In today’s interconnected, data-driven world, it is common for businesses to use commercially available cloud storage providers to store and back up company data. These services, such as Dropbox, Google Drive, iCloud, and OneDrive, provide us with the convenience of accessing our data and documents from anywhere, while ensuring that those documents are not lost in the event of a local hardware failure. However, in a world with rampant security risks and frequent data breaches, storing confidential information and/or trade secrets on these cloud storage services can pose serious risks to the protection of that information.
Under the Uniform Trade Secrets Act, which has been adopted in 48 states in one form or another, a “trade secret” is defined as information (including data, formulas, patterns, programs, methods, customer lists, etc.) that: (1) derives independent economic value from not being generally known or readily ascertainable by proper means to others; and (2) is subject to reasonable efforts to maintain its secrecy. U.T.S.A. § 1.4. Accordingly, in disputes over the theft of trade secrets, it is paramount that the owner of the information demonstrate that it has taken reasonable efforts to protect the information. Storing that information in the “cloud” could pose problems in this regard.
Cloud storage services are inherently out of the control of the end user. By their very nature, these services provide you with the ability to store your data on remote servers maintained by the service provider. While this provides obvious benefits – lower cost, accessibility, stability, expandability, among others – it also means that the data is not solely within your control.
This arrangement presents a difficult question: have you made a reasonable effort to maintain the secrecy of your information if you have stored it on a remote server controlled by a third party? The courts have not definitely answered this question, and, in any case, the answer may depend on case-specific facts. Do you have a confidentiality agreement with your cloud storage provider? Do the provider’s terms of service contain any confidentiality provisions? Do the provider’s terms of service contain a limitation on or disclaimer of liability for the disclosure of confidential information? Unless you have negotiated a specific confidentiality agreement with your cloud storage provider, you are likely bound by whatever language is contained in their terms of service. And, generally, these providers assume no liability for the loss of confidential information. This is evidence that could come into play in the event you need to take legal action to protect your trade secrets.
The widespread use of cloud service providers has become a necessity for many businesses. But, if confidential information and trade secrets are central to your business, you should carefully consider where you store that information. You may consider using cloud storage for your non-confidential information, while storing all confidential information on locally controlled devices. Alternatively, you should choose a cloud storage provider that understands the sensitive nature of the information being stored and agrees to make reasonable efforts to protect that information. However, until these issues have been definitively resolved by the courts, you may be better safe than sorry, and keep your confidential data in your own hands.