Patent, registered trademark, and copyright owners generally enjoy the presumption that their invention, registered mark, or work is automatically protected under federal law and that they will have a cause-of-action against an alleged unauthorized user (i.e. infringer) in federal court. Three recent cases drive home the point that trade secret misappropriation plaintiffs, on the other hand, do not enjoy the automatic presumption that the alleged misappropriated information is protectable under the law. That is, the plaintiff must first establish that the misappropriated information was actually a trade secret as our previous trade secret blogs have emphasized. Key factors routinely used by the courts in determining whether the information constituted a trade secret include: 1) the degree of accessibility of the alleged misappropriated information to the defendant(s); 2) the steps take by the plaintiff to limit access; and/or 3) the accessibility of the alleged misappropriated information to the public (i.e., was the information publically available?).
Prevention of trade secret theft has become increasingly difficult during the computer age where employees more often than not have access to company computers, networks, and important proprietary and confidential business information, including trade secret information, on computers. By a simple push of a button, a disgruntled or departing employee may be able to copy valuable business information from the company’s computer systems by using, for example, a portable USB device, e-mailing the valuable information to a personal e-mail, or logging into a password protected computer system. In the old days, employees who were intent on absconding with confidential information would generally have to do so on-site. Now laptops and mobile phones have made it easier than ever to access company information from virtually anywhere. Moreover, the employee who is intent on absconding with confidential information may even use computer wiping software to try and cover his/her tracks.
One type of potentially valuable business information that did not exist even as recently as a few years ago involves social media accounts through which employees may be promoting their company’s services and/or products. A current hot legal topic is whether social media accounts may constitute trade secrets. Three recent cases leave open the possibility that such accounts may qualify for trade secret protection depending upon the surrounding circumstances.
For example, in Christou v. Beatport, LLC, 849 F. Supp., 2d 1055 (D. Colo. 2012), the defendant had been hired by the plaintiff to promote its multiple nightclubs, through among other means, social media, including Myspace. The defendant eventually left his job to open competing nightclubs. The plaintiff alleged that defendant had misappropriated its Myspace list of “friends” as well as login information for profiles on Myspace, both of which were trade secrets.
Defendants in a trade secret misappropriate case will often file a motion to dismiss on the grounds that the information does not constitute a trade secret, or in other words, that the plaintiff will not be able to meet the threshold issue for maintaining the lawsuit. Indeed, the defendant in Christou filed a motion to dismiss, contending that the plaintiff’s Myspace “friends” list was public information because the “friends” information was available for all to see on a worldwide basis.
In finding for the plaintiff at this early stage of the case, the U.S. District Court for the District of Colorada relied on the following factors set out by the Tenth Circuit in determining whether or not the plaintiff’s “friends” list could indeed merit protection as a trade secret:
- Whether reasonable steps were taken to protect the secrecy of information;
- Whether access to information was restricted;
- Whether employees knew customers’ names from experience;
- Whether customers commonly dealt with more than one supplier;
- Whether customer information could be readily obtained;
- Whether customer information is readily ascertainable from outside sources;
- Whether the owner of the customer list expended great cost over a considerable amount of time to develop the files; and
- Whether it would be difficult for a competitor to duplicate the information.
In particular, the court noted that “friends” lists or contacts on social networking sites are actual customers who are actual and not potential customers. Also, a business that acquires friends or contacts via a social media site is acquiring personal information as well as contact information for these friends/contacts. Under Factor no. 6, such information is not readily ascertainable from outside sources and is therefore not readily available information.
Moreover, the plaintiff had itself secured the Myspace profiles for its “friends,” and also taken reasonable steps to limit employee access to the profiles through passwords that were only given to those employees who required access to promote the nightclubs as part of the job. The plaintiff thus had taken steps to protect the secrecy of the information and restrict access to the information as required under Factors no. 1 and 2.
Finally, applying Factors 7 and 8, the court noted that the plaintiff had incurred some costs and expended some effort in developing its social network accounts, the defendant had been hired in part to maintain the Plaintiff’s lists and profiles, and that the defendant would not have been able to duplicate the Myspace lists with ease or within a short time frame on his own.
