Business Law Articles
By Lance W. Thompson, Esq.
Spicer Rudstrom, PLLC
Business owners need to be aware that employees may be transferring trade secrets completely by mistake simply by owning a smartphone. Storing confidential information and/or trade secrets on cloud storage services can pose serious risks to the protection of that information.
Typical sources of cloud computing include Google Drive, Apple’s iCloud, Dropbox, Amazon Web Services and Google’s Chromebook. Data in the cloud, is for the most part, stored in privately owned or third-party data centers that may be located anywhere in the world. These services provide you with the ability to store your data on remote servers maintained by the service provider. This means that the data is not solely within your control.
Information thefts and security breaches and are becoming increasingly common to the cloud. After information is uploaded to the cloud, it is a potential target for hackers and others with illicit motives.
In light of the potential exposure of confidential information being exposed in the cloud, a business should consider using cloud storage for non-confidential information, while storing all confidential information on locally controlled devices. Despite taking this precaution, an employee could still inadvertently violate a confidentiality agreement without knowing it. For example, it is common for employees to conduct business on their smartphones. An employee may respond to emails or text messages on their phone to which the content of those messages may contain confidential information such as trade secrets or customer lists. Once those messages are obtained on a cellular device, those messages are stored in the cloud by a third party provider to which the business no longer has control of the information. The transfer of this information generally occurs without the user even knowing it or taking into consideration what information is being sent to the cloud. For example, the cellular device will have an automatic backup without the user being notified that the transfer has occurred.
In the past, cloud storage could be turned off to avoid such a problem. However, the newest updates from cellphone hardware companies require the use of cloud storage. In addition, cellphone hardware companies also have a voluminous terms and agreement requirement for the use of the newest software including the use of the cloud to which the person accepting those terms agrees to them on a take it or leave it basis. Consequently, the user has no choice but to accept the terms of the agreement which may allow the transfer of trade secrets to the cloud.
This potential issue does not necessarily end with smartphones. Trade secrets may also be exposed to the cloud on a personal computer through the same process described above through automatic backups. For example, with the best intentions, an employee can access highly confidential trade-secret information in the cloud from his/her home computer. Though the information is otherwise secure, once the employee accesses that information from his/her computer, a copy of that file resides on the employee’s computer and is no longer controlled by the company. This setup could even be known to the company. But once information is stored in the cloud, there is an increased risk of unauthorized access to and use of that information to potential hackers. Of course, an employee also could obtain the information for dishonest purposes.
A business should take precautions such as having employees sign nondisclosure agreements in the event that information has inadvertently been transferred. These obligations should extend beyond termination. A business should implement policies and train employees about the use or non-use of cloud solutions and, more generally, about the protection of confidential information. Employee handbooks, new-employee orientations, posted company policies, and annual employee training sessions all provide opportunities to address these issues. In addition, the business should provide the employee with a cellular device and/or home computer which may be monitored by an IT Department which could be set up to prevent inadvertent cloud storage and the transfer of trade secrets.