That law would probably be better addressed from the point of view of the user, rather than a tech networking perspective. With everything so virtual and connected, where do you start and end the system. Section 252 was written in 2003 back when computers were still relatively contained to just computers and IT functions. Now the internet is everywhere and has penetrated all aspects of everyday public life, so spatial analogies are probably most suitable.
Physically and virtually, there are public spaces of any organisation and they are quite obvious. Sure, you may accidentally walk into the stock room of a store and not realise, if the store is messy, and a broken link on a page may take you somewhere inside the workings of a web page. If you leave immediately, no harm done, but if you start poking around in a customer order book in the store or customer contact list online you've clearly stepped over a boundary into a private domain. It doesn't matter whether the server is in a box in head office, or spread around 50 computers God-knows-where in the cloud, if it doesn't look public, you shouldn't be there.
If I go to a public space, say a store or a museum, and someone tips me off that the door to their records room has a faulty lock, and I then take advantage of that to help myself to a bit of a look through their records, it would be a fair stretch to suggest that that was authorised access to a public space. The same would apply even if the door were left ajar accidentally - despite being able to access the room, it would be very clear that it was a private space.
Surely the same must apply in the virtual world to a public website: it would become obvious very quickly that records in the back end of the website aren't intended for public access, even if inadvertently accessible.
Just because a door is unlocked - physically or virtually - that doesn't entitle anyone to go through it.