Over the last year, the U.S. Securities and Exchange Commission (“SEC”) has been laser-focused on the use of personal devices by employees of the large Wall Street banks to conduct company business. The SEC’s investigations have focused on whether the banks complied with the “books and records” requirement that they preserve all communications that relate to Company business. The SEC has asserted that certain “off-channel” business communications not captured in company systems run afoul of this basic record keeping requirement. Not surprisingly, during the pandemic and with the increase in remote work, the SEC has determined that violations have been widespread.
Bill Mateja is a partner in the White Collar Defense and Corporate Investigations Practice Group in the firm's Dallas office.
In Van Buren v. United States, No. 19-783, 2021 WL 2229206 (U.S. June 3, 2021), the United States Supreme Court issued an opinion drastically limiting the application of the Computer Fraud and Abuse Act (CFAA) (18 U.S.C. § 1030 et seq.), holding that the “exceeds authorized access” clause of the Act applies only to those who obtain information from particular areas in the computer—such as files, folders, or databases—to which the individual is not authorized to access under any circumstances. However, the Supreme Court excluded application of the clause to individuals who misuse their access to obtain information otherwise available to them for an unauthorized purpose. The Court’s Van Buren decision resolves a long-standing circuit split over the meaning of this key phase of the CFAA, and simultaneously creates new challenges for employers seeking to hold liable employees who misuse company information to the employer’s detriment.
Continue Reading Supreme Court Resolves Circuit Split Over CFAA