Insider unauthorised use of authorised access: What are the alternatives to the Computer Misuse Act 1990?

Case-law developments in the United States have supported narrower interpretations of the Computer Fraud and Abuse Act 1986 (CFAA) in cases of unauthorised use of authorised access. This issue has been one that UK courts have also debated in the past and thus this renewed interest in the concept of insider unauthorised access offers an opportunity to bring this debate to the fore again. Starting from discussing the recent US case law, this paper further analyses relevant UK precedent and identifies legal provisions that are applicable when dealing with such incidents in addition to the Computer Misuse Act 1990. More particularly, it identifies provisions, mainly in the Data Protection Act 1998 and the Fraud Act 2006, which could substitute for the Computer Misuse Act 1990 in prosecuting insiders and thus clarifies the extent of the prosecutors' legal arsenal and manoeuvring space when dealing with exceeding unauthorised access.