Posted October 17, 2012
By Julia E. Judish, Thomas N. Makris, Amy L. Pierce and James G. Gatto
With the unprecedented popularity of social media, employees have increasingly used LinkedIn and other online forums to network for business and social purposes. When the line between personal and business use is blurred, litigation may ensue. A federal court recently ruled that an employer did not violate federal computer hacking laws by accessing and altering its recently departed CEO's LinkedIn account, but that the former CEO could proceed to trial on her state law misappropriation claim. In addition, California, Illinois, and Massachusetts recently joined Maryland in enacting laws prohibiting the practice of requesting access to prospective employees' password-protected social media accounts.
In Eagle v. Morgan, et al., Linda Eagle, former CEO of Edcomm, Inc. ("Edcomm"), filed a complaint in U.S. District Court in Pennsylvania alleging that Edcomm hijacked her LinkedIn social media account after she was terminated. While Eagle was CEO of Edcomm, she established a LinkedIn account that she used to promote Edcomm's banking education services, to foster her reputation as a businesswoman, to reconnect with family, friends and colleagues, and to build social and professional relationships. Edcomm employees assisted Eagle in maintaining her LinkedIn account and had access to her password. Edcomm encouraged all employees to participate in LinkedIn and contended that when an employee left the company, Edcomm would effectively "own" the LinkedIn account and could "mine" the information and incoming traffic.
After Eagle was terminated, Edcomm, using Eagle's LinkedIn password, accessed her account and changed the password so that Eagle could no longer access the account, and then changed the account profile to display Eagle's successor's name and photograph, although Eagle's honors and awards, recommendations, and connections were not deleted. Eagle contended that Edcomm's actions violated the federal Computer Fraud and Abuse Act ("CFAA"), Section 43(a) of the Lanham Act, and numerous state and common laws. In an October 4, 2012 ruling on the company's summary judgment motion, U.S. District Judge Ronald L. Buckwalter dismissed Eagle's CFAA and Lanham Act claims against Edcomm but held that Eagle had the right to a trial on whether Edcomm had violated state misappropriation law and other state laws.
The Eagle case is just one example of how the absence of a clear and carefully drafted social media policy can lead to protracted and expensive litigation. This area of law appears to be garnering increasing attention on the legislative front as well as the judicial front, as three more states recently enacted laws prohibiting employers from requiring, or in some cases even requesting, access to prospective employees' social media accounts. The attached chart includes more detail about the California, Illinois, Massachusetts and Maryland laws and the provisions of similar legislation pending in the various states and in the U.S. Congress.
A common theme connects the Eagle case with the recent password access legislation: the importance of defining the lines of ownership and demarcating the boundary between the professional and the personal. If Edcomm, for example, had established a LinkedIn account for its CEO's use and had asserted its property interest in the account at the outset of the employment relationship, Edcomm's CEO would have had no reasonable expectation of ownership in it. Under that scenario, Edcomm likely would not be facing trial on a misappropriation claim. Similarly, the social media password legislation definitively declares that employers and prospective employers have no right to access the social media accounts that applicants and employees have established for their personal use.
In addition, as explained in our recent Client Alert on enforcement actions under the National Labor Relations Act in connection with employer discipline of employees for social media postings, employer responses to employee use of social media can also result in government agency action against employers. These developments all point to the same message: employers wishing to avoid legal risk should be proactive in implementing well-defined policies and procedures relating to the LinkedIn, Pinterest, Twitter, Facebook and other social networking and media accounts of prospective, current and former employees, including clearly identifying rights to those accounts when the employee leaves the company.
A PDF version of this article can be found here, which includes a chart summarizing State and Federal Social Media Bills.
To read prior Client Alerts related to this subject, click on the links below:
Client Alert, First NLRB Decisions on Social Media Give Employers Cause to Update Policies, Practices
Client Alert, Employ Me, Don't Friend Me: Privacy in the Age of Facebook