Dropbox Privacy Policy Changes (Again)

In an e-mail blast received over the holiday weekend, Dropbox announced another change in its Terms of Service, Privacy Policy, and Security Overview.  The reason for these changes?  To make Dropbox “… policies easier to read and understand” and to “…better reflect product improvements.”   More specifically, Dropbox has posted the following on its blog:

1.) Encryption keys– Dropbox manages encryption keys for you. The reason is many of the most popular Dropbox features — like accessing your files from the website, creating file previews, and sharing files with other people — would either be impossible or would be much more cumbersome for users without this capability. But we’re also ok if you want to manage your own encryption by using products like TrueCrypt with Dropbox. We’ve discussed this publicly in the past, but we added this information to our security overview so it’s easy to find.

2.) Data practices – People love Dropbox because it lets them take their life’s work everywhere. And we want you to be in control of that work, including your decisions to delete it. So we added a section to our privacy policy to describe our data retention policies. If you delete your account, we try to delete your data quickly, but there are some rare cases where we can’t, which are outlined in the privacy policy.

3.) Location & log data – Data on how people use Dropbox helps us create a better user experience. We want to be clear about how we collect and use that data, so we’ve explained it in our privacy policy. For example, we collect information such as your country, operating system and the hardware ID from your device. This data allows us to optimize your experience for your device and language.

4.) De-duplication– We’re always working to make Dropbox more efficient. For example, we may de-duplicate files, which means we store only one copy of files or pieces of files that are the same. This has been discussed for a long time in our forums, in interviews and in response to user emails, but we want to spell it out further for you and have added it to our privacy policy.

5.) Mobile encryption – Your life should be as secure on the go as it is at your desk, so our goal is to encrypt all data transmitted to our mobile apps. For example, we’ve rolled out updates to our mobile apps last month that encrypt metadata during transmission. Not every mobile media player supports encrypted streams though, so we’ve changed our security overview to reflect that.

Read the full post here.  As I’ve suggested before, using Dropbox raises legitimate security concerns.  The best defense is to be fully informed, use private encryption, and follow the wishes of your client.  Not all content is appropriate for the cloud.

Copyright 2011 Beverly Michaelis

1 thought on “Dropbox Privacy Policy Changes (Again)

  1. Pingback: Dropbox Dilemmas « Oregon Law Practice Management

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.