Law Alerts:
NIESAR & VESTAL LLP 90 NEW MONTGOMERY STREET 9TH FLOOR |
Law Alert
| To: | Firm Clients and Contacts | |
| From: | Niesar & Vestal LLP | |
| Date: | November 8, 2012 |
|
| Re: | California Trade Secrets and the Cloud |
The cloud is a nascent data-hosting model experiencing explosive growth around the world.[1] Cloud services are cost-effective while providing increased accessibility and scalability to single users and large companies alike. Users considering cloud services must fully appreciate security risks that arise when trusting a third-party with sensitive information, particularly with regard to the storage of valuable trade secrets. Fundamentally, a trade secret is a legally protected business idea that derives its competitive advantage from secrecy. In order to protect trade secrets and other valuable data, users considering the storage of highly sensitive information in the cloud should understand the model and the security arrangements contained within the user agreement.
Following three years of drafts and interpretations, the National Institute of Technology officially defines cloud computing as a “model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable resources that can be rapidly provisioned and released with minimal management effort of service provider interaction.”[2] Stated more simply, in the cloud model a provider centrally stores user data and allows access to the data from nearly any Internet connected device. Three basic deployment models exist at the core of cloud computing: public, private, and hybrid clouds.
Based upon the idea of outsourcing IT infrastructure, the public model employs a third-party cloud provider that maintains physical servers hosting all user data, applications, and services. Users can easily scale their cloud subscription to meet storage or application needs including as e-mail, multimedia storage, virtual Windows desktop, or secure document collaboration. Providers charge relatively cheap rates for public clouds because each server is capable of hosting many cloud subscribers. Users no longer need to hire an IT staff or purchase and maintain the expensive computer infrastructure hardware. Analysts believe the $40 million public cloud market is the future of IT and will develop at a 26.4% compound growth rate to reach $100 million by 2016.[3] Amazon.com, Apple iCloud, DropBox, Google Cloud, Microsoft SkyDrive and OnLive are a few major providers poised to benefit from the explosive growth.
Private clouds function similarly to its counterpart, although rather than outsource, the cloud is hosted and implemented internally by the end user’s IT department. Security is the greatest advantage of the private cloud, as keeping data within the company network eliminates trusting a third-party with sensitive data. Hybrid clouds are typically private clouds in which old or innocuous data is archived with a third-party public cloud provider. Given the hardware required to operate these types of clouds, large companies with existing IT infrastructure and personnel are ideal candidates.
Under California law, “’Trade Secret’ means information, including a formula, pattern, compilation, program, device, method, technique, or process, that: 1) Derives independent economic value, actual or potential, from not being generally known to the public or to other persons who can obtain economic value from its disclosure or use; and 2) Is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.”[4] California law does not contain the Uniform Trade Secret Act requirement that a trade secret be “information not readily ascertainable,” although authors of the law instruct courts to examine the requirement, if necessary.[5]
According to the Restatement of Torts, a trade secret loses protection upon appropriation through a breach of confidence or through improper means.[6] A breach of confidence occurs when a party divulges a trade secret in violation of an express or implied confidential relationship.[7] Such a breach may occur upon disclosure of company trade secrets during the course of or following employment. In order to balance preventing unfair competition and labor mobility, California law provides an exception to the state ban on non-compete agreements, providing that a former employer may not divulge trade secrets.[8]
2. National Institute of Standards and Technology (NIST) Special Publication 800-145, The NIST Definition of Cloud Computing (2011), available at http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf (establishing the official definition of cloud computing and listing possible service and deployment models).
3. Hernandez, Supra note 1.
4. Cal. Civ. Code § 3426.1(d) (West 2012).
5. The California statute was amended in Legislative Committee to replace the “not readily ascertainable” language in favor of the phrase “the public or to.” Drafters viewed the original wording as ambiguous; although the official comments expressly allow for the defense that information was “readily ascertainable” through “proper means.” See id. official comments.
6. Restatement (First) of Torts § 757, comment a (1939).
7. Restatement (Third) of Unfair Competition § 41 (2012).
8. Cal. Bus. & Prof. Code §§ 16600 (West 2012).
If you would like to speak with a Niesar & Vestal attorney about any matter discussed in this law alert, please contact Gerald Niesar (gniesar@nvlawllp.com), Oscar Escobar (oescobar@nvlawllp.com), or June Lin (jlin@nvlawllp.com).