How Can Employers Protect Their Confidential and Proprietary Information?

Effective Use of Social Media Policies to Protect Confidential Information

A social media policy should explain acceptable uses of the employer's social media accounts and establish ownership of those accounts and the contacts made through them. These accounts and contacts themselves may constitute trade secrets. As discussed in detail below, the policy should establish rules for the content of employees' social media posts that relate to their employment, and remind employees that all other workplace policies apply to social media activity. Including these elements in a social media policy can serve to protect employers' confidential and proprietary information.

Set Rules for the Content of Employee Social Media Posts

To guard against employees disclosing confidential or proprietary employer information, social media policies should clearly explain the types of information employees may and may not discuss on social media. The policy also should specify that it applies to posts that employees may make to any personal social media accounts they may have, including, for example, LinkedIn, Facebook, and Twitter accounts, particularly if that personal account discloses the employee's affiliation with the employer. It is important for the policy to be as specific as possible about the kind of confidential or proprietary information the employer seeks to prohibit employees from discussing.

The National Labor Relations Board (NLRB) recently has been active in policing employer social media policies, especially those policies that prohibit, or may be construed by the NLRB to prohibit, employees from engaging in concerted activity related to the terms and conditions of their employment. So, for example, employers generally may not demand confidentiality regarding working conditions or disparaging comments about the employer, prohibit use of company logos or require employees to obtain management approval before posting such information to social media accounts. Rather, according to the NLRB, the employer's social media policy should focus on protecting the company's proprietary business-related information by prohibiting posts about the performance of the company's products or services, disclosure of privileged or proprietary information, posts that would violate federal or state law, and unauthorized posts in the name of the company. Where possible, social media policy requirements should link to or incorporate other company policies.

In addition to having clear policy language, employers also should consider training employees on the kind of company-related information that is considered confidential or proprietary, and therefore not appropriate for disclosure on social media (or anywhere else, for that matter). Labeling documents conveying sensitive and confidential information as such can also help to avoid inadvertent public disclosure. Finally, employers should remind employees during exit interviews about their post-employment confidentiality obligations and that they specifically apply to social media activity.

Explain Who Owns Social Media Accounts and Contacts

Courts are beginning to recognize that contacts developed through social media may be trade secrets. So employers should be sure they take explicit and well-documented steps to protect that information. The court in PhoneDog v. Kravitz, 2011 WL 5415612 (N.D. Cal. 2011), denied a former employee's motion to dismiss his employer's misappropriation of trade secrets claim premised on the employee's failure to relinquish control of a Twitter account established for the employer and used by the employee during his time with the company, during which the account accumulated 17,000 followers. In denying the motion, the court acknowledged the possibility that the account password and followers could be protectable trade secrets. The case settled shortly after the court's denial of the motion to dismiss, so the court never had a chance to definitively rule on whether the Twitter password and followers actually fell within the definition of trade secrets. Similarly, the court in Christou v. Beatport, 2012 WL 872574 (D. Colo. Mar. 14, 2012), acknowledged that a nightclub's patron contact list on MySpace could be a trade secret because of the significant efforts and expense in “friending” thousands of potential patrons and because MySpace profile-related information of the contacts was not accessible to the general public.

Given that courts can be receptive to finding that social media connections are protectable trade secrets, employers should establish in their social media policies that ownership of the social media accounts created on behalf of their business, along with the contents and contacts associated with those accounts, remains at all times with the employer. Some steps to accomplish this are explicitly claiming ownership in a social media policy, limiting access to those accounts to authorized users, and establishing protocols for maintaining login credentials and password information for those accounts. It also is a good idea to state in the policy that employees with access to those accounts agree to relinquish the account and all related login information upon termination of employment. Employers should also clarify that they must at all times have access to the information contained in those accounts. Being able to document the employee's explicit agreement to these arrangements makes the employer's case that much stronger.

Courts that have faced challenges to the ownership of business-related social media accounts have looked to the existence of an employer policy as a relevant factor in determining who in fact owns those accounts and associated contacts. For example, in Eagle v. Morgan, 2013 WL 943350 (E.D. Pa. Mar. 12, 2013), the court decided that an employer had no right to take over its former employee's LinkedIn account, opened by the employee to carry out the employer's marketing and networking objectives. The court relied heavily on the fact that the employer did not have a written policy in place regarding ownership of such accounts. Had such a policy existed, the employer may have had a valid defense to the employee's claims on that basis.

