Protecting Social Media Information When an Employee Leaves
The use of social media sites to attract customers, friends, and fans has added a valuable new marketing tool for employers. Companies spend thousands of marketing dollars collecting information about consumers who review their web pages, friend them on Facebook, connect with them on LinkedIn, or follow them on Twitter. The newest questions facing courts today involve the ownership and trade secret protection of social media information. Do the web-based customer contacts qualify as trade secrets? May a company claim ownership of information related to a social media site? Does "connecting" with a client on a social media site destroy the confidential nature of a client list? Several courts have now grappled with these issues. This article explores these cases and provides input into how a company can protect its interests in social media information, and its confidential trade secrets.
Ownership of Social Media Information
The issue of whether a company may claim ownership of the contacts, friends, connections, or fans from a social media site is a fact-based inquiry. Central to the issue is whether the information is a "trade secret." Trade secret status requires that information derive independent economic value from not being generally known, that the information is not readily ascertainable, and that a company make reasonable efforts to maintain its confidentiality. In considering whether social media contacts qualify as trade secrets, courts have looked beyond whether the social media contacts or lists are publicly identifiable to consider the underlying information about the contacts that may not be readily accessible, for example, likes and dislikes, email addresses, and other information. Thus, the contacts are not mere lists of names, but can include entire databases of information that is not public knowledge.
1. Ownership of Twitter Login Information and Customer Contacts
One of the first cases to consider whether a company has ownership rights to social media information was PhoneDog v. Kravitz. A central issue in PhoneDog was whether the login information and customer contacts from a Twitter account constituted trade secrets.
PhoneDog provides research information on mobile products and services to consumers. PhoneDog employed Noah Kravitz, who maintained a Twitter account on behalf of the company, to review products and blog about them. During the course of Kravitz's employment, the Twitter account generated approximately 17,000 Twitter followers. The more Twitter followers that PhoneDog had, the more customers were coming to its web page, and consequently, the more advertising dollars PhoneDog received.
When Kravtiz left his employment with PhoneDog, he changed the name of the Twitter handle and continued to use it. PhoneDog filed suit, alleging misappropriation of trade secrets, intentional and negligent interference with prospective economic advantage, and conversion. Kravitz moved to dismiss the claims. As to the misappropropriation of trade secrets claim, the Court found that the login information and follower names could constitute trade secrets. After PhoneDog replead its intentional and negligent interference claims, the Court also denied Kravitz's motion to dismiss those claims, finding that PhoneDog sufficiently stated a claim in alleging that Kravitz's actions decreased the traffic to its website through the Twitter account. Although the case is still ongoing, the district court's rulings are significant in showing the viability of these types of claims.
2. Ownership of LinkedIn Contacts
The ownership of LinkedIn account connections was considered in Eagle v. Morgan. That case also provides helpful guidance on how courts may treat competing claims of ownership of social media contacts.
Linda Eagle founded Edcomm Inc. to provide financial services and training. Dr. Eagle had a good reputation in the field of financial services training and had relationships with thousands of individuals and organizations. Dr. Eagle established an account with LinkedIn which she used to foster her reputation and to promote Edcomm's banking education services. After Dr. Eagle sold Edcomm to another company, she was terminated as the CEO. The new managers at Edcomm used Dr. Eagle's password to gain authorization to the account, change the password, and change the profile information to that of the new CEO. When Dr. Eagle tried to access the account, she found that the password had been changed. Dr. Eagle eventually regained control of her account.
Dr. Eagle brought eleven claims, including a conversion claim against Edcomm, claiming that she owned the LinkedIn account. The defendants brought a counterclaim against Dr. Eagle alleging that Dr. Eagle wrongfully misappropriated Edcomm's LinkedIn connections. The Court ruled that the LinkedIn account connections did not qualify as trade secrets because they are "generally known in the wider business community or [are] capable of being easily derived from public information." As to misappropriation, however, the Court determined that Edcomm's allegations that the Company largely developed and maintained the connections and content on the LinkedIn account solely at its expense and for its benefit created an issue of fact that precluded dismissal of that claim. The Court declined to dismiss Edcomm's unfair competition claim that was based on misappropriation of the LinkedIn account. Thus, although the LinkedIn account had been created by Dr. Eagle as an individual user, the use and maintenance of the account created at least factual questions about whether the account belonged to Edcomm.
