Co-authored by Matthew H. Sorensen.
Social media has become an increasingly important tool for businesses to market their products and services. As the use of social media in business continues to grow, companies will face new challenges with respect to the protection of their confidential information and business goodwill, as several recent federal district court decisions demonstrate.
Christou v. Beatport, LLC (D. Colo. 2012), Ardis Health, LLC v. Nankivell (S.D.N.Y. 2011), and PhoneDog v. Kravitz (N.D. Cal. 2011) each involved former employees who took the login credentials for their employers’ business social media accounts when they left their employment. In each case, the companies alleged that the removal of the login credentials for their social media accounts by their former employees had significant negative consequences on their ability to effectively compete and market their products and services.
Earlier this year, the U.S. District Court for the District of Colorado addressed whether a nightclub owner’s MySpace page and its connections could constitute a protectable trade secret. In Christou v. Beatport, LLC, Bradley Roulier, a former partner in a business that ran two Denver nightclubs kept the login credentials for the clubs’ MySpace pages when he left the partnership to start his own competing nightclub. According to the complaint, the nightclubs’ MySpace pages each had over 10,000 “friends.” After leaving to start his own competing club, Mr. Roulier used the login credentials that he had taken to post updates to his former partner’s MySpace pages promoting his new night club. His former partner then sued him for misappropriation of its trade secrets – namely the login credentials for its MySpace pages and the “friend” connections for those pages. On Mr. Roulier’s motion to dismiss, the court found that the MySpace login credentials and the “friend” connections could constitute protectable trade secrets. The court concluded that the MySpace pages were password protected, that the “friend” connections for the clubs’ MySpace pages were more than just lists of potential customers, they also provided personal information about the “friends” and their preferences, and the clubs’ lists of “friends” could not be duplicated without a substantial amount of effort and expense.
In a similar case, Ardis Health, a former employee effectively froze her former employer out of its business social media websites by taking the login credentials for the accounts and refusing to return them to the former employer. The employee had formerly been responsible for creating and updating the company’s social media websites and was in sole possession of the login credentials for those websites at the time her employment was terminated. Accordingly, when she refused to return the login credentials after her termination, the employer could no longer access or update its websites. The employer was ultimately able to obtain a preliminary injunction requiring the former employee to return the login credentials for its social media websites based on the theory that the former employee’s unauthorized retention of that information constituted conversion. In finding that the company owned the rights to the login credentials for its social media sites, the court noted that the former employee had entered an agreement in which she had agreed that any work she created or developed during her employment would be the property of the company.
Finally, in PhoneDog, a former employee who had been responsible for establishing and operating a Twitter account for his employer that was designed to increase traffic to his employer’s website kept the login credentials for the account after he terminated his employment with the company, renamed the account, and kept its Twitter following. PhoneDog alleged its Twitter following was the equivalent of a proprietary customer list. PhoneDog also alleged that, by taking the account, the employee effectively decreased the number of visitors to the company’s website and thereby reduced the number of advertisers who were willing to purchase space on its website. On the former employee’s motion to dismiss, the U.S. District Court for the Northern District of California held that the Twitter account, its login credentials, and its followers could potentially constitute protectable trade secrets and that the unauthorized taking of the account and its login credentials constituted misappropriation.
It should be noted that the courts in both PhoneDog and Christou did not find that the plaintiffs had established that their social media accounts were trade secrets. Rather, the courts simply held that they had alleged sufficient facts to state a claim that those accounts were trade secrets. The question of whether the employers will be able to prove the facts necessary to prevail on their claims was left open and both plaintiffs may very well encounter difficulties in proving the facts necessary to prevail on their trade secrets claims later in their respective cases.
These cases demonstrate the importance of careful planning to protect a company’s social media presence and its business connections. Employers should ensure that they maintain a log of their social media account login credentials and that the log is appropriately updated. Further, companies are well advised to require employees who establish and maintain such accounts on behalf of the company to enter agreements that provide that the accounts and their login credentials are the sole property of the company. Departing employees should also be interviewed in connection with their exit to ensure that all company social media login credentials to which they had access have been returned. Finally, in the event that an employee takes the login credentials for the employer’s social media accounts when he or she leaves the company, it is essential for the employer to take prompt action to recover the information. Delay can result in the loss of legal protections for the accounts and any connections that they hold