Common Scenarios

Section summaryDeparting employees taking customer lists, proprietary documents, code repositories, and financial records are the most common cases.

Common scenarios:

  • Customer list theft.
  • Proprietary documents.
  • Source code repositories.
  • Financial records.
  • Pricing and strategy documents.

CFAA After Van Buren

Section summaryVan Buren narrowed CFAA. Authorized employees accessing files they were entitled to access — even for improper purposes — typically do not violate CFAA. The gates-based analysis controls.

Van Buren application:

  • Authorized access to specific files: not CFAA violation even for improper purpose.
  • Access to files outside scope: CFAA violation.
  • "Inside the gate" vs "outside the gate" analysis.
  • Significant narrowing of CFAA insider liability.

EEA Path

Section summaryEEA §1832 remains available where the taken information constitutes trade secret. EEA does not require unauthorized access; theft of trade secret with intent suffices.

EEA framework:

  • Theft of trade secret regardless of access authority.
  • Intent to convert for benefit of another.
  • Trade secret status critical (reasonable measures, economic value).

Civil Remedies

Section summaryDTSA provides federal civil cause of action. State trade secret law also applies. Civil discovery often produces evidence used in parallel criminal cases.

Civil options:

  • DTSA federal civil action.
  • State trade secret action.
  • Breach of contract (employment agreement).
  • Breach of fiduciary duty.

Practice

Section summaryDefense in insider data theft cases focuses on Van Buren analysis, trade secret status challenges, and limited damages.

Defense approaches:

  • Van Buren challenge to CFAA elements.
  • Trade secret status challenge.
  • Lack of intent to benefit another.
  • Damages mitigation.

Need defense counsel?

L&L Law Group, PLLC handles Computer Crimes Defense cases throughout DFW. Initial consultations are free.

Call (972) 370-5060 →

Forensic Foundation

Insider Data Theft cases turn on digital-forensic evidence: device images, file metadata, network logs, cloud-account records, malware reverse engineering, and attribution analysis. Counsel handling an insider data-theft case must engage with the forensic record at a technical level, not just legal level.

The defense's threshold task is review of the government's forensic methodology. Was the device imaged using accepted procedures? Was the image hash-verified against the original? Did the examiner have appropriate certifications? Did the analysis follow the examiner's lab's standard operating procedures? Each step in the chain produces potential challenges at hearing and trial.

Where the case turns on contested forensic findings, the defense should retain an independent examiner. The defense expert reviews the government's work, performs parallel analysis where possible, and is available to testify if needed. Funding for defense experts is available in federal cases under the Criminal Justice Act (18 U.S.C. §3006A) and in Texas indigent cases under Code of Criminal Procedure Article 26.05.

Van Buren and Authorization Screen

The Supreme Court's decision in Van Buren v. United States, 593 U.S. 374 (2021), reshaped the CFAA "exceeds authorized access" analysis. The Court held that the statute applies only where the defendant accessed an area of a computer system they were not entitled to enter at all — not where they had credentials but used them for an improper purpose. The "gates-up-or-down" inquiry asks whether the user could or could not access the specific area, not why they accessed it.

For an insider data-theft case (where authorization is in issue), the defense must screen the indictment against the post-Van Buren framework. Cases built on theories that the defendant misused authorized access — rather than entering a system they had no right to enter — should be evaluated for dismissal under Van Buren. Many CFAA charges filed before 2021 survived only because the law had not yet been clarified; charges filed since must satisfy the gates-up-or-down standard.

The defense should also consider whether parallel state charges (Texas Penal Code §33.02) provide the same protection. Texas "effective consent" analysis under Chapter 1 of the Penal Code is broad. A defendant who had colorable authorization — an unrevoked password, a shared account, an implied license — has a defense to the access element under state law that runs parallel to the federal Van Buren analysis.

