“Durenleau is consistent with the Supreme Court’s decision in Van Buren and also represents a narrow limitation on the broad categories of information that trade secret law protects.”
When faced with an employee who allegedly accesses a work computer to misappropriate trade secrets, many employers have turned to the Computer Fraud and Abuse Act (CFAA) and the Defend Trade Secrets Act (DTSA) as potential causes of action against the former employee. However, the Third Circuit’s recent decision in NRA Group, LLC v. Durenleau, 2025 WL 2449054 (3d Cir. Aug. 16, 2025), has set further limits on the application of both statutes in this common scenario, holding that violating an employer’s computer-use policy does not constitute a violation of the CFAA and that passwords are not considered trade secrets because they lack independent economic value. The court noted, however, that “there are many other causes of action—breach of contract, business torts, fraud, negligence, and so on—that provide a remedy for employers when employees grossly transgress computer-use policies.”
Congress enacted the CFAA in 1986 as a criminal law statute in response to the nascent issue of computer “hacking.” 18 U.S.C. § 1030. The private cause of action was added a decade later. The Act prohibits unauthorized access or access that exceeds authorized access to computers. The CFAA defines “exceeds authorized access” as accessing “a computer with authorization...
When examiners don’t get veterans’ records, bad decisions aren’t a mistake—they’re a systemic failure. In a blistering oversight hearing this week, members of Congress openly questioned whether th...