• At Kemp Little, we are known for our ability to serve the very particular needs of a large but diverse technology client base. Our hands-on industry know-how makes us a good fit with many of the world's biggest technology and digital media businesses, yet means we are equally relevant to companies with a technology bias, in sectors such as professional services, financial services, retail, travel and healthcare.
  • Kemp Little specialises in the technology and digital media sectors and provides a range of legal services that are crucial to fast-moving, innovative businesses.Our blend of sector awareness, technical excellence and responsiveness, means we are regularly ranked as a leading firm by directories such as Legal 500, Chambers and PLC Which Lawyer. Our practice areas cover a wide range of legal issues and advice.
  • Our Commercial Technology team has established itself as one of the strongest in the UK. We are ranked in Legal 500, Chambers & Partners and PLC Which Lawyer, with four of our partners recommended.
  • Our team provides practical and commercial advice founded on years of experience and technical know-how to technology and digital media companies that need to be alert to the rules and regulations of competition law.
  • Our Corporate Practice has a reputation for delivering sound legal advice, backed up with extensive industry experience and credentials, to get the best results from technology and digital media transactions.
  • In the fast-changing world of employment law our clients need practical, commercial and cost-effective advice. They get this from our team of employment law professionals.
  • Our team of leading IP advisors deliver cost-effective, strategic and commercial advice to ensure that your IP assets are protected and leveraged to add real value to your business.
  • Our litigation practice advises on all aspects of dispute resolution, with a particular focus on ownership, exploitation and infringement of intellectual property rights and commercial disputes in the technology sector.
  • We have an industry-leading reputation for our outsourcing expertise. Our professionals deliver credible legal advice to providers and acquirers of IT and business process outsourcing (BPO) services.
  • We work alongside companies, many with disruptive technologies, that seek funding, as well as with the venture capital firms, institutional investors and corporate ventures that want to invest in exciting business opportunities.
  • Our regulatory specialists work alongside Kemp Little’s corporate and commercial professionals to help meet their compliance obligations.
  • With a service that is commercial and responsive to our clients’ needs, you will find our tax advice easy to understand, cost-effective and geared towards maximising your tax benefits.
  • At Kemp Little, we advise clients in diverse sectors where technology is fundamental to the ongoing success of their businesses.They include companies that provide technology as a service and businesses where the use of technology is key to their business model, enabling them to bring their product or service to market.
  • We bring our commercial understanding of digital business models, our legal expertise and our reputation for delivering high quality, cost-effective services to this dynamic sector.
  • Acting for market leaders and market changers within the media industry, we combine in-depth knowledge of the structural technology that underpins content delivery and the impact of digitisation on the rights of producers and consumers.
  • We understand the risks facing this sector and work with our clients to conquer those challenges. Testimony to our success is the continued growth in our team of professionals and the clients we serve.
  • We advise at the forefront of the technological intersection between life sciences and healthcare. We advise leading technology and data analytics providers, healthcare institutions as well as manufacturers of medical devices, pharmaceuticals and biotechnological products.
  • For clients operating in the online sector, our teams are structured to meet their commercial, financing, M&A, competition and regulatory, employment and intellectual property legal needs.
  • Our focus on technology makes us especially well positioned to give advice on the legal aspects of digital marketing. We advise on high-profile, multi-channel, cross-border cases and on highly complex campaigns.
  • The mobile and telecoms sector is fast changing and hugely dependent on technology advances. We help mobile and wireless and fixed telecoms clients to tackle the legal challenges that this evolving sector presents.
  • Whether ERP, Linux or Windows; software or infrastructure as a service in the cloud, in a virtualised environment, or as a mobile or service-oriented architecture, we have the experience to resolve legal issues across the spectrum of commercial computer platforms.
  • Our clients trust us to apply our solutions and know-how to help them make the best use of technology in structuring deals, mitigating key risks to their businesses and in achieving their commercial objectives.
  • We have extensive experience of advising customers and suppliers in the retail sector on technology development, licensing and supply projects, and in advising on all aspects of procurement and online operations.
  • Our legal professionals work alongside social media providers and users in relation to the commercial, privacy, data, advertising, intellectual property, employment and corporate issues that arise in this dynamic sector.
  • Our years of working alongside diverse software clients have given us an in-depth understanding of the dynamics of the software marketplace, market practice and alternative negotiating strategies.
  • Working with direct providers of travel services, including aggregators, facilitators and suppliers of transport and technology, our team has developed a unique specialist knowledge of the sector
  • Your life as an entrepreneur is full of daily challenges as you seek to grow your business. One of the key strengths of our firm is that we understand these challenges.
  • Kemp Little is trusted by some of the world’s leading luxury brands and some of the most innovative e-commerce retailers changing the face of the industry.
  • HR Bytes is an exclusive, comprehensive, online service that will provide you with a wide range of practical, insightful and current employment law information. HR Bytes members get priority booking for events, key insight and a range of employment materials for free.
  • FlightDeck is our portal designed especially with start-up and emerging technology businesses in mind to help you get your business up and running in the right way. We provide a free pack of all the things no-one tells you and things they don’t give away to get you started.