Ownership of Employee 'Personal' Accounts Used to Conduct the Employer's Business

Social media account ownership becomes less straightforward when the account is not clearly associated with the employer, or when an employee conducts business or develops business-related contacts through his or her personal social media account. To make ownership clear, employers should consider having employees at the start of employment open a new social media account on the employer's behalf ' and requiring the employee to confirm that all activity on that account is related to, and done on behalf of, the employer. Doing so might help to avoid the situation facing the employer in Maremont v. Susan Fredman Design Group, Ltd. et al, 2014 WL 812401 (N.D. Ill. March 03, 2014). That saga illustrates the practical and legal difficulties that can occur when ownership is less than clear.

In Maremont, the plaintiff used her personal Facebook and Twitter accounts to promote the defendant's business. When the plaintiff was on medical leave due to an automobile accident, the defendant's other employees accessed the plaintiff's accounts, using passwords provided by the plaintiff before she went on leave, to continue linking those accounts to the defendant's website and blog. As a result of that conduct, the plaintiff alleged a violation of the Stored Communications Act, which prohibits intentional, unauthorized access of communications held in electronic storage. That claim survived summary judgment and is scheduled for trial later this year because there was a disputed issue of material fact as to whether the employee had authorized her employer to access those accounts. The employer claimed that it had permission to access the accounts and that the employee had saved the passwords in a document accessible on its computer system; however, the employee claimed that she kept the file containing her passwords in a locked electronic file on the employer's server and that, in any event, she never gave anyone at the employer permission to access her accounts. Had the employer required the employee to open and maintain a separate, business-related social media account, the outcome of the employer's summary judgment motion may have been different.

Use of Employment and Non-Solicitation Agreements To Protect Confidential Information

Employers should review not only their social media policies, but also their employment, confidentiality and non-solicitation agreements to ensure they address employee use of social media. As discussed below, employment agreements should contain a confidentiality clause addressing what the employee may and may not permissibly post on social media. Employment agreements should also discuss social media account ownership. Finally, employers should review the terms of their non-solicitation agreements to ensure they adequately address former employee contact with clients, customers and co-workers on social media.

Employment Agreements

Employers should consider updating these agreements to specifically include appropriate restrictions on the types of information that employees may post on social media. Employers likewise would be wise to state that any information available to the employee related to the employer's social media account, such as login and password information as well as the profile information of any contacts, is to remain confidential and may not be broadly shared. This may help the employer establish that it took sufficient measures to protect the confidential nature of this information in the event that the employer needs to establish in court that they are trade secrets.

Employers might also want to include in employment or confidentiality agreements a requirement that employees delete all employer-related sensitive information from any personal social media accounts upon termination of employment as well as a requirement that employees return login and password information for any employer-related social media account. Language of this kind helped the employer in Ardis Health LLC et al. v. Nankivell, 2011 WL 4965172 (S.D.N.Y. Oct. 19, 2011), obtain injunctive relief against a former employee who refused to turn over the company's login and password information for various social media and e-mail accounts. At the outset of her employment, the employee signed an agreement in which she promised to return all confidential information upon request. The court held that this agreement established the employer's right to the account information at issue and went on to issue a preliminary injunction requiring the former employee to relinquish it.

Non-Solicitation Agreements

Given the ease with which contacts may be made on social media, employers should ensure that the definition of “solicit” in their non-solicitation agreements includes former employees' social media contacts with clients, customers and co-workers.

Courts' Treatment of'Generic Social Media'Contact with Clients or Co-Workers

As discussed above, some courts have recognized that connections, followers and friends collected through an employer-affiliated social media account may be trade secrets. However, courts generally have not been sympathetic to attempts by employers to prevent former employees from making post-termination generic contact with former co-workers and customers through social media. For example, the court in NDSL, Inc. v. Patnoude, 2012 WL 6096584 (W.D. Mich. Dec. 7, 2012), denied a company's request for a preliminary injunction because its former employee's post-termination generic invitation to connect with the company's customer via LinkedIn was insufficient to establish that the solicitation was in violation of his non-solicitation agreement.

