By: L. David Russell
Law360, New York (January 28, 2015, 9:27 AM ET)
Just as individuals use social media websites to create and foster relationships, businesses too are utilizing social media to engage and connect to new and existing customers. Indeed, over 70 percent of Fortune 500 companies now maintain a Twitter or Facebook account. Like their human counterparts, companies are actively blogging, tweeting, updating their Facebook pages, and posting videos and comments on YouTube.
Imagine you are the social media manager of such a media- driven company, Tech-Y. You oversee Tech-Y’s Facebook, Snapchat, Instagram, YouTube, Pinterest, Foursquare and Twitter activity. You personally choose which images and descriptors populate Tech-Y’s social media profiles, you interface directly with consumers on behalf of Tech-Y, and you filter and respond to the customers’ online inquiries and comments. Through your careful monitoring of Tech-Y’s social
media pages, you inevitably imbue the company’s online identity with traces of your own personality. During the course of your employment, Tech-Y’s social media presence grows to reach legions of new fans. In fact, your success as a social media manager attracts the attention of a competing company that presents you with an enticing offer of employment. As you prepare to leave Tech-Y to work for its competitor, you wonder: Who owns the social media accounts that you worked so hard to cultivate — you or your employer? Are your current employer’s social media followers yours to take to a new job?
Framing the Legal Claim
The court in PhoneDog v. Kravitz, No. 11-03474, 2011 U.S. Dist. LEXIS 129229 (N.D. Cal. Nov. 8, 2011), faced a similar factual scenario. In this case, plaintiff PhoneDog operated a reviews and recommendations website for mobile products. Id. at *3. Defendant Noah Kravitz worked as a product reviewer and blogger for PhoneDog, which created a Twitter account by the name of @PhoneDog_Noah for Kravitz. Id. at *2-3. Tweeting under this moniker, Kravitz generated 17,000 Twitter followers. Id. at *3. PhoneDog alleged that when Kravitz left the company, he refused to give up the Twitter account and password. Id. According to PhoneDog, Kravitz changed the account handle to @noahkravitz and continued to use the account in his new employment. Id.
PhoneDog filed a lawsuit against Kravitz, alleging that the compilation of Twitter followers and password used to access the Twitter account constituted trade secrets. Id. at *1. Since Kravitz now worked for a competitor, PhoneDog argued that Kravitz’ continued use of the account amounted to trade secret misappropriation. Id. at *16. Based on its estimation that each Twitter follower was worth $2.50 per month, PhoneDog alleged that it suffered at least
$340,000 in damages. Id. at *8. At the pleading stage, the court held that PhoneDog sufficiently alleged misappropriation of trade secrets and conversion claims under California law, and denied Kravitz’s motion to dismiss. Id. at *19-20. Importantly, the court held that cursory allegations regarding the Twitter account and password “sufficiently described the subject matter of the trade secret with sufficient particularity.” Shortly thereafter, the case settled.
The court in Ardis Health v. Nankivell, No. 11-5013, 2011 U.S. Dist. LEXIS 120738 (S.D.N.Y. Oct. 19, 2011), was confronted with a similar scenario. In Ardis, an employee retained log-in information for the employers’ social media and email accounts after her termination. Id. at
*2-3. The employer filed a lawsuit alleging numerous claims, including claims for conversion and civil theft. Id. at *1. The employer also moved for a preliminary injunction asking that its former employee return the log-in information for the employers’ accounts. Id. The court entered the requested preliminary injunction, reasoning that the former employee’s “unauthorized retention” of the account information likely constituted a meritorious conversion claim under New York law. Id. at *8-9.
In another recent case, Maremont v. Susan Freedman Design Group, 2014 U.S. Dist. LEXIS 26557, *3-7 (N.D. Ill. 2014), the tables were turned: a marketing director sued her former employer for unauthorized use of her allegedly personal social media accounts while she was on temporary medical leave. In this case, employee Jane Maremont was hired to develop and run social media campaigns for her employer, an interior design firm, via Facebook and Twitter. Id. at *3. In addition to blogging on the firm’s website, Maremont used her own personal Twitter and Facebook accounts to promote her then-employer. Id. That Twitter account was created in her name, @jmaremont. Id. Maremont also created a company Facebook page through her personal Facebook account. Id. at *4. To keep track of the various social media campaigns, Maremont kept an electronic spreadsheet listing all of the log-in information on her work computer. Id. at *4-5.
