19 Virginia Journal of Law and Technology 1 (2014)
This article orginally appeared on the Virginia Journal of Law and Technology (VJOLT) website: www.vjolt.net
As has been noted elsewhere, the advent of digital technology and the Internet has greatly increased the risk that a company’s trade secrets will be lost through the inadvertent or intentional distribution of such secrets. The advent of cloud computing adds another dimension to this risk by placing actual or potential trade secrets in the hands of a third-party: the cloud computing service. This article explores the legal and practical implications of cloud computing as they relate to trade secret protection.
While there are many types of cloud computing services, this article focuses on cloud-based services that offer businesses the ability to upload and store information and data remotely via the Internet (hereinafter “cloud storage services”). The first part of the article discusses the practices of cloud storage services and the current state of trade secret law in order to identify and explain the risks posed to trade secrets stored in the Cloud. It begins with an overview of the cloud computing industry, including an examination of the terms of service agreements used by cloud storage services. After a brief explanation of the requirements for trade secret protection (with particular emphasis on the reasonable efforts requirement), the article then explains the third-party doctrine of trade secret law and how that doctrine threatens to waive trade secrecy for information stored in the Cloud.
Because the analysis of the relationship between cloud storage services and their customers leads to the conclusion that, at least in the absence of an express or implied-in-fact agreement to the contrary, no duty of confidentiality is established and trade secrecy is likely to be waived, the article ends by exploring potential refinements and exceptions to the third-party doctrine of trade secret law. After concluding that no existing definition of disclosure provides a workable exception to the third-party doctrine of trade secret law, the article ends with a proposal that the law officially recognize an expanded taxonomy for trade secret law that recognizes a distinction between trade secrecy destroying “disclosures” and non-trade secrecy destroying “mere transfers.”
Sandeen, Sharon, "Lost in the Cloud: Information Flows and the Implications of Cloud Computing for Trade Secret Protection" (2014). Faculty Scholarship. 405.