Similarly, in Pre-Paid Legal Services, Inc. v. Cahill, 924 F. Supp. 2d 1281 (E.D. Okla. 2013), a court denied an injunction to an employer who claimed that its former employee's Twitter invitations to former co-workers violated his non-solicitation agreement. As the court in Invidia LLC v. DiFonzo reasoned in finding that a hairstylist did not violate her non-solicitation agreement by “friending” eight of her former employer's customers on Facebook, “one can be Facebook friends with others without soliciting those friends to change hair salons, and [plaintiff] has presented no evidence of any communications, through Facebook or otherwise, in which [defendant] has suggested to these Facebook friends that they should take their business to her chair.” 30 Mass. L. Rptr. 390, 2012 WL 5576406 (Mass. Super., Oct. 22, 2012). The court in Invidia also found significant that the employer presented no evidence that the former stylist communicated to the former clients, through Facebook or otherwise, that they should take their business to her new employer.

Courts' Treatment of New Employment Announcements On Social Media

Courts have treated similarly employer claims that former employees' announcements on social media about their new employment violated the terms of the employees' non-solicitation agreements. In Pre-Paid Legal Services, Inc', discussed above, the court also denied the employer's request for a preliminary injunction to prevent its former employee from making general posts to his Facebook account touting his new employer's products and his satisfaction with his new employment, even though some of the employer's current employees were Facebook friends with the defendant and presumably saw his posts. 924 F. Supp. 2d at 1291-92. The court in Invidia similarly held that a post on defendant's Facebook page from her new employer announcing the defendant's new position was not a solicitation in violation of her restrictive covenant. 2012 WL 5576406, at *6.

Update the Definition of 'Solicit' in Agreements

Significantly, none of the agreements at issue in the cases discussed above specifically defined what it meant to “solicit” former customers or co-workers, nor did the courts address how their decisions might have differed if the non-solicitation agreements had done so. Given the proliferation of social media as a means of communication for both personal and professional purposes, employers may want to consider revising their non-solicitation agreements to specifically define “solicit” as including certain forms of contact on social media. Given that the law in this area is still developing, the extent to which courts will uphold such language and under what factual circumstances they might do so remains to be seen, but such specificity will at least serve as a reminder to former employees that communications through social media are in fact subject to their post-employment restrictive covenants.

Conclusion

It has become increasingly commonplace for employees to conduct their employers' business through social media, oftentimes blurring the line between their personal and professional lives. Employers cannot afford to take the risk that their confidential information will be an open book due to disclosure through social media. They also must ensure that the relationships developed on their behalf through social media remain protected as employees leave the company. While the law in this area is still developing, each year we can expect to see courts providing additional guidance on the appropriate ways in which employers can safeguard their business information and relationships. In the meantime, a well-drafted social media policy supplemented with employment agreements and non-solicitation agreements that specifically address the many issues that social media use in the workplace raises is the best tool employers have to protect their confidential information and relationships with customers, clients and current employees.

Marcia E. Goodman is a partner in Mayer Brown's Litigation & Dispute Resolution practice and serves as co-leader of the firm's U.S. Employment and ERISA Litigation Action Group. Lori Zahalka is an associate in the same practice.

'

'

'

'

SPECIAL OFFER: Twitter, LinkedIn, Facebook and Google+ followers can get an online subscription to Employment Law Strategist for only $299. Click here, select Digital Only and use promo code ELSOL299 at checkout. This offer is valid for new subscribers only.

'

'

'

'

Seventy three percent of online adults use at least one social networking site. Ninety percent of Generation Y (ages 18-29) use at least one social media platform. See Pew Research, “Social Networking Fact Sheet,” http://bit.ly/PUVhz4; Pew Research, “Social Media Update 2013,” http://bit.ly/OKvIzg. The information that users post on social media sites, for better or for worse, has the potential to reach a broad audience and reach it quickly. To use a well-known example, a former public relations director of corporate communication for a major company tweeted before boarding a plane, “Going to Africa. Hope I don't get AIDS. Just kidding. I'm white!” and before she landed, that tweet had been retweeted over 3,000 times.

