial records at financial institutions. Due to its narrow scope, the CADCFAA was amended several times to expand its reach and to create a private right of action any person who suffers damage or loss because of a violation of the CFAA. Employers have increasingly taken advantage of the CFAA’s civil remedies to obtain both injunctive and monetary relief against employees, making the federal statute a strong tool against employees especially in the context of non-compete and trade secrets litigation. Even if an employer’s suit is ultimately unsuccessful, an employee may be left paying tens or even hundreds of thousands of dollars in legal fees out of their own pocket.

Enforcement & Remedies

Individuals who violate the Computer Fraud and Abuse Act can be sentenced to up to 20 years in prison and significant fines. Persons harmed by violations of the CFAA can sue the alleged violator in court and seek compensatory damages and injunctive and equitable relief. Lawsuits under the CFAA must be filed within two years.