By denying the defendant’s motion to dismiss, the Christou court left open the possibility that the Plaintiff’s “Myspace” friends list could be a trade secret. The order denying dismissal of the case may well mean that courts recognize that the law needs to consider the technological reality of today’s business world. No longer are we dealing with the situation where trade secret misappropriation involves absconding with hard copies of documents, records, data bases, etc. stored in a locked file cabinet.
Now, what about other types of social media accounts involving employees? In PhoneDog v. Kravitz, No. C11-23474 MEJ (N.D. Cal.), a Twitter account was involved. Here the defendant, as the plaintiff’s employee, had maintained the Twitter account “@PhoneDog_Noah,” as part of his job-related duties. After his employment ended, the defendant kept both the account and the password to the account, changed the display on the account to his name, and removed any reference to PhoneDog. At the time of the defendant’s actions, about 17,000 Twitter followers were at stake.
In his motion to dismiss, the defendant argued that the followers on the plaintiff’s Twitter accounts were available to the public at all times and thus could not be a trade secret. The court held that the defendant’s argument was premature and denied the motion to dismiss.
Although the defendant’s motion to dismiss was denied in both Christou and PhoneDog, whether or not social media account information will be found to constitute a valuable trade secret remains unclear. In deciding this issue, courts will be using factors previously established long before social media became an important marketing tool and perhaps one of the most “looked-to” factors will be whether the information is easily derived from public information.
Linkedin is another popular social media website that is used by millions of professionals across the globe. With LinkedIn, the posted information generally involves “resume” types of information. The LinkedIn member’s profile does not generally promote a particular company, but instead generally list’s the member’s current and past places of employment, education, etc. In contrast to the Christou and PhoneDog cases, the court in the recent Eagle v. Morgan, et al., 2011 WL 6739448 (E.D. Pa. Dec. 22, 2011) case found that the alleged trade secret information available on the social media site Linkedin did not constitute trade secret information because the information was generally known in the wider business community or capable of being easily derived from public information. But here’s the interesting difference between the Eagle case and the Christou and PhoneDog cases: In Eagle, it was the corporate defendant (Edcomm) who alleged misappropriation of trade secrets by the plaintiff in a counterclaim.
The Eagle case involved Linkedin account ownership issues. The plaintiff, Dr. Linda Eagle, was the founder of Edcomm, Inc. and during her tenure created a LinkedIn page that she used to promote herself and Edcomm. Edcomm was eventually sold, and Dr. Eagle was terminated. The new owners changed Dr. Eagle’s Linkedin password, removed her name and picture from the Linkedin profile page, and represented that Dr. Eagle had actually resigned from the company. Inexplicably, the new owners then edited her profile page by replacing most of it with its interim CEO’s information while retaining Dr. Eagle’s “honors and awards” section and custom Linkedin URL. This means that anybody searching for “Linda Eagle” on Linkedin would have been directed to her now altered profile that contained information on Edcomm’s new CEO. Edcomm also changed her password which had been made available to the new owners through Dr. Eagle’s former co-worker who had assisted Dr. Eagle in maintaining her Linkedin Account.
Dr. Eagle subsequently brought a lawsuit against Edcomm with counts ranging from misappropriation of publicity to tortious interference with contract. Edcomm countered with, inter alia, allegations of trade secret misappropriation, misappropriation of an idea and unfair competition. The court found in favor of Dr. Eagle on several counts at trial, but in the long run she hardly won because the court declined to award damages.
As discussed above, Edcomm’s trade secret misappropriation counterclaim was dismissed early on. Although the court denied Dr. Eagle’s motion to dismiss Edcomm’s remaining two counterclaims, the court eventually sided with Dr. Eagle on both remaining counterclaims.
The court’s denial rationale for the two remaining counterclaims is instructive beause of its comments concerning the lack of Edcomm’s documentation to prove its own allegations. Edcomm’s new owners had argued that it decided to use LinkedIn as an indispensable sales and marketing tool and initiated a process by which its management would approve of the content of Edcomm employees’ LinkedIn accounts, and thus invested substantial time and effort into its employees’ LinkedIn account and their development of contacts on those accounts. Thus, Dr. Eagle’s act of taking back her account constituted misappropriation of an idea owned by the company.
