In an October 16, 2015 speech during a cybersecurity symposium, Assistant Attorney General Leslie R. Caldwell described efforts by the Criminal Division of the Department of Justice (“DOJ”) to address growing threats from cybercrime from corporate insiders, which she explained are “both diverse and very real.”  Leslie R. Caldwell, Assistant Attorney General, DOJ, Remarks at "Cybersecurity + Law Enforcement: The Cutting Edge" Symposium (Oct. 16, 2015).  Companies necessarily give employees access to sensitive data concerning the business or concerning customers, and insiders may exceed their access authority and misuse the information in a variety of ways, such as to compete with the company, to expose damaging personal information, or simply to sell information to third parties.  Caldwell noted that the principal enforcement statute used is the Computer Fraud and Abuse Act (“CFAA”), but some courts have interpreted CFAA to not apply where employees do not obtain access to data they are unauthorized to access, but rather misuse data that they are authorized to access.  Accordingly, DOJ is working with Congress on a proposal to amend the CFAA to make it clear that insider abuse of network access is a crime.  The provision would apply where the information taken is worth $5000 or more, where the information comes from a government computer, or where the access is undertaken in furtherance of another crime.