3. Ownership and Trade Secret Status of Customer Lists on MySpace
Finally, the case of Cristou v. Beatport LLC is worthy of mention. At issue in that case was whether a company's login information for MySpace profiles and "friends" list could qualify as a trade secret.
Plaintiff, Regas Christou, owned a series of nightclubs that were influential in the Electric Dance Music scene. Christou employed Bradlie Roulier to work for him as a talent buyer. Roulier assisted Christou in booking DJs to perform at his venues. Roulier conceived of a new online marketplace for downloading music that catered consumers and producers of Electric Dance Music. Christou actually assisted Roulier with financing and assisted with promotion and advertising of the new venture, called Beatport. Beatport was a huge success.
Roulier then opened a nightclub in Denver that competed with clubs owned by Christou. Roulier leveraged ownership of Beatport to coerce DJs to boycott Christou's venues and to perform only at Roulier's new venue.
In response, Christou filed a lawsuit alleging various claims, including a state trade secrets misappropriation claim. Christou alleged in part that Beatport misappropriated login information for profiles on MySpace and a list of MySpace "friends."
In analyzing whether the MySpace login profiles and friends lists constituted trade secrets, the Court applied an eight-factor list set out by the Tenth Circuit in Hertz v. Luzenac Group. Those factors include:
- whether proper and reasonable steps were taken by the owner to protect the secrecy of the information;
- whether access to the information was restricted;
- whether employees knew customers' names from general experience;
- whether customers commonly dealt with more than one supplier;
- whether customer information could be readily obtained from public directories
- whether customer information is readily ascertainable from sources outside the owner's business;
- whether the owner of the customer list expended great cost and effort over a considerable period of time to develop the files; and
- whether it would be difficult for a competitor to duplicate the information.
Applying those factors, the Court found that the plaintiff had a viable trade secret misappropriation claim because the plaintiff had taken steps to protect the profiles and the "friend" information went beyond just names to include personal and contact information akin to a database of contact information. The Court also observed that significant time, resources and money was devoted to the development of the contact lists and the lists were not capable of duplication without considerable effort. Although the Court ultimately found that the existence of a trade secret was a question of fact, the Court decided that the plaintiff alleged sufficient facts to avoid dismissal of the trade secret claim.
What Should Employers Do to Protect Social Media Information?
As the decisions above illustrate, courts are not uniform in holding that contact information, social media profiles, or password accounts constitute trade secrets. The determination depends on the specific facts of each case. Nevertheless, these cases do illustrate some steps that employers can take to support an argument that social media information is a trade secret. Employers who wish to protect this information must be proactive and strategic. Some measures that employers can take include:
- Include "social media information" as a specific category of "confidential information" in Confidentiality and Non Disclosure Agreements.
- Create policies stating that social media contacts obtained while working on behalf of the Company are the property of the Company. Include that employees must turn over their login information for social media accounts that they maintain on behalf of the Employer prior to their departure from the Company.
- Address these issues in exit interviews with employees prior to their departure from employment. Have a departing employee work with the Company to ease the transition of followers to another person within the Company.
- As in Eagle v. Morgan, make concerted efforts to develop and maintain social media information and enforce policies regarding the use and development of social media contact information in the workplace.
- Keep track of the resources that expended to protect social media information, including the cost of employee's time in monitoring social media use, and in developing and updating web pages.
- If your Company has customer lists that the company considers a trade secret, then consider restricting employees from connecting with your customers on social media cites. Don't allow customer lists to become public knowledge.
- Have employees sign non-solicitation agreements indicating that they will not solicit clients or employees on LinkedIn or other web pages for a reasonable period of time after leaving employment.
- Finally, employers must be careful not to take an employee's private passwords and login information without authorization, as this could violate the Stored Communications Act. See, e.g., Pure Power Boot Camp. v. Warrior Fitness Boot Camp., 587 F. Supp. 2d 548, 556 (S.D.N.Y. 2008) (accessing an employees email accounts without authorization violated the Stored Communications Act.)
Social media use as a marketing and business tool brings new and interesting issues to the forefront regarding who owns the contact information, profiles, handles, and accounts that an employee creates as part of his or her job. From the few cases reported in this area, companies should take action to be in the best possible position to argue that they own the information.