Trade Secrets and Noncompete Blog : Non-Compete Lawyer & Attorney : Epstein Becker Green Law Firm : Trade Secrets & Confidentiality Agreements

The New Jersey Legislature was overwhelmingly in favor of a measure that would have barred employers from obtaining social media IDs and other social media related information from employees and applicants. Click here for A2878 as passed.  But Governor Chris Christie vetoed A-2878 because it would frustrate a business’s ability “to safeguard its business assets and proprietary information” and potentially conflict with regulatory requirements on businesses in regulated industries such as finance and healthcare. Click here for the Governor's Veto Statement. While the Governor thought the bill well-intentioned, he conditionally vetoed it for painting “with too broad a brush,” citing the trade secrets/proprietary information concern as a primary motivation: “In view of the over-breadth of this well-intentioned bill, I return it with my recommendations that it be more properly balanced between protecting the privacy of employees and job candidates, while ensuring that employers may appropriately screen job candidates, manage their personnel, and protect their business assets and proprietary information.”

The Governor specifically recommended the bill be revised to:

• Create an exception to allow investigation of work place misconduct or unauthorized transfer of confidential or proprietary data to a personal account;
• Add language confirming that an employer may view, access, or utilize information about a current or prospective employee that can be obtained in the public domain;
• Carve out of the definition of “personal account” any account, service or profile created, maintained, used or accessed by a current or prospective employee for business purposes of the employer or to engage in business related communications;
• Eliminate provisions that would create a civil cause of action for affected employees or applicants;
• Add a proviso stating that nothing in the act shall prevent an employer from implementing and enforcing a policy pertaining to the use of an employer issued electronic communications device or any accounts or services provided by the employer or that the employee uses for business purposes; and
• Add a proviso stating that nothing in the act should be construed to prevent an employer from complying with the requirements of State or federal statutes, rules or regulations, case law or rules of self-regulatory organizations.

Click here for the bill as revised after the Governor's veto statement.

These last two provisos are important ones, especially for the financial services industry and the healthcare industry. They are important because FINRA, for example, has laid out certain monitoring and record keeping requirements concerning social media used to communicate with clients and prospective clients concerning potential financial transactions. See, e.g., FINRA Guidance here.

There are likewise data security requirements emerging out of HIPAA and other bodies of law that may require security and monitoring of social media. Click here for a discussion of such issues by Dan Goldman (@danielg280), legal counsel at Mayo Clinic and Advisory Board member to the Mayo Clinic Center for Social Media. In an age of BYOD (Bring Your Own Device) and the consolidation of business and personal activity to a single mobile device, failure to include such exceptions would force employers into hard choices between required monitoring and desired seamlessness of the business/personal transition.

While many states have in the last year adopted such statutes, the interplay between the Governor and the Legislature in New Jersey plays out the competing interests nicely, and hopefully starts a trend toward a more measured approach to such questions. Accommodating these competing interests is not only a legislative challenge, but is one faced by employers and businesses every day.

Co-authored by Mathew D. Dudek.

Social media has changed the way that companies and employees connect to clients and customers. As new uses for social networking emerge, legal issues in this area are arising.

In Eagle v. Morgan, et al., the United States District Court for the Eastern District of Pennsylvania was faced with one such issue: whether an employer could seize a former employee’s LinkedIn page and keep the page in operation following the employee’s termination. In that case, Linda Eagle, an executive with Edcomm Inc., had created a LinkedIn account using her work e-mail address as a sales and marketing tool. Eagle provided her LinkedIn password to certain other Edcomm employees so the employees could help monitor and update the account. Under “the LinkedIn ‘User Agreement,’ however, the account belonged to Eagle alone and she was individually bound by the User Agreement.” Following Eagle’s termination, Edcomm employees accessed the LinkedIn account and changed its password, effectively locking Eagle out of the account, and also updated Eagle’s LinkedIn page to reflect another Edcomm executive’s information, while still keeping a list of Eagle’s honors and awards. As a result, a Google search for Eagle or a search for her on LinkedIn would bring the user to Eagle’s LinkedIn account, which then bore the name, picture and credentials of the other Edcomm executive.