Social media also makes it easier than ever to connect and communicate with clients and co-workers and to disseminate information about a company's brand or services. Accordingly, employers should take steps to protect their social media presence, accounts, and contacts. While social media certainly has benefits, it also poses risks for employers when it comes to protecting their confidential information and trade secrets, particularly given social media's casual real-time feel that may lull employees into forgetting that all the restrictions that normally attach to work-related communications still apply. For example, work-related posts to social media are still subject to all relevant regulations, such as the SEC's Regulation FD, other regulatory requirements, and any policies the employer has in place regarding intellectual property, confidentiality, harassment, discrimination, and Internet use.

This article explores the developing law related to employee social media use and its effect on the confidentiality and protectability of employers' trade secrets and other proprietary information. It also provides suggestions for concrete steps employers can take to safeguard that information in the social media age.

Effective Use of Social Media Policies to Protect Confidential Information

A social media policy should explain acceptable uses of the employer's social media accounts and establish ownership of those accounts and the contacts made through them. These accounts and contacts themselves may constitute trade secrets. As discussed in detail below, the policy should establish rules for the content of employees' social media posts that relate to their employment, and remind employees that all other workplace policies apply to social media activity. Including these elements in a social media policy can serve to protect employers' confidential and proprietary information.

Set Rules for the Content of Employee Social Media Posts

To guard against employees disclosing confidential or proprietary employer information, social media policies should clearly explain the types of information employees may and may not discuss on social media. The policy also should specify that it applies to posts that employees may make to any personal social media accounts they may have, including, for example, LinkedIn, Facebook, and Twitter accounts, particularly if that personal account discloses the employee's affiliation with the employer. It is important for the policy to be as specific as possible about the kind of confidential or proprietary information the employer seeks to prohibit employees from discussing.

The National Labor Relations Board (NLRB) recently has been active in policing employer social media policies, especially those policies that prohibit, or may be construed by the NLRB to prohibit, employees from engaging in concerted activity related to the terms and conditions of their employment. So, for example, employers generally may not demand confidentiality regarding working conditions or disparaging comments about the employer, prohibit use of company logos or require employees to obtain management approval before posting such information to social media accounts. Rather, according to the NLRB, the employer's social media policy should focus on protecting the company's proprietary business-related information by prohibiting posts about the performance of the company's products or services, disclosure of privileged or proprietary information, posts that would violate federal or state law, and unauthorized posts in the name of the company. Where possible, social media policy requirements should link to or incorporate other company policies.

In addition to having clear policy language, employers also should consider training employees on the kind of company-related information that is considered confidential or proprietary, and therefore not appropriate for disclosure on social media (or anywhere else, for that matter). Labeling documents conveying sensitive and confidential information as such can also help to avoid inadvertent public disclosure. Finally, employers should remind employees during exit interviews about their post-employment confidentiality obligations and that they specifically apply to social media activity.

Explain Who Owns Social Media Accounts and Contacts

Courts are beginning to recognize that contacts developed through social media may be trade secrets. So employers should be sure they take explicit and well-documented steps to protect that information. The court in PhoneDog v. Kravitz, 2011 WL 5415612 (N.D. Cal. 2011), denied a former employee's motion to dismiss his employer's misappropriation of trade secrets claim premised on the employee's failure to relinquish control of a Twitter account established for the employer and used by the employee during his time with the company, during which the account accumulated 17,000 followers. In denying the motion, the court acknowledged the possibility that the account password and followers could be protectable trade secrets. The case settled shortly after the court's denial of the motion to dismiss, so the court never had a chance to definitively rule on whether the Twitter password and followers actually fell within the definition of trade secrets. Similarly, the court in Christou v. Beatport, 2012 WL 872574 (D. Colo. Mar. 14, 2012), acknowledged that a nightclub's patron contact list on MySpace could be a trade secret because of the significant efforts and expense in “friending” thousands of potential patrons and because MySpace profile-related information of the contacts was not accessible to the general public.

