LinkedIn, Facebook and Twitter: Challenges for Maintaining the Confidentiality of Employer Information
Professional networking. What once was almost exclusively a process of personal meetings and phone calls has dramatically shifted in recent years to include interactions in the online realm. Developers of social media platforms have rushed to satisfy consumer demand, creating an explosion of online networking outlets for personal and professional pursuits. These websites make it possible for individuals to store information about their professional contacts, which may otherwise be considered proprietary information by their employers. Ten years ago, such information was generally stored in a computer (often owned by the company) or kept in a physical rolodex. If a high-level employee was terminated or resigned, the company could "lock down" its proprietary information with relative ease. Social networking – especially in the professional domain – has been a game-changer. Once-easy questions are no longer so simple: When employees establish and use personal LinkedIn accounts for purposes directly related to professional marketing and networking, what happens in the event the employee stops working for the company? Does the company have any rights to the connections in the employee’s LinkedIn profile – connections that the employee likely spent company time collecting? Should the company have a right to the entire account? This article will explore answers to these questions based on the recent case of Linda Eagle v. Edcomm, Inc., and will provide suggested options for employers to consider to better protect proprietary information that may be included in their employees’ social media accounts.
When an individual establishes a LinkedIn account, it may seem obvious that he or she owns the account and the information it contains. However, in Edcomm, the court specifically addressed the possibility that a company, as opposed to the employee/initial creator of the LinkedIn account, owned the account. In Edcomm, the plaintiff established her LinkedIn account when she and other individuals founded the business of Edcomm, Inc. ("Edcomm"). The plaintiff utilized her LinkedIn account for various business purposes, including establishing a massive professional network that greatly contributed to the growth of Edcomm’s business. A few years later, Edcomm was purchased by another company and the plaintiff was involuntarily terminated by Edcomm some six months after that. Upon termination, Edcomm used the plaintiff’s password to gain access to her LinkedIn account and changed the profile to display the name and photograph of Edcomm’s new CEO, but retained the plaintiff’s recommendations and connections. The plaintiff sued Edcomm, alleging that Edcomm used her account both to prevent her connections from reaching her and to acquire business connections for the benefit of Edcomm’s new CEO.
Edcomm responded with a counterclaim alleging that the plaintiff’s LinkedIn account had been established and maintained at Edcomm’s expense for the benefit of Edcomm. Edcomm set forth in excruciating detail the length to which policies were established to control the LinkedIn accounts of its employees. Specifically, all Edcomm executive employees – under the plaintiff’s management and as a matter of company policy – were required to "(a) utilize their Edcomm email address for LinkedIn accounts; (b) utilize a specific form template, created and approved by Edcomm, for their description of Edcomm, work history, and professional activities, as well as photographs taken by a professional photographer hired by Edcomm; (c) contain links to Edcomm’s website on LinkedIn accounts . . . as well as Edcomm’s telephone number; and (d) utilize Edcomm’s template for replying to individuals through LinkedIn." Further, "certain Edcomm employees monitored these LinkedIn accounts, corrected any violations of Edcomm policy, and maintained accounts for several employees for the benefit of Edcomm" and "all discussions, connections, and content were added by Edcomm employees." Based on the foregoing, Edcomm alleged that the plaintiff (who actually regained control of her LinkedIn account after initiating her lawsuit), had wrongfully misappropriated proprietary information, including Edcomm’s connections in the LinkedIn account.
With respect to Edcomm’s misappropriation claim, the court determined that Edcomm’s hired personnel, and not the plaintiff, were responsible for developing and maintaining all connections and much of the content on the LinkedIn account. The court also noted these actions were taken solely at Edcomm’s expense and exclusively for its own benefit. As such, the court allowed Edcomm to proceed with its claims of misappropriation and unfair competition.
The court in the Edcomm case focused heavily on the level of control exercised by Edcomm with respect to the creation and maintenance of employees’ LinkedIn accounts. It may not be practical from a cost / benefit standpoint for a company to invest the amount of time, effort, and resources necessary to develop the level of control needed to present a viable claim for misappropriation based on the facts of Edcomm. Furthermore, it may be challenging to attract the best and brightest talent if a company conditions employment on applicants’ forfeiture of control over important social media tools such as LinkedIn. Thus, the question remains: What can employers do to protect proprietary information in a social media environment?
There are at least two clear options companies can pursue. The first option is to establish a policy of heightened control and account maintenance (such as that developed by Edcomm), to preserve a potential claim for misappropriation in the event an employee continues to try to utilize proprietary information contained in his/her LinkedIn account following termination of employment. However, such an approach will likely require a "two-step" policy.
First, the company must create policies regarding the creation and control of each individual employee’s LinkedIn account. Second, the company must create a policy that is then disseminated to employees regarding the company’s ownership of the account, and the efforts the company will utilize to exercise such rights. It will be almost impossible for a company to exercise sufficient control without obtaining each employee’s account password, thus enabling company representatives to log into accounts and change content as necessary. Moreover, requiring an employee to relinquish his/her password and account control to a third party will very likely amount to a violation of the user agreement entered into between the employee and LinkedIn at the time the account was established. As such, following this policy and establishing the level of control held by Edcomm is essentially tantamount to requiring a potential employee to violate a user agreement as a condition of employment.
An alternative option is to create a detailed and comprehensive social media policy that sets forth user guidelines with respect to use of social media for professional purposes, and limits the types of information that employees can post in the public domain. Such guidelines are relatively common and generally focus on responsibility for content published, approved ways in which social medial can be used during work time, and compliance with other company policies that may be implicated, such as policies against harassment or dissemination of confidential information.
Admittedly, these options present two extremes. On one hand, you have a rather draconian policy in which the company could arguably exercise full control of its employees’ LinkedIn accounts post-employment in an effort to protect proprietary information. On the other end of the spectrum, you have guidelines that loosely direct employees’ online and social media conduct, but likely fall short of giving companies the level of control over proprietary information that may have been historically exercised. Given these extremes, and to the extent a company does not have the time and resources or does not otherwise desire to strictly control the social media activities of its employees, there are a few things that companies can consider adding to the second approach in an effort to provide a greater level of accountability and control. For example, a company’s policy may be drafted to require that each employee "connect with" or "friend" a member of the company’s human resources department who would be responsible for periodically monitoring employees’ social media accounts to ensure that proprietary information was not being shared or improperly utilized. Another suggestion is to include detailed guidelines with respect to the type of information that employees are allowed to post online regarding clients and/or other business-related information. For example, employees could be prohibited from putting customer contact information on their LinkedIn account, and instead be limited to including name and title only.
As evidenced by this article, there is no "perfect" answer to the question of how a company can better protect its assets and goodwill in a world dominated by social media. Because social media can be an extremely effective marketing tool, companies may wish to encourage employee participation in online networking. However, with such encouragement comes the potential forfeiture of a level of control that employers once exercised over certain proprietary information. If employers wish to protect this type of information going forward, we recommend that some sort of policy, such as those addressed above, be implemented to address the same. If you would like to discuss options for protecting your company’s proprietary information in the social media realm, please feel free to contact one of the members of Koley Jessen’s Employment, Labor and Benefits Practice Group.
By Ryan J. Sevcik