California Penal Code Section 502 regulates unauthorized access to computers and computer networks and has implications for employers with employees in California. It is an offense if any person: knowingly accesses and without permission alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or computer network in order to either devise or execute any scheme or artifice to defraud, deceive, or extort, or wrongfully control or obtain money, property, or data; or knowingly accesses and without permission takes, copies, or makes use of any data from a computer, computer system, or computer network, or takes or copies any supporting documentation, whether existing or residing internal or external to a computer, computer system, or computer network, among other acts. This statute has been used by employers in cases where employees improperly access systems or computer resources, particularly where trade secrets are involved.
One issue that has arisen is whether the information that is misappropriated must be confidential. One court, in Facebook, Inc. v. Connectu, LLC, held that the information need not be confidential.
This law is generally broader than federal law and permits an individual who has been damaged to bring an action to recover for a violation of Section 502. This includes expenditures reasonably and necessarily incurred to verify that the computer system, network, program, or data was not altered, damaged, or deleted by the improper access. Moreover, injunctive relief and punitive damages can be recovered if other legal requirements are met. Attorneys’ fees also can be recovered in these cases, so they offer a powerful tool for employers to make sure that their information and trade secrets are not misused.