The court found that Edcomm never had a policy requiring its employees to use LinkedIn, never paid for its employee’s LinkedIn accounts, and did not dictate or review the content of any of its employees’ accounts. Moreover, Edcomm failed to prove that Dr. Eagle’s contacts list was developed and built through the investment of the company’s own time and money as opposed to Dr. Eagle’s own time, money, and extensive past experience.
The court also denied Edcomm’s unfair competition claim that Dr. Eagle improperly misappropriated the content and connections of the LinkedIn account and improperly used the content to compete with Edcomm. Because Edcomm rested its unfair competition claim on its failed misappropriation claim, the court found in favor of Dr. Eagle for both remaining counterclaims.
So what exactly do these three cases tell us? First, whether or not social media contacts constitute a valuable trade secret is still up-in-the air. It is true that the Eagle court found that LinkedIn connections do not constitute trade secrets. However, in the Eagle case, the individual accused of trade secret misappropriation had not been hired to provide social media marketing services as in the Christou and PhoneDog cases. Also, the court may well have been swayed by some of defendant Edcomm’s (the trade secret misappropriation claimant) own questionable tactics that in a sense constituted a social-media “bait and switch” maneuver to attract new LinkedIn connections through a well-respected former owner who was no longer with Edcomm. The edited profile was misleading and seemed calculated to attract Dr. Eagle’s existing connections, developed solely by her, as potential customers/clients by keeping Dr. Eagle in the loop so to speak.
Therefore courts may well still go through a detailed factual inquiry using the type of factors, relied on, for example by the Christou court rather than simply conclude that any and all social media contacts do not constitute trade secrets. As with non-social media trade secret jurisprudence, courts will likely continue to look at whether the employer took steps to protect access to the social media accounts set-up on the employer’s behalf. As for the factor related to the time and money spent on developing the social media-related trade secret, it must be noted that social media marketing is a relatively quick and inexpensive way of promoting a business and developing followers/contacts. Thus Factor 7 of the Tenth Circuit’s list of factors for establishing whether the alleged misappropriated information was indeed a trade secret may necessarily need to be focused on the average number of and cost of employee hours expended on maintaining, editing, and promoting the social media account to both establish new contacts and maintain existing contacts.
Even if social media contacts/friends, etc. should be found to constitute a trade secret, thereby meeting the threshold issue of whether or not the trademark misappropriation case has any teeth, these types of lawsuits are expensive and time-consuming, and damages can be difficult to prove. To try and avoid costly litigation, an employer is well-advised to take proactive steps to address the ownership of social media accounts. These steps begin with written agreements, employee handbooks, and a written policies governing social media usage by the company’s employees. These documents will alert the employee as to the employer’s expectations concerning the usage of social media by the employee and may prove useful should the employer learn that the employee, either during his/her period of employment, or afterwards, has accessed the employer’s social accounts in a manner violating the terms of the signed documents. The employee who has signed such documents will have a hard time pleading ignorance as to social media contacts ownership.
In addition, such documents may well allow the employer to establish that steps had been taken to limit access to the valuable information the employer is claiming as a trade secret. Indeed, one of the factors courts typically look at to determine if the subject matter in a trademark misappropriation case actually constitutes a trade secret is whether the plaintiff in such a case actually took steps to limit access to the subject matter at issue. As the Christou and Edcomm cases demonstrate, this factor will continue to be an important consideration in the age of the Internet and social media marketing.
The following list of suggested document provisions is not intended to be exhaustive, but merely suggestive of the types of proactive approaches employers should consider and implement to protect their social media accounts from potentially detrimental usage by former employees. Employees should be required to sign the agreements/documents as a condition for employment and presented with a copy of any signed agreement should they become voluntarily or involuntarily separated from the employer. The employer should retain the original signed document in the employee’s file. Employers may even consider providing training to new employees and refresher sessions to all employees on an annual basis.
Indeed companies that hire employees to engage in R&D (e.g., the development of software, a medical device, etc.) have typically required that such employees sign an agreement as a condition for employment that any and all potentially valuable intellectual property (patentable, copyrightable, and/or trade secrets) developed during their employment belongs to their employer. Now, given the explosion of social media as a marketing tool today used by virtually every business, whether a multi-national company or a small business, every business should have in place documents that govern the ownership and handling of their social media accounts for all employees from the day the employee commences employment.
