By: Lance Thompson
Business owners need to be aware that employees may be transferring trade secrets completely by mistake simply by owning a smartphone. Storing confidential information and/or trade secrets on cloud storage services can pose serious risks to the protection of that information. Typical sources of cloud computing include Google Drive, Apple’s iCloud, Dropbox, Amazon Web Services, and Google’s Chromebook. Data in the cloud is for the most part stored in privately owned or third-party data centers that may be located anywhere in the world. By their very nature, these services provide you with the ability to store your data on remote servers maintained by the service provider. This means that the data is not solely within your control.
After the information is uploaded to the cloud, it is a potential target for hackers and others with illicit motives. Security breaches and information thefts are becoming increasingly common.
In light of the potential exposure of confidential information being exposed in the cloud, a business should consider using cloud storage for non-confidential information, while storing all confidential information on locally controlled devices. Despite taking this precaution, an employee could still inadvertently violate a confidentiality agreement without knowing it. For example, it is common for employees to conduct business on their smartphones. An employee may respond to emails or text messages on their phone to which the content of those messages may contain confidential information such as trade secrets or customer lists.
Once those messages are obtained on a cellular device, those messages are stored in the cloud by a third-party provider to which the business no longer has control of the information. The transfer of this information generally occurs without the user even knowing it or taking into consideration what information is being sent to the cloud. For example, the cellular device will have an automatic backup without the user is notified that the transfer has occurred.
In the past, cloud storage could be turned off to avoid such a problem. However, the newest updates from cellphone hardware companies require the use of cloud storage. In addition, cellphone hardware companies also have voluminous terms and agreement requirements for the use of the newest software including the use of the cloud to which the person accepting those terms agrees to them on a take it or leave it basis. Consequently, the user has no choice, but to accept the terms of the agreement which may allow the transfer of trade secrets to the cloud.
This potential issue does not necessarily end with smartphones. Trade secrets may also be exposed to the cloud on a personal computer through the same process described above through automatic backups. For example, with the best intentions, an employee can access highly confidential trade-secret information in the cloud from her home computer. Though the information is otherwise secure, once the employee accesses that information from her computer, a copy of that file resides on the employee’s computer and is no longer controlled by the company.
Similarly, the same trustworthy employee could set up her own cloud storage site (e.g., Dropbox or Google Docs) to easily access files from her various work locations. This setup could even be known to the company and accessed by a manager. But once information is stored in the cloud, there is an increased risk of unauthorized access to and use of that information by potential hackers.
Where information already exists in the cloud, the employee can simply go home, access that information, and use it to his or her advantage. A salesperson with a company’s customer list could cause substantial harm. Alternatively, the former employee could start her own company to compete with the trade-secret information at hand. Simply put, even benign use of cloud solutions can compromise the secrecy of a company’s trade-secret information.
A business should take precautions such as having employees sign nondisclosure agreements in the event that information has inadvertently been transferred. These obligations should extend beyond termination. A business should implement policies and train employees about the use or non-use of cloud solutions and, more generally, about the protection of confidential information. Employee handbooks, new-employee orientations, posted company policies, and annual employee training sessions all provide opportunities to address these issues. In addition, the business should provide the employee with a cellular device and/or home computer which may be monitored by an IT Department and could be set up to prevent inadvertent cloud storage and the transfer of trade secrets.
Lance Thompson focuses on Business and Commercial Litigation, Employment Practices Litigation, Workers’ Compensation, Products Liability, Automobile Liability, and Insurance Litigation in the Nashville office.
This blog contains general information about legal matters. The information is not advice, and should not be treated as such. Communication of information by, in, to, or through this blog and your receipt or use of it: (1) is not provided in the course of and does not create or constitute an attorney-client relationship; (2) is not intended to convey or constitute legal advice; and (3) is not a substitute for obtaining legal advice from a qualified attorney.