Lukestar122

They've just updated the website; anyone who got the extended "preparing the quiz" screen (myself included) was seeing that because the cards were all allocated but waiting for the purchases to be completed. I tried all 3, and no luck.

All valid concerns, I'll address them one at a time. 1. The employee converted the account to personal BEFORE he was terminated. (This also happened long before I started with this company) 2. We do have an offline back of the data, with multiple revisions available. The concern is more to do with "leaving the data behind" once we get everyone off of the folders in question and the resyncing time/effort to duplicate all of the folders. 3. All of the folders affected are directly job related/work related and even if they were not, there is a signed agreement that any work done on company time/equipment becomes property of the company. Dropbox was notified of the termination, and they should be able to see timestamp for all impacted folders; anything before the termination date should be reverted to us, since this was not HIS account that he converted to personal. 4. Yes, this is the person I got the "official" response from. 5. Oh definitely, though it'll be much larger than small claims.

Agreed, and we are pursuing all avenues. The biggest concern is that "chain of custody" for the folders will show that they account that created them was part of our team when they were created, and it was not like it was an employee user account either. It was a shared admin level account they he converted to a personal account, and then changed to his personal email address. They can see the timestamp on the folder creation, they can see that it wasnt like "user@domain.com" it was actually more like jobrole@domain.com, which you would think is enough for them to say "oh hey, this is a legit concern from a business spending a significant amount of money with us." When he first did this, we immediately tried getting assistance and they refused. They told us that the only thing we could do was to "re-invite him to the team", and then if he accepted, we could delete him to seize the folders... but that would somehow transfer all of his folders to us, and we could be legally liable..? We then tried to negotiate with the former employee, and he turned over ownership of some of the folders to us, but not all of them. At this point, there are still nearly 600 folders that he controls. While many of them are archived projects (and therefore not as much of a concern), he recently changed his email address to something else to impersonate the Dropbox support staff (which I raised with Dropbox Security, surely they dont want people impersonating them and messing with information) and began modifying process related files. Well this morning he straight up deleted a process folder, and that's impacting a pile of people now.

So here's something that you all should know.. If an employee converts their "team account" to a "personal account", they will retain ownership of any folders that they created within your team account, and you have ZERO recourse to seize those folders. Dropbox will tell you this exact thing: "As the former employee still had access to their team admin privileges on your Dropbox Business team, they were able to convert that account into a personal account. Since that team admin account had access to and created many of the folders in your team, the ownership of and access to that data was transferred when their account was converted. As a result, the former employee has technically not violated Dropbox’s terms of service or acceptable use policy and Dropbox is unable to act in this situation." Got that? Theft of corporate data is NOT AGAINST THE TERMS OF SERVICE FOR DROPBOX. So that means that our only option is to download all of the data from those folders (and hope that we actually are getting everything), then create new folders, upload the data into those new folders, and then re-share that data out to all of the users. Those users now have to re-sync all of the new folders to their computers, many of which are remote users, tethered to a cell phone in a remote location. Oh and if they dont remove the original share, then they'll have a duplicate folder name (or have a number appended to it), which will break any path specific processes that might be looking for that folder. AND.. even if we remove the data from the folders that this former employee still controls, he can just use the folder history to roll back and the deletion and still have access to all of the info, including proprietary and sensitive stuff. I encourage everyone to seriously consider if your data is truly safe in Dropbox.. because apparently it's not. And now to spend my entire Christmas break dealing with this mess.