Storage of Trade Secrets in Cloud Computing
A recent article in the BNA’s Patent, Trademark & Copyright Journal discussed a growing concern among intellectual property attorneys – the storage of trade secrets in Cloud Computing. Trade secrets are legally protected proprietary information that have economic value and have not been publicly disclosed. An owner of the trade secret must have taken reasonable steps to protect the information from disclosure to obtain trade secret status. This requirement is critically important when a business is storing data off site.
A quickly growing form of data storage on the internet is known as Cloud Computing. Cloud Computing refers to a shared computer service and data storage infrastructure that resides in a large off site server that is managed and controlled by a third party. The third party provides computing and storage resources to anyone anywhere with an internet connection. In Cloud Computing, a business entity or customer does not own the physical hardware but instead rents or leases the resources that are provided by the Cloud Service provider Typically, a business will store its data on remote servers provided by the Cloud Service provider.
The key question that should be asked by any entity using Cloud Services is how does the Cloud Service protect trade secrets. At a recent American Bar Association Business Law Section meeting, Sharon Sandeen, a Hamline University law professor, discussed how many Cloud Service companies disclaim responsibility for security and are unwilling “to negotiate special terms that might evidence a duty of confidentiality for trade secrets purposes.” If no duty of confidentiality exists, businesses may be waiving trade secret protection.
Business organizations must learn everything they can about the Cloud Service provider before confidential business information is provided to the service provider. Some pertinent questions a business must ask before information is turned over include:
1) Who at the Cloud Service has access to business records?
2) Does the Cloud Service provider comply with all regulatory requirements?
3) How is the data stored?
4) Does the provider have a privacy and security policy?
5) What type of computer security does the provider have to ensure data breaches do not occur; and
6) Does the provider have a policy in place, to be implemented immediately, if a data breach were to occur?
Businesses must ensure that the data stored with a Cloud Service provider is as secure as data stored at the business’s own facilities.