A. Social Media Account Ownership in General
This agreement, applicable to any and all employees, should state that the employer owns its social media accounts and on-line personas created and/or associated with the accounts, including all existing, specified accounts and any accounts it may choose to establish in the future. Moreover, employees are prohibited from accessing the employer’s social media accounts and making or posting comments and any type of information on behalf of the employer, whether disparaging or favorable. This agreement is intended to put the employee on alert that the employer is “in charge” of the management of any and all information that appears in social media accounts involving the employer.
This general agreement should also contain non-competition and non-disclosure and/or confidentiality provisions stating in effect that the employees shall not disclose social media accounts to a third party nor use said social media accounts to compete with the employer. Although courts may find that social media accounts do not quality for trade secret protection, a non-competition and confidentiality agreement signed by the employee may offer a way for the employer to pursue legal action on breach of contract grounds. The agreement should also provide for injunctive relief.
B. Social Media Account Issues for Employees Who Will Have Access to the Employer’s Social Media Accounts in the Course of Their Employment
In both the Christou and Phonedog cases, the employee-defendants had been charged with job responsibilities requiring access to their respective employer’s media accounts. Neither employer apparently had an agreement governing the employer’s social media account practices in place. In addition to containing the provisions discussed in Part A, the social media agreements with this type of employee should state that the employer will assign the password and username for the account and that the employee shall only access the social accounts using the assigned password and username. Other suggested provisions are the following:
Any online persona to be created by the employee must be authorized by the employer.
- Employer is the owner of the social media account and any online personas created or associated with those accounts.
- Any username and password and any online personas (e.g., PhoneDog_Noah) etc. created during the course of employment must be relinquished at the end of employment.
- The employer may at any time change the username and password, and any other privacy setting without prior notice.
- The employer has the right to terminate access to the social media accounts at any time without notice.
- The employer retains the right to access, control, and monitor the employee’s use of the employer’s social media via smartphones, desk-top computers, laptops, etc.
- Violation of the agreement (e.g., not obtaining authorization in changing information appearing on employer’s social media accounts) may result in immediate termination.
- Employees are not to provide their user name and password to any other employee, including secretaries and assistants. The username and password are employee specific and the property of the employer.
It is also suggested that employee-specific agreements specify the reason why the employee is being granted to social media accounts under the terms of the agreement. That is, how does this access relate to his/her specified job function?
C. Some Additional Tips
Employers who have a made a decision to lay off or fire and employee should have a plan in place to immediately stop the employee from accessing any company information, including social media accounts, via an electronic device. For larger companies, this means that the HR and IT departments need to coordinate their activities so that the fired employee’s password and user name are “wiped” from the system. For smaller companies, this may mean hiring an IT professional to accomplish this objective.
For those employees who tender their resignation, typically with a two week notice, each business will have to determine if that particular employee should be allowed to stay around for those two weeks and/or continue to have access to company information stored on computers. The employer, upon receiving the resignation, may, at that point, delete the employee’s password and user name from the system as a precaution particularly if the resigning employee had access to confidential information. In addition, the employer may cause to have reviewed the employee’s most recent computer activity prior to the resignation.
The foregoing focuses on “civil action” trade secret misappropriation. Although trade secret protection has generally been a creature of state law, the federal Computer Fraud and Abuse Act (18 § U.S.C. 1030) is being increasingly used plaintiffs to get a civil trade secret misappropriation case (including both the federal and additional state law claims) heard in federal court. As will be discussed in a future blog, however, there is disagreement among the circuits concerning the requirements for establishing violation of this act by the plaintiff. Therefore the usefulness of this act from the trade secret misappropriation plaintiff’s perspective may well depend upon the jurisdiction where the lawsuit is commenced.
Despite the availability of a potential federal cause of action for trade secret misappropriation, employers are nevertheless advised to be proactive in protecting their valuable confidential information. As the addage goes, an ounce of prevention is worth a pound of cure.
Disclaimer. The foregoing information is not legal advice, nor should you consider it as such. It is for informational purposes only and your reading of this blog does not constitute an attorney-client relationship between you and Troy and Schwartz, LLC and/or any of the attorneys at Troy & Schwartz, LLC. Should you be considering legal action, you should consider consulting with an attorney of your choosing.