Given that courts can be receptive to finding that social media connections are protectable trade secrets, employers should establish in their social media policies that ownership of the social media accounts created on behalf of their business, along with the contents and contacts associated with those accounts, remains at all times with the employer. Some steps to accomplish this are explicitly claiming ownership in a social media policy, limiting access to those accounts to authorized users, and establishing protocols for maintaining login credentials and password information for those accounts. It also is a good idea to state in the policy that employees with access to those accounts agree to relinquish the account and all related login information upon termination of employment. Employers should also clarify that they must at all times have access to the information contained in those accounts. Being able to document the employee's explicit agreement to these arrangements makes the employer's case that much stronger.

Courts that have faced challenges to the ownership of business-related social media accounts have looked to the existence of an employer policy as a relevant factor in determining who in fact owns those accounts and associated contacts. For example, in Eagle v. Morgan, 2013 WL 943350 (E.D. Pa. Mar. 12, 2013), the court decided that an employer had no right to take over its former employee's LinkedIn account, opened by the employee to carry out the employer's marketing and networking objectives. The court relied heavily on the fact that the employer did not have a written policy in place regarding ownership of such accounts. Had such a policy existed, the employer may have had a valid defense to the employee's claims on that basis.

Ownership of Employee 'Personal' Accounts Used to Conduct the Employer's Business

Social media account ownership becomes less straightforward when the account is not clearly associated with the employer, or when an employee conducts business or develops business-related contacts through his or her personal social media account. To make ownership clear, employers should consider having employees at the start of employment open a new social media account on the employer's behalf ' and requiring the employee to confirm that all activity on that account is related to, and done on behalf of, the employer. Doing so might help to avoid the situation facing the employer in Maremont v. Susan Fredman Design Group, Ltd. et al, 2014 WL 812401 (N.D. Ill. March 03, 2014). That saga illustrates the practical and legal difficulties that can occur when ownership is less than clear.

In Maremont, the plaintiff used her personal Facebook and Twitter accounts to promote the defendant's business. When the plaintiff was on medical leave due to an automobile accident, the defendant's other employees accessed the plaintiff's accounts, using passwords provided by the plaintiff before she went on leave, to continue linking those accounts to the defendant's website and blog. As a result of that conduct, the plaintiff alleged a violation of the Stored Communications Act, which prohibits intentional, unauthorized access of communications held in electronic storage. That claim survived summary judgment and is scheduled for trial later this year because there was a disputed issue of material fact as to whether the employee had authorized her employer to access those accounts. The employer claimed that it had permission to access the accounts and that the employee had saved the passwords in a document accessible on its computer system; however, the employee claimed that she kept the file containing her passwords in a locked electronic file on the employer's server and that, in any event, she never gave anyone at the employer permission to access her accounts. Had the employer required the employee to open and maintain a separate, business-related social media account, the outcome of the employer's summary judgment motion may have been different.

Use of Employment and Non-Solicitation Agreements To Protect Confidential Information

Employers should review not only their social media policies, but also their employment, confidentiality and non-solicitation agreements to ensure they address employee use of social media. As discussed below, employment agreements should contain a confidentiality clause addressing what the employee may and may not permissibly post on social media. Employment agreements should also discuss social media account ownership. Finally, employers should review the terms of their non-solicitation agreements to ensure they adequately address former employee contact with clients, customers and co-workers on social media.

Employment Agreements

Employers should consider updating these agreements to specifically include appropriate restrictions on the types of information that employees may post on social media. Employers likewise would be wise to state that any information available to the employee related to the employer's social media account, such as login and password information as well as the profile information of any contacts, is to remain confidential and may not be broadly shared. This may help the employer establish that it took sufficient measures to protect the confidential nature of this information in the event that the employer needs to establish in court that they are trade secrets.

Employers might also want to include in employment or confidentiality agreements a requirement that employees delete all employer-related sensitive information from any personal social media accounts upon termination of employment as well as a requirement that employees return login and password information for any employer-related social media account. Language of this kind helped the employer in Ardis Health LLC et al. v. Nankivell, 2011 WL 4965172 (S.D.N.Y. Oct. 19, 2011), obtain injunctive relief against a former employee who refused to turn over the company's login and password information for various social media and e-mail accounts. At the outset of her employment, the employee signed an agreement in which she promised to return all confidential information upon request. The court held that this agreement established the employer's right to the account information at issue and went on to issue a preliminary injunction requiring the former employee to relinquish it.