When Maremont took medical leave from her job, her colleagues used the log-in information to access and continue to update the social media campaigns on behalf of the firm. Id. at *5. In Maremont’s absence, the firm made 17 posts to her Twitter account and accessed the company Facebook page via Maremont’s personal Facebook page. Id. at *6-7. Maremont filed suit against her former employer and colleagues alleging that their use of her social media accounts violated the Lanham Act and the Stored Communications Act (“SCA”). Id. at *1. After discovery, the defendants moved for summary judgment. Id.
The court held that Maremont’s SCA claim could not be summarily adjudicated. Id. at *24-25. Observing that the SCA had been enacted to protect against hackers gaining access to electronic communications, it recognized that the SCA provided “a private cause of action for unauthorized, intentional access to communications held in electronic storage.” Id. at *19.
After reviewing the conflicting evidence, the court determined that there was sufficient evidence that the defendants accessed Maremont’s social media accounts without permission. Id. at *28. Specifically, the court cited Maremont’s testimony that (1) her password lists were kept in a secured folder, (2) she never gave her former employer or former co-workers permission to access her accounts, (3) and she specifically instructed two of the other defendants to refrain from accessing her social media accounts. Id.
Maremont’s Lanham Act claim did not fare as well. While the court found that a reasonable jury could determine that Maremont had a commercial interest in her Twitter and Facebook accounts, it noted that there was no evidence indicating that the unauthorized access of her account caused financial injury. Id. at *12-13, 16. Accordingly, the court granted the employer’s motion for summary judgment on the Lanham Act claim. Id. at *19.
While appellate courts have not yet weighed in, trial courts have shown a willingness to protect an owner’s interest in its social media accounts, and a flexibility to find that these claims can be stated both as state tort claims and as claims under federal law. As more cases like these are brought to court, we expect that the legal theories utilized by litigants — and found cognizable by the courts — will become more uniform.
The Legislative Response
As courts continue to face novel questions involving an employee’s personal and business use of social media accounts in the workplace, state legislatures, too, have recognized the need to delineate employees’ and employers’ rights.
Twenty-eight state legislatures have introduced legislation addressing the privacy of an employee’s personal social media password. Five states, including California, have enacted legislation fortifying an employee’s privacy rights in connection with his or her social media accounts. In 2012, the California Legislature passed A.B. 1844, which prohibits employers from requiring an employee to (1) release his username or password for any personal social media account; or (2) access a personal social media account in the presence of the employer. Cal.
Lab. Code § 980.
This legislation, however, may not provide a complete solution. California’s legislation categorizes social media accounts as either exclusively “personal” or exclusively “business.” In many cases, social media accounts do not fit neatly into either category. Take Katy Perry, for example — one of Twitter’s most popular users. On a personal level, Katy Perry uses her account to communicate with her friends and family. A public figure like Perry, however, also uses her Twitter account for business purposes, such as promoting her latest concert, song or album. California’s law fails to provide clear guidance on the privacy rights of individuals who operate these multipurpose “mixed accounts.” Additionally, while clarifying an employee’s rights with respect to his or her personal social media usage, California’s social media law does not address a business’ rights when its employees refuse to turn over arguably business- focused social media account information.
Precautionary Measures for Companies
Despite the lack of certainty in the case law and the gaps in the legislative solution, companies have the ability to protect themselves from employees who assert ownership rights over corporate social media accounts. For example, companies can include explicit social media ownership clauses in their standard employment contracts to protect important online marketing assets.
Clear ownership clauses in employment agreements will help companies avoid or prevail in lawsuits that contest the ownership of social media accounts and passwords. Employers in California, for instance, should specify that the employees tasked with social media responsibilities are marketing the company brand within the scope of their employment, and that these accounts are not “personal” accounts within the meaning of the California social media statute. Employers should also establish their dominion over the log-in credentials of business-related social media accounts — by regularly changing the log-in credentials to maintain their secrecy, disseminating the credentials to a closed group of employees on a strict, need-to-know basis, and promptly changing the passwords whenever an employee who had access an account leaves the company. As enthusiasm for social media-based marketing continues to mount, these precautionary contractual measures and strict company policies will become increasingly critical for companies to protect their social media footprints.
—By L. David Russell, Nary Kim and Mara Ludmer, former associates at Jenner & Block LLP
© 2003-2015, Portfolio Media, Inc.
- - - -