Eagle subsequently filed suit against Edcomm and certain individual employees, “the principal thrust of which is the alleged illegal use of Eagle’s LinkedIn account by Edcomm, to her economic detriment.”

 In addressing these claims, the court noted that on the day Eagle was terminated, Edcomm had not adopted a policy that informed its employees that their LinkedIn accounts were the property of Edcomm. Even if it had, however, the court stated that it was unclear whether such a policy would be legally valid under the contract between LinkedIn and Eagle, an individual user. Nevertheless, the court did not reach that issue given that there was no such policy in place when Eagle was terminated.

Ultimately, the court determined that Eagle’s “name” had commercial value which Edcomm had used to its own benefit. Based on this finding, the court ruled in favor of Eagle on state law claims of unauthorized use of name, invasion of privacy by misappropriation of identity, and misappropriation of identity. However, the court found Eagle’s request for damages legally insufficient because she “failed to point to one contract, one client, one prospect, or one deal that could have been, but was not obtained during the period she did not have full access to her LinkedIn account.”

Despite Eagle’s failure to establish specific damages, this case is a reminder that employers should review all policies which govern employee social media usage. Not only must such policies clearly set forth expectations regarding ownership of the account and what is and is not appropriate, such policies also need to be regularly updated to ensure compliance with the changing legal landscape, given that various state legislatures and the National Labor Relations Board are rapidly entering the fray over employee social media use and employer policies related thereto. For example, as of January 1, 2013, Illinois employers may not “request or require any employee or prospective employee to provide any password or other related account information in order to gain access to the employee’s or prospective employee’s account or profile on a social networking website or to demand access in any manner to an employee’s or prospective employee’s account or profile on a social networking website.” 820 ILCS 55/10(b)(1).
 

Peter Steinmeyer, a Member of the Firm in the Labor and Employment practice and Managing Shareholder of the Chicago office, was quoted in an article in Law360.com titled "5 Tips for Drafting Employment Pacts in the Social Media Era." (Read the full version – subscription required.)

Following is an excerpt:

Facebook, LinkedIn and Twitter have radically changed how companies and employees connect to each other as well as clients or customers, and those changes have left the law — and employment contracts — struggling to keep up, lawyers say.

"Technology and society move quicker than the law, and the law is catching up right now," said Peter Steinmeyer, co-chairman of the noncompetes, unfair competition and trade secrets practice group at Epstein Becker Green. …

Exactly what constitutes "solicitation" may be the biggest unresolved question for lawyers trying to enforce agreements barring departing workers from luring clients or former co-workers away from a company in the social media realm, Steinmeyer said. …

"In the social media era, it makes sense to have a more specific definition of solicitation, but an awful lot of agreements simply use the word 'solicit' without defining what that means," Steinmeyer said. …

But in light of the uncertainty swirling around what constitutes a solicitation on the social media sphere, employers might want to go against the grain and make sure their nonsolicitation agreements are accompanied by restrictions that prohibit departing employees from doing business with their former customers, Steinmeyer said. …

In addition to making sure workers understand the significance of any confidential information they may have access to, companies should clearly label confidential information as such and hold exit interviews with departing employees that stress the need to protect confidential data, according to Steinmeyer.
 

Co-authored by Matthew H. Sorensen.

Social media has become an increasingly important tool for businesses to market their products and services. As the use of social media in business continues to grow, companies will face new challenges with respect to the protection of their confidential information and business goodwill, as several recent federal district court decisions demonstrate.