Non-Solicitation Agreements

Given the ease with which contacts may be made on social media, employers should ensure that the definition of “solicit” in their non-solicitation agreements includes former employees' social media contacts with clients, customers and co-workers.

Courts' Treatment of'Generic Social Media'Contact with Clients or Co-Workers

As discussed above, some courts have recognized that connections, followers and friends collected through an employer-affiliated social media account may be trade secrets. However, courts generally have not been sympathetic to attempts by employers to prevent former employees from making post-termination generic contact with former co-workers and customers through social media. For example, the court in NDSL, Inc. v. Patnoude, 2012 WL 6096584 (W.D. Mich. Dec. 7, 2012), denied a company's request for a preliminary injunction because its former employee's post-termination generic invitation to connect with the company's customer via LinkedIn was insufficient to establish that the solicitation was in violation of his non-solicitation agreement.

Similarly, in Pre-Paid Legal Services, Inc. v. Cahill , 924 F. Supp. 2d 1281 (E.D. Okla. 2013), a court denied an injunction to an employer who claimed that its former employee's Twitter invitations to former co-workers violated his non-solicitation agreement. As the court in Invidia LLC v. DiFonzo reasoned in finding that a hairstylist did not violate her non-solicitation agreement by “friending” eight of her former employer's customers on Facebook, “one can be Facebook friends with others without soliciting those friends to change hair salons, and [plaintiff] has presented no evidence of any communications, through Facebook or otherwise, in which [defendant] has suggested to these Facebook friends that they should take their business to her chair.” 30 Mass. L. Rptr. 390, 2012 WL 5576406 (Mass. Super., Oct. 22, 2012). The court in Invidia also found significant that the employer presented no evidence that the former stylist communicated to the former clients, through Facebook or otherwise, that they should take their business to her new employer.

Courts' Treatment of New Employment Announcements On Social Media

Courts have treated similarly employer claims that former employees' announcements on social media about their new employment violated the terms of the employees' non-solicitation agreements. In Pre-Paid Legal Services, Inc', discussed above, the court also denied the employer's request for a preliminary injunction to prevent its former employee from making general posts to his Facebook account touting his new employer's products and his satisfaction with his new employment, even though some of the employer's current employees were Facebook friends with the defendant and presumably saw his posts. 924 F. Supp. 2d at 1291-92. The court in Invidia similarly held that a post on defendant's Facebook page from her new employer announcing the defendant's new position was not a solicitation in violation of her restrictive covenant. 2012 WL 5576406, at *6.

Update the Definition of 'Solicit' in Agreements

Significantly, none of the agreements at issue in the cases discussed above specifically defined what it meant to “solicit” former customers or co-workers, nor did the courts address how their decisions might have differed if the non-solicitation agreements had done so. Given the proliferation of social media as a means of communication for both personal and professional purposes, employers may want to consider revising their non-solicitation agreements to specifically define “solicit” as including certain forms of contact on social media. Given that the law in this area is still developing, the extent to which courts will uphold such language and under what factual circumstances they might do so remains to be seen, but such specificity will at least serve as a reminder to former employees that communications through social media are in fact subject to their post-employment restrictive covenants.

Conclusion

It has become increasingly commonplace for employees to conduct their employers' business through social media, oftentimes blurring the line between their personal and professional lives. Employers cannot afford to take the risk that their confidential information will be an open book due to disclosure through social media. They also must ensure that the relationships developed on their behalf through social media remain protected as employees leave the company. While the law in this area is still developing, each year we can expect to see courts providing additional guidance on the appropriate ways in which employers can safeguard their business information and relationships. In the meantime, a well-drafted social media policy supplemented with employment agreements and non-solicitation agreements that specifically address the many issues that social media use in the workplace raises is the best tool employers have to protect their confidential information and relationships with customers, clients and current employees.

Marcia E. Goodman is a partner in Mayer Brown's Litigation & Dispute Resolution practice and serves as co-leader of the firm's U.S. Employment and ERISA Litigation Action Group. Lori Zahalka is an associate in the same practice.

'

'

'