Adobe is just the most recent example and they are far from alone.
Companies like Reddit are selling your data and of course, Facebook and Twitter have been using and selling your data forever.
But Adobe’s deal is different and they are facing public backlash, so it could change.
Users are being forced to provide the company with unlimited access to their projects, including those that might be under the NDA, for “content review” and other purposes. The terms give Adobe the right to “access your content through both automated and manual methods.”
It defines “content” as “any text, information, communication, or material, such as audio files, video files, electronic documents, or images, that you upload, import into, embed for use by, or create using the Services and Software.”
Most importantly, Adobe is locking users out of the software until they agree to the terms.
Adobe says that you can opt out — and you really, really should, but they also say that it can access your content anyway under some circumstances.
Adobe says that this policy has been in place for years – they just haven’t told you about it.
They also say that they don’t access content stored locally on a user’s device – unless you use features that require cloud services.
Where this can get you sideways is when you have content that you are legally restricted in how you use it and who can access it.
One easy example might be an NDA, but in that case, you might be able to make sure the NDA says you can share it with anyone that you need to in order to provide the service. You may want to be explicit so that there is no confusion that you are using cloud services and that you have limited control over what the service providers do.
The other is for defense contractors. If the data that you are manipulating contains controlled unclassified information (CUI) or International Traffic in Arms Regulation (ITAR) restricted data and you manipulate it using cloud features or store it in the cloud – features that you may not even realize are cloud features – or you don’t adequately train your users as to which features are off limits, you may be breaking the law. In this case, maybe this restricted data is sent offshore by the vendor or the vendor uses foreign citizens to analyze the data to improve their process, that can get you a fine or even jail time.
Some vendors have products that deal with that situation – the process is called fedRAMP authorization – but those products are limited and more expensive.
If you need help with this, please give us a call.
Credit: Computing