This is the second in a series of posts addressing trade secrets in the age of cloud computing.
In an earlier post, I talked about how cloud providers’ terms of service affect trade-secret protections. In particular, to the extent companies store proprietary information with cloud providers who can access and share stored files, those companies may not be taking reasonable efforts to protect their information (as required by the Uniform Trade Secrets Act).
Now, let’s take a closer look at some of the more popular cloud providers’ terms of service:
Dropbox: Dropbox can only share data without the user’s consent in very limited circumstances:
We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights. . . . Dropbox will not be able to decrypt any files that you encrypted prior to storing them on Dropbox.
We may use, access, and retain Your Files in order to provide the Service to you and enforce the terms of the Agreement, and you give us all permissions we need to do so.
Microsoft: In contrast, Microsoft’s service agreement grants Microsoft broader powers to use stored information:
When you upload your content to the services, you agree that it may be used, modified, adapted, saved, reproduced, distributed, and displayed to the extent necessary to protect you and to provide, protect and improve Microsoft products and services.
Apple: iCloud’s terms and conditions also give Apple relatively broad powers to access and share stored content:
You acknowledge and agree that Apple may, without liability to you, access, use, preserve and/or disclose your Account information and Content to law enforcement authorities, government officials, and/or a third party, as Apple believes is reasonably necessary or appropriate, if legally required to do so or if we have a good faith belief that such access, use, disclosure, or preservation is reasonably necessary to: (a) comply with legal process or request; (b) enforce this Agreement, including investigation of any potential violation thereof; (c) detect, prevent or otherwise address security, fraud or technical issues; or (d) protect the rights, property or safety of Apple, its users, a third party, or the public as required or permitted by law.
There are wide differences here. As I mentioned previously, I’m not aware of a court addressing this issue. But companies should feel more comfortable storing proprietary information with Dropbox or Amazon, which make clear they will only be sharing files in very limited circumstances. Also, companies should encrypt files containing proprietary information, which would further protect this information.
Microsoft and Apple have materially broader rights to access and share files. Storing documents with these providers could open the door for an argument that the user did not reasonably protect its proprietary information.