Christou v. Beatport, LLC (D. Colo. 2012), Ardis Health, LLC v. Nankivell (S.D.N.Y. 2011), and PhoneDog v. Kravitz (N.D. Cal. 2011) each involved former employees who took the login credentials for their employers’ business social media accounts when they left their employment. In each case, the companies alleged that the removal of the login credentials for their social media accounts by their former employees had significant negative consequences on their ability to effectively compete and market their products and services.

Earlier this year, the U.S. District Court for the District of Colorado addressed whether a nightclub owner’s MySpace page and its connections could constitute a protectable trade secret. In Christou v. Beatport, LLC, Bradley Roulier, a former partner in a business that ran two Denver nightclubs kept the login credentials for the clubs’ MySpace pages when he left the partnership to start his own competing nightclub. According to the complaint, the nightclubs’ MySpace pages each had over 10,000 “friends.” After leaving to start his own competing club, Mr. Roulier used the login credentials that he had taken to post updates to his former partner’s MySpace pages promoting his new night club. His former partner then sued him for misappropriation of its trade secrets – namely the login credentials for its MySpace pages and the “friend” connections for those pages. On Mr. Roulier’s motion to dismiss, the court found that the MySpace login credentials and the “friend” connections could constitute protectable trade secrets. The court concluded that the MySpace pages were password protected, that the “friend” connections for the clubs’ MySpace pages were more than just lists of potential customers, they also provided personal information about the “friends” and their preferences, and the clubs’ lists of “friends” could not be duplicated without a substantial amount of effort and expense.

In a similar case, Ardis Health, a former employee effectively froze her former employer out of its business social media websites by taking the login credentials for the accounts and refusing to return them to the former employer. The employee had formerly been responsible for creating and updating the company’s social media websites and was in sole possession of the login credentials for those websites at the time her employment was terminated. Accordingly, when she refused to return the login credentials after her termination, the employer could no longer access or update its websites. The employer was ultimately able to obtain a preliminary injunction requiring the former employee to return the login credentials for its social media websites based on the theory that the former employee’s unauthorized retention of that information constituted conversion. In finding that the company owned the rights to the login credentials for its social media sites, the court noted that the former employee had entered an agreement in which she had agreed that any work she created or developed during her employment would be the property of the company.

Finally, in PhoneDog, a former employee who had been responsible for establishing and operating a Twitter account for his employer that was designed to increase traffic to his employer’s website kept the login credentials for the account after he terminated his employment with the company, renamed the account, and kept its Twitter following. PhoneDog alleged its Twitter following was the equivalent of a proprietary customer list. PhoneDog also alleged that, by taking the account, the employee effectively decreased the number of visitors to the company’s website and thereby reduced the number of advertisers who were willing to purchase space on its website. On the former employee’s motion to dismiss, the U.S. District Court for the Northern District of California held that the Twitter account, its login credentials, and its followers could potentially constitute protectable trade secrets and that the unauthorized taking of the account and its login credentials constituted misappropriation.

It should be noted that the courts in both PhoneDog and Christou did not find that the plaintiffs had established that their social media accounts were trade secrets. Rather, the courts simply held that they had alleged sufficient facts to state a claim that those accounts were trade secrets. The question of whether the employers will be able to prove the facts necessary to prevail on their claims was left open and both plaintiffs may very well encounter difficulties in proving the facts necessary to prevail on their trade secrets claims later in their respective cases.

These cases demonstrate the importance of careful planning to protect a company’s social media presence and its business connections. Employers should ensure that they maintain a log of their social media account login credentials and that the log is appropriately updated. Further, companies are well advised to require employees who establish and maintain such accounts on behalf of the company to enter agreements that provide that the accounts and their login credentials are the sole property of the company. Departing employees should also be interviewed in connection with their exit to ensure that all company social media login credentials to which they had access have been returned. Finally, in the event that an employee takes the login credentials for the employer’s social media accounts when he or she leaves the company, it is essential for the employer to take prompt action to recover the information. Delay can result in the loss of legal protections for the accounts and any connections that they hold