According to a paper published in the American Business Law Journal, that the use of Facebook could be considered a case of exceeding authorized access in the workplace, and violate a workplace policy.
That circumstance may develop into a much more serious case and apply to the Computer Fraud and Abuse Act (CFAA) as breaking workplace policy would also breach a contract and the duty of loyalty. As a result, an employee could be liable both civilly and criminally.
The paper states that the emergence of social networks blur the lines of the CFAA. "Acts of employee disloyalty have traditionally been the province of contract and tort law, with employers suing disloyal employees for misappropriation of trade secrets, conversion, unfair competition, and tortuous interference with a business expectancy." However the cases brought forward under CFAA claims have been increasing sharply and "the courts have struggled to determine the extent to which the CFAA is an appropriate vehicle for holding disloyal employees accountable in both civil and criminal contexts" the paper reads.
While the CFAA traditionally has been applied in hacking charges, the authors note that there are now cases in which employers claim that "employee had violated the CFAA by checking Facebook and sending personal email in violation of company policy." In their example, the claims were dismissed by the court, but it was highlighted that the current version of the CFAA and claims being made by employers "illustrate the potential for misuse or abuse of the statute." They court stated that the government would be unlikely "to pursue minor violations", but "we shouldn’t have to live at the mercy of our local prosecutor."
The authors of the paper agreed and wrote that "it is best to limit its function to [external and internal hacking] and leave the misappropriation of confidential information to laws specifically tailored to that end."