In Van Buren v. United States, No. 19-783, 2021 WL 2229206 (U.S. June 3, 2021), the United States Supreme Court issued an opinion drastically limiting the application of the Computer Fraud and Abuse Act (CFAA) (18 U.S.C. § 1030 et seq.), holding that the “exceeds authorized access” clause of the Act applies only to those who obtain information from particular areas in the computer—such as files, folders, or databases—to which the individual is not authorized to access under any circumstances. However, the Supreme Court excluded application of the clause to individuals who misuse their access to obtain information otherwise available to them for an unauthorized purpose. The Court’s Van Buren decision resolves a long-standing circuit split over the meaning of this key phase of the CFAA, and simultaneously creates new challenges for employers seeking to hold liable employees who misuse company information to the employer’s detriment.
Continue Reading Supreme Court Resolves Circuit Split Over CFAA

The Securities and Exchange Commission’s (“SEC”) recent $1 million settlement with Morgan Stanley Smith Barney LLC (“MSSB”) marked a turning point in the agency’s focus on cybersecurity issues, an area that the agency has proclaimed a top enforcement priority in recent years.  The MSSB settlement addressed various cybersecurity deficiencies that led to the misappropriation of sensitive data for approximately 730,000 customer accounts.
Continue Reading SEC Steps Up Cybersecurity Enforcement with $1 Million Fine Against Morgan Stanley