GEORGIA COMPUTER THEFT LAW MISUSED IN BIZ SPATS Atlanta Business Chronicle: Computer theft law misused in biz spats - 2006-02-27
Computer theft law misused in biz spats
Atlanta Business Chronicle - February 24, 2006
by Dan Kolber

A Georgia statute that was intended to protect the public from Internet attacks on administrative databases is increasingly being used for another purpose. Employers and business partners are using the statute against departing colleagues by claiming they stole computer data on their way out the door.

The statute is the Georgia Computer Systems Protection Act. It prohibits computer data theft and computer trespass in very broad terms. It was meant to be used for crimes like the one that happened last month to a company owned by American Express, Ameriprise Financial. In that case, a thief stole a laptop computer and as a result the credit and identity information of 225,000 people was compromised.

Daily, some employee is fired or business partners split. The employee cleans out his desk, which often includes years of accumulated clutter, such as his collection of business cards. If some of these business cards contain information about customers of the employer, the employee may technically be taking property that isn't his.

Now take that same scenario with one change -- the business cards aren't in the departing employee's desk but instead are in electronic form on his office computer. By downloading this information from a computer, he runs the risk of several policemen showing up at his house with a search warrant and carting off every computer in his house. Believe me, it happens.

The statute lists several computer crimes.
The penalties are severe -- up to $50,000 and 15 years in jail. Except for the crime of wrongful password disclosure, which has a $500 threshold, these penalties can be imposed even if the value of the stolen data is only a few dollars.

The statute defines the following five types of computer crimes:

1. Computer theft. Any person who knowingly uses a computer without authority and takes "the property of another" or obtains "property by any deceitful means" is guilty of the crime of computer theft.

2. Computer trespass. Any person who wrongfully deletes or removes, temporarily or permanently, "any computer program or data" or alters, damages or in any way causes the malfunction of a computer or computer network is guilty of the crime of computer trespass.

3. Computer invasion of privacy. Any person who wrongfully uses a computer to examine any employment, medical, salary, credit or any other financial or personal data is guilty of the crime of computer invasion of privacy.

4. Computer forgery. Any person who creates, alters or deletes any data to make it appear as if it is the data of another person is guilty of the crime of computer forgery.

5. Computer password disclosures. Any person who discloses a password or code that results in damages to the owner of the computer of more than $500 is guilty of the crime of computer password disclosure.

Employment disputes can get nasty enough without them escalating into criminal cases. Lawyers are caught in the middle because upset employers have the right to use this statute against employees. It will remain a problem in Georgia until the legislature tightens the wording of the computer data theft statute

Kolber's tips
1. If you are breaking up with your business partner or resigning your employment, try to get a signed inventory of everything you are taking. Don't take any removable storage technology, such as USB flash drives or disks. Try to have a friendly witness on the scene when you depart.
2. If you know in advance you are leaving your job, separate your personal data from your employer's data and remove only the personal data prior to leaving.
3. Employers should develop clear policies regarding protection of their computer data. Train your employees on how to implement these policies. Don't forget that data can be removed with iPods and Mp3 players, so make sure your policies include that type of device.
4. Be very careful about threatening to take criminal action against someone you suspect of stealing your computer data. Otherwise you may be violating Georgia's anti-extortion statute.
Kolber is an Atlanta attorney with Gambrell & Stolz LLP.

Contact him c/o Atlanta Business Chronicle (atlgrowth@bizjournals.com).