A 10 April 2020 Supreme Court decision found that an employee who copies computer data stored on a company laptop entrusted to them for work purposes and subsequently returns the computer with said data deleted and the hard drive formatted is guilty of embezzlement pursuant to Article 646 of the Criminal Code.

Facts

Before resigning from his job to be hired by a competitor company, the defendant returned a company laptop with a formatted hard drive (which caused the computer to malfunction) and no trace of the company data that had been originally stored on it.

Further, the employee had copied the data from the company laptop, some of which was later found on another computer used by the defendant.

The employee was acquitted on appeal of the crime referred to in Article 635quater of the Criminal Code (ie, damage to a computer or a telematic system), but was sentenced for embezzlement pursuant to Article 646 of the Criminal Code. He subsequently appealed, claiming that the judges had made a mistake by qualifying computer data as a tangible asset and therefore susceptible to embezzlement.

Decision

The Supreme Court justifiably diverged from predominant case law, which considers computer data to lack the physicality typical of tangible assets (ie, the object of such conduct as referred to in Article 646 of the Criminal Code).

The judgment highlighted the following points with regard to computer files:

  • Although a computer file cannot be physically perceived, it has a physical dimension consisting of the amount of data of which it is composed, as demonstrated by the existence of units measuring the capacity of a file to hold data and the various dimensions of the hardware in which files are stored and processed.
  • Computer files can be transferred from one digital device to another, maintaining their structural characteristics as well as the possibility that the same data can be transferred via an internet network to be sent from one system or device to another at considerable distances or stored in virtual environments (corresponding to physical places where computers store and process computer data).

These characteristics confirm the logical assumption of the possibility that computer data can be the object of theft and appropriation.

Moreover, the same case law has set out the criminal notion of tangible assets through the identification of some essential characteristics (ie, the materiality and physicality of the object), which must be definable in space and susceptible to transfer from one place to another, thus making possible one of the typical characteristics of the seizure of property (ie, the removal of an object from the control of its owner or rights holder).

Having clarified, therefore, that a computer file constitutes a tangible asset, the court stated that in order for embezzlement to exist, computer data needs to move from being a temporary possession (acquired as a result of contractual or negotiated agreements with the obligation to return it) to a definitive possession. However, there must also be evidence of clear and permanent misappropriation of such data after its deletion from a company computer. Only in such cases will such actions be considered property theft.

Comment

The Supreme Court decision underlines the risk of copying files from company devices and deleting them from the computer system on which they were stored.