In a February 2016 decision that has raised eyebrows in Massachusetts, the Supreme Judicial Court (SJC) appears to have given corporate executives some leeway to secretly stash company proprietary information on a cloud storage system without risking their severance or other post-employment benefits—so long as there is no evidence of improper use or disclosure of such proprietary information.
In EventMonitor, Inc. v. Leness (Mass. Lawyers Weekly No. 10-014-16, Feb. 4, 2016), the company terminated the employment of an executive without cause, thus triggering severance benefits. After commissioning a forensic examination of the executive’s company laptop, the company learned that he had surreptitiously uploaded company proprietary information to Carbonite cloud storage system (using his personal e-mail address and personal credit card). Moreover, the forensic analysis revealed that the executive also had installed a “cleaning” program in an (unsuccessful) effort to delete information related to the Carbonite account. Asserting that the executive’s conduct constituted a material breach of his employment agreement and a defalcation of company assets, the company retroactively characterized the termination “for cause” and ceased paying severance.
In the ensuing legal battle, the SJC ultimately affirmed the trial court’s holding that the executive’s conduct did not constitute a material breach of the employment agreement or a defalcation of company assets—and that the company’s rescission of severance benefits was itself a breach of contract. The SJC rejected the company’s argument that the executive committed a material breach of his employment agreement by violating a provision that required him to maintain the confidentiality of the company’s proprietary information and to return all such information, including all copies, upon termination. Noting that the executive’s failure to return the information was a “variance from complete compliance” with the employment contract, the SJC nonetheless held that this breach was not material because, inter alia, there was no evidence the executive had used the information for any purpose or intentionally had disclosed it to anyone. The SJC agreed with the trial judge that the essential purpose the confidentiality provision was to protect the company’s proprietary information, and none of the executive’s conduct had actually undermined that confidentiality. Thus, the breach was not material.
In so holding, the SJC observed that “while electronic copies of proprietary information placed on third-party storage devices potentially could fall into the hands of competitors, or otherwise become public or be disclosed,” there had been no showing that this had, or was likely to have, occurred. According to the SJC’s decision, “Carbonite maintains its clients’ information in a secure and encrypted manner, and its business model relies on its clients’ confidence in this assurance,” and the company did not offer evidence “that its information could more readily be compromised because it temporarily had been stored on Carbonite’s servers.” The SJC noted that the company had “used similar data backup services, indicating that it did not view the use of such services as endangering the confidentiality of the information stored thereon.”
Turning to whether the executive’s conduct amounted to defalcation of company assets so as to render the termination “for cause,” thus justifying rescission of severance, the SJC agreed with the trial court that no defalcation had occurred. The SJC stated that the executive “merely retained a copy of the information under circumstances that had no impact on [the company’s] use of its proprietary information, or on the value of that information.” The SJC intimated that had the information been disclosed or used, thus allowing “a competitor to offer a similar product without substantial development costs, reduc[ing] the standing of the company in the eyes of its clients, or provid[ing] a competitor with information about [the company’s] customers,” such conduct might constitute defalcation. But it declined to decide the question, because, in this case, the executive’s “secure storage of a copy of the proprietary information, in the absence of any disclosure or use by anyone other than [the company], did not undermine [the company’s] exclusive use of its information.”
Thus, it appears that under Massachusetts law, merely transferring proprietary data to a secure third-party cloud storage system—even if done surreptitiously and under suspicious circumstances—will not constitute a material breach of a nondisclosure agreement. It remains to be seen whether this rule will have broad applicability—for example, in cases involving alleged misappropriation of trade secrets—or whether it will be limited to the unusual facts of this case.