To store or not to store - the pitfalls of using consumer cloud storage for business

Cloud-based document storage services have rapidly risen in number and popularity since the early days of DropBox in 2007. However, their popularity in the consumer context does not necessarily mean that it is a good idea to use them in business – or at least not without being aware of the legal issues.

Principal legal issues

A user’s position on many of the legal issues will be dictated by the cloud provider’s terms and conditions, privacy policy, and security policy. The terms sometimes differ between personal and business users, but in any event users are strongly recommended to read each of these documents, with a particular focus on:

  • ownership and use of user content: users should ensure that they retain ownership of the content they upload, and that the provider’s right to use such content is sufficiently limited.  
  • IPR infringement: most providers reserve the right to suspend or terminate an account where users upload content for which they do not have the necessary intellectual property rights or licences. Some reserve this right where intellectual property infringement is just alleged, meaning that you could potentially lose content without having done anything wrong - so back it up locally.
  • data protection: where user content includes individuals’ personal information (e.g. names or contact details), the uploading user must comply with data protection legislation. This includes ensuring that such information is not transferred outside the EEA unless the recipient agrees to provide the minimum level of protection afforded by EU legislation. Many cloud providers host user content from the US: users should therefore ensure that the provider warrants that they, and their subcontractors, will maintain user content in line with such minimum level (for example, as part of the US-EU Safe Harbor framework).
  • data loss, destruction, deletion, or corruption: providers often reserve the right to terminate for any reason whatsoever (illegal or not), and almost invariably disclaim all liability for loss or corruption of user content. So, again, back-ups are crucial.

Changing legal landscape

With a new European Data Protection Regulation on the way, users may find that providers offer greater protection of, and clearer information about, their content. However, the Regulations are presently far from agreed and are continuously changing: until they are finalised, the precise benefits for users of cloud storage services will not be clear.

Security

As with any online service, security is a prime concern; this is even more the case where business documents are being stored remotely in a commoditised service. Given what a security breach can do to client relationships, this is not just a legal issue, but very much a commercial one as well.

Cloud providers do of course take steps to improve security. Users are encouraged to use strong passwords, and some providers (e.g. DropBox) have added 2-step authentication i.e. password plus a code that is sent to a “trusted” device. In addition, many providers protect content during transfer from the user’s to the provider’s servers (“in flight”) using SSL, then encrypt it when it arrives (“at rest”) using 256-bit AES encryption (the same standards used by the US government to protect “Top Secret” information). Layered over this, of course, is stringent physical security around data centres themselves.

However, for all these protections, providers will almost invariably use their terms and conditions to disclaim all liability for loss or theft of data, and will further reserve the right to disclose content to law enforcement agencies and other third parties when required by law or legal order (such as a subpoena or court order). In doing this, some providers will also remove the AES encryption protecting your content, enabling the recipients to review content in its entirety. The threshold required to trigger disclosure varies between providers, with some (DropBox) requiring only that it is “reasonably necessary” to disclose your content, whilst others (Microsoft SkyDrive – soon to be “OneDrive”) have expressed that they will fight such court orders. Nonetheless, US-based providers may well be obliged to disclose information to the US government under the Patriot Act regardless of confidentiality obligations in terms and conditions.

Users should be aware of the level of security applied by their provider, and fully understand when their content is liable to be disclosed to other parties. The security safeguards utilised by providers will in most instances protect content and satisfy data protection legislation, but market standard terms and conditions mean that if the provider’s security does fail for whatever reason, users will find that they are solely liable for any data loss. So, if you want increased security over your content, it is advisable to encrypt before uploading it – or not upload it at all.

To use or not to use

In summary, before using cloud services for document storage in business, the legal framework governing those services should be fully understood. If nothing else, remember that content in cloud storage should always be backed up locally, regularly and in full, and the most sensitive information should be encrypted and/or not uploaded at all.

LEGAL DOS AND DON’TS

Do:

  • Read the supplier’s terms and conditions, privacy policy, and security documents before uploading content
  • Use strong passwords (letters, numbers and other characters)
  • Secure sensitive content using your own encryption before uploading it
  • Regularly back up your content to a local hard drive

Don’t:

  • Upload another person’s intellectual property without the necessary rights
  • Leave content in your account for longer than is necessary
  • Forget to enable and use additional security features, such as 2-step authentication

WHAT TO LOOK OUT FOR IN TERMS AND CONDITIONS

  • Who owns your content, and how is the supplier permitted to use it?

  • Is your content being stored outside the EEA, and if so will the provider protect your information to the minimum standard required under EU legislation?

  • In what circumstances can your account be suspended or terminated?

  • What security mechanisms are in place to protect your information both in flight and at rest?

  • When will your content be provided to third parties, and will it be decrypted?

This article was first published in Chartech Magazine.
For further information, please contact Chris Hill .