Some businesses object to the use of cloud storage of electronic data because of a fear that employees of the storage provider (or others) could access the businesses’ data stored in the cloud. Even if the data is encrypted, this fear can still exist if the cloud storage service holds the key necessary to decrypt the data. Continue reading
In my last post, I discussed whether data maintained in a cloud storage or computing platform can be said to be confidential. This is important because the Texas Uniform Trade Secrets Act requires the owner of a trade secret to undertake reasonable steps to maintain the confidentiality of the trade secret. I am not aware of a reported case opinion analyzing how to satisfy that requirement for data stored in the cloud. Therefore, we do not yet know whether Texas courts will require a user of cloud storage or computing services to take extra precautions to protect the secrecy of their trade secrets. Nevertheless, because encryption is a relatively easy solution to the problem of cloud service providers having the ability to access or disclose their customers data, it strikes me as a smart business practice to take advantage of that solution. Continue reading
With the spreading use of cloud computing and storage services, I foresee courtroom battles over whether anything users maintain in the cloud can qualify as a trade secret. I have not yet seen a published court opinion addressing the issue, but it is only a matter of time.
Here is the issue. Texas (and 46 other states) adopted the Uniform Trade Secrets Act. To qualify for protection as a trade secret under the statute, the owner must have undertaken “efforts that are reasonable under the circumstances to maintain its secrecy.” When the owner of the would-be-trade secret moves the data from the owner’s computer servers onto servers owned by a third party, the information is arguably no longer “secret.” This is because the cloud service provider will have possession of the information. Unless the service provider enters into an agreement to keep customer data confidential and to not use the data for the service provider’s own purposes, the information is no longer secret in the strictest sense of the word. Continue reading