Social media contact lists have become an increasingly important part of a business’s customer lists. While courts are still grappling with who legally “owns” the data that the employee acquired on the employer’s dime—such as LinkedIn customer connections or access to a list of Twitter-feed recipients[1]—employers can still take steps to bolster the company’s claim of ownership.
The Uniform Trade Secrets Act adopted by every state but New York and the federal Defend Trade Secrets Act define a trade secret as information that derives its economic value from not being generally known to the public, and is the subject of reasonable efforts to maintain its secrets. Customer lists and contact lists may also be deemed trade secrets if they meet these criteria, but social media contact lists raise unique concerns that employers should consider specifically addressing in their policies and practices.
Therefore, employers who value their social media contact lists as trade secrets may want to consider using employee policies that designate these lists as the employer’s proprietary property, and that require the employees to protect the confidentiality of their content on behalf of the employer.[2]
Here are some potential steps for employers to consider:
- Implement a Comprehensive Social Media Policy: Employers should consider implementing a comprehensive social media policy that:
- requires employees to maintain appropriate privacy settings for all social media accounts used for business (so the account’s contacts are not accessible by others who owe no duty of confidentiality to the employer);
- instructs employees not to discuss customers and customer preferences (or other potentially confidential information) in social media posts that are accessible by others who owe no duty of confidentiality to the employer;
- specifies what social media accounts and related data the company owns, while also appropriately addressing that social media technology, accounts and data are fluid; and
- defines the steps the employee must take upon separation/termination to eliminate customer contact information and data from the employee’s personal accounts and to ensure that the employer has access to the social media lists and related data.
- Require Employees to Sign Stand-Alone Agreements: Likewise, employers should consider requiring employees to sign stand-alone confidentiality and non-disclosure agreements whereby the employee acknowledges:
- the employer’s ownership of social media accounts and related data;
- the employee’s duty to protect the confidentiality for the employer; and
- the employee’s obligations upon separation/termination (e.g., give the employer access to the information and refrain from using or disclosing it further).
- Control Access to Business Social Media Accounts: Employers should also consider setting up their own social media accounts for business use where possible and making those accounts inaccessible to the employee upon separation/termination. Where applicable, employers may also want to state in the company’s social media policy and agreements above the procedure for employees to transfer access to an account back to the company.
- Provide Periodic Trainings and Reminders: The use of periodic trainings and reminders can increase compliance and reduce the need for future litigation to address misappropriation incidents.
- Treat Social Media Contacts Akin to Traditional Customer Lists: More generally, employers should consider training employees to view social media contact lists in the same protected light as the employers’ internal customer lists. Maintaining these contact lists in the same secure manner, restricting access on a need-to-know basis, and tracking the company’s investment in building those contact lists may further bolster their protection.
The list above is far from exhaustive, and employers should consult with qualified counsel before implementing and finalizing policies and procedures to protect social media contact lists.
[1] Federal district court decisions have varied on the issue of ownership of social media accounts and their contacts. For example, in Eagle v. Morgan, 2013 WL 943350 (E.D. Pa. Mar. 12, 2013), the court held that all of the connections of a former employee’s LinkedIn account belonged to the employee because the company had no official social media policy on ownership of the information. Similarly, in Cellular Accessories for Less, Inc. v. Trinitas LLC, 2014 WL 4627090 (N.D. Cal. Sept. 16, 2014), the court held that where a former employee signed an employment agreement that specifically stated customer lists were the property of the employer, customer contacts in the employee’s personal LinkedIn account could qualify as trade secrets because the employee had the ability to limit others’ ability to view his contacts. Conversely, in BH Media Group Inc. v. Bitter, 2018 WL 3768425 (W.D. Va. Sept. 27, 2018), the court found that a newspaper employer failed to establish that it owned the Twitter account of its former writer (and access to its 27,000 followers), despite the former employee’s signing an employee handbook with an intellectual property assignment provision that applied to social media accounts.
[2] Notably, reasonable steps do not necessarily require those suggested here. Instead, these are just potential steps that businesses may want to consider implementing.