The U.S. Court of Appeals for the Ninth Circuit in San Francisco tossed out a case against an employee charged with criminal theft under the Computer Fraud and Abuse Act for downloading company source lists and contact information to help him start a competing business.

The court ruled that the 26-year-old statute targets hackers, not employees who are authorized to use a firm’s computer but then misuse its data. But Ballard Spahr partner Robert R. Baron, Jr., said companies do have other options for thwarting such actions, such as claiming breach of fiduciary duty or violations of their state’s trade secrets law, and even potentially filing a copyright infringement suit.