The insider data theft prosecution framework

Insider data theft prosecutions involve current or former employees, contractors, or others with legitimate access to organizational systems who misappropriate data for personal benefit, competitive advantage, or other improper purposes. The prosecutions can involve multiple federal statutes including the CFAA, the federal trade secrets statute, mail and wire fraud, and identity theft. The choice of statutes depends on the specific facts and the strategic considerations of the prosecution.

The Defend Trade Secrets Act at 18 U.S.C. Section 1836 created a federal civil cause of action for trade secret misappropriation and is supplemented by criminal enforcement under 18 U.S.C. Section 1832. The criminal provision reaches theft of trade secrets that are related to a product or service used in or intended for use in interstate or foreign commerce, with the intent or knowledge that the offense will injure the owner of the trade secret. The provision has substantial reach in insider theft cases involving commercial trade secrets.

The penalty structure for trade secret theft under Section 1832 includes up to ten years of imprisonment for individuals, with enhanced penalties for offenses benefitting foreign governments or instrumentalities. The cases involving foreign government beneficiaries are prosecuted under 18 U.S.C. Section 1831 with substantially higher penalties including up to fifteen years of imprisonment. The penalty differential reflects the national security concerns associated with trade secret theft benefitting foreign powers.

The Van Buren framework as applied to insider cases

The Van Buren framework substantially affects the CFAA portion of insider data theft prosecutions. Most insider cases involve employees who used legitimate credentials to access systems and files they were authorized to access, but for purposes that violated employer policies. The Van Buren gate-down framework treats these cases as outside the CFAA exceeds-authorized-access provision.

The Van Buren defense in insider cases focuses on identifying the specific access alleged to be unauthorized and analyzing whether the access fits the gate-up or gate-down framework. An employee who downloaded files from a shared drive that the employee was authorized to access engages in gate-down conduct even if the download was for improper purposes. The CFAA does not reach this conduct under Van Buren even though the conduct may violate employer policies and other statutes.

The Van Buren defense does not preclude prosecution under the trade secrets framework or other statutes that do not depend on the CFAA authorization analysis. The trade secrets statute requires proof that the information meets the trade secret definition, that the defendant obtained the information through misappropriation, and that the misappropriation occurred with the required mens rea. The trade secrets analysis does not depend on the Van Buren framework and can proceed independently of any CFAA defense.

The trade secret element and the defense considerations

The trade secret element under both the federal civil and criminal statutes requires that the information meet specific definitional criteria. The information must derive economic value from not being generally known and not being readily ascertainable through proper means. The owner must have taken reasonable measures to maintain the secrecy of the information. Each element provides scope for defense argument.

The reasonable measures element is frequently contested. The defense can challenge whether the owner actually took reasonable measures by examining the specific security practices, the marking of confidential information, the training of employees on confidentiality obligations, and the enforcement of confidentiality policies. Owners who did not actively protect their information may lose trade secret protection even for information that would otherwise qualify.

The economic value element can also be challenged. The defense can show that the information was generally known in the industry, that the information was readily ascertainable through proper means including reverse engineering or independent development, or that the information did not actually have substantial economic value. The challenges require careful factual development including expert testimony from industry sources.

The sentencing framework and the cooperation considerations

The federal sentencing for insider data theft cases is driven by the value of the trade secrets or other information involved, the sophistication of the offense, the involvement of foreign beneficiaries, and other specific characteristics. The USSG Section 2B1.1 framework produces base offense levels that can result in substantial imprisonment for high-value cases. The sentencing analysis requires careful evaluation of the loss calculation and the specific characteristics that affect the offense level.

The cooperation considerations in insider cases can substantially affect the disposition. Defendants who cooperate with the government by providing information about other actors, by returning or assisting with the recovery of stolen information, or by providing technical information about the methods of theft can earn substantial sentence reductions. The cooperation can include both substantial assistance under USSG Section 5K1.1 and acceptance of responsibility under Section 3E1.1.

The collateral consequences for insider theft defendants are particularly severe in technology industries. A conviction can effectively end the defendant career in the field because employers in technology, finance, healthcare, and other regulated industries typically conduct background checks that would identify the conviction. The defense should counsel insider clients about the long-term professional implications and should consider the collateral consequences when evaluating disposition options. The negotiated dispositions that avoid felony conviction or that produce non-disclosable misdemeanor convictions can have substantially better long-term implications than felony pleas.

Civil litigation parallels and the unified defense framework

Insider data theft cases frequently produce parallel civil litigation by the former employer seeking damages for the misappropriation. The civil case can proceed on multiple theories including breach of contract under non-disclosure and non-compete agreements, breach of fiduciary duty, conversion, and federal trade secret misappropriation under the Defend Trade Secrets Act civil provisions at 18 U.S.C. Section 1836. The civil discovery in these parallel cases can produce evidence that affects the criminal proceeding, and the criminal Fifth Amendment considerations affect the civil discovery responses. The defense must develop a unified strategy across both proceedings, with careful attention to the timing of dispositions, the use of protective orders to limit discovery, and the coordination of factual positions across the parallel forums.

Frequently Asked Questions

Can I take my own work product when I leave?
Generally no for proprietary work created for the employer. Employment agreements typically vest ownership in employer. Personal documents you created on your own time may be different.
What about generally-known industry information?
Generally-known information is not trade secret. Skills and knowledge developed at the job that are generally known in the industry typically can travel with the employee.
Does signing an NDA matter?
Yes. NDAs document the trade secret status and the duty of confidentiality. Violation supports both contract and trade secret claims.
How does Van Buren protect me?
If you had authorized access to files at your job, Van Buren means you typically did not violate CFAA by accessing them — even if you accessed for improper purposes. However, EEA, DTSA, and contract claims may still apply.
Part of a larger guide

Read the full Texas Computer Crimes Defense Guide

This article is one section of our comprehensive Texas Computer Crimes Defense Guide. The pillar guide covers recent developments, official resources, and the complete framework with deeper analysis.

Read the Pillar Guide →
⚖️
Texas Bar
Licensed
Bar Nos. 24043266 · 24043514
🏆
40+
Years Combined
Criminal Defense Experience
📞
Free
Consultation
Direct to Attorney
🔓
24/7
Jail Release
Available 7 Days a Week

Practical Checklist

  • Document everything early. Communications, records, and witness contact information lose value as time passes. Preserve them at the start of the case.
  • Identify all parallel proceedings. Criminal, administrative, civil, and regulatory tracks often run in parallel. A statement in one becomes evidence in another. Map the full picture before any disclosure.
  • Calendar every deadline. Filing deadlines, response deadlines, discovery deadlines, and hearing dates all have consequences. Missing a deadline can foreclose defenses that the facts otherwise support.
  • Build the mitigation package early. Witness letters, treatment records, employment verification, and character references take time to gather. Counsel should begin building the package at the first consultation, not as the hearing approaches.
  • Coordinate counsel across forums. Where the matter implicates multiple proceedings, having coordinated counsel (whether one firm or multiple firms in close communication) avoids the strategic errors that inconsistent representation creates.
  • Understand the public-record dimension. Many dispositions create searchable records that follow the licensee, defendant, or respondent for years. The decision to contest versus resolve must account for the public visibility of each path.

For a confidential evaluation of your matter, call L&L Law Group at (972) 370-5060 or email info@landllawgroup.com. Initial consultations are free.

Next Steps

If you are facing a situation described here, consult counsel promptly. Many issues in this area run on strict deadlines.

Reggie London & Njeri London

Co-Founding Partners · L&L Law Group, PLLC

Reggie London (Tex. Bar #24043514) and Njeri London (Tex. Bar #24043266) co-founded L&L Law Group in Frisco, Texas.

This guide was reviewed by Reggie London on May 30, 2026.

Cite this guide

Bluebook: Reggie London & Njeri London, Insider Data Theft, L&L Law Group (May 30, 2026), https://landllawgroup.com/insights/insider-data-theft/.

APA: London, R., & London, N. (2026, May 30). Insider Data Theft. L&L Law Group.