Information behaving badly: the struggle to protect client data in the social media age
Social media has revolutionised the way many businesses work, including the organisation of client contacts and other communications. As the use of sites such as LinkedIn becomes more widespread, employers may find it harder to control their client lists and ultimately to protect their business from departing employees set on poaching clients. In a recent study in the US, six out of 10 employees admitted that they had taken company data (such as client lists) on their departure.
March 15, 2011 at 07:06 AM
7 minute read
David Williams and Kathryn Dooks outline why law firms are finding it harder to protect themselves from departing partners poaching clients as social media use becomes widespread
Social media has revolutionised the way many businesses work, including the organisation of client contacts and other communications. As the use of sites such as LinkedIn becomes more widespread, employers may find it harder to control their client lists and ultimately to protect their business from departing employees set on poaching clients. In a recent study in the US, six out of 10 employees admitted that they had taken company data (such as client lists) on their departure.
Many employers actively encourage their employees to use sites like LinkedIn. On the site, members connect with each other and can share lists of their connections on their profile page. LinkedIn results in employees posting lists of clients and prospective clients in a public domain. In businesses where client confidentiality is key (for example, in the legal profession) this is clearly problematic. When an employee leaves his employment, he can quickly update the website to show that he has moved and inform all of his contacts that he has done so. This obviously makes it much easier for employees to attempt to poach clients following the termination of their employment, so to what extent can employers protect themselves?
Confidentiality
An employer may be able to argue that its client list is confidential and that the employee has misused or disclosed it in breach of their express or implied duties under their contract of employment.
In Hays Specialist Recruitment v Ions, Hays applied for an order for pre-action disclosure against a former employee, Ions, to establish whether he had migrated details of business contacts from the Hays client list to LinkedIn. Ions argued that Hays encouraged him to use LinkedIn so it had, in effect, consented to this migration. The High Court held that Hays had reasonable grounds for considering that it might have a claim against Ions in relation to the transfer of confidential information to his LinkedIn account and ordered pre-action disclosure against Ions. It is unclear how the matter progressed as no further hearings have been reported (suggesting the parties may have settled the matter). However, the court was willing to entertain the possibility that Ions had potentially misused Hays' confidential information by migrating details from the database onto LinkedIn.
If the contacts are only located on LinkedIn and have not been migrated from a confidential database, it is difficult to see how an employer could argue that they are confidential, given that when a connection is made with another contact on LinkedIn, that individual can view the employee's full list of connections. In a situation like this, it may be easier for an employer to rely on some of the other remedies/protections set out below.
Database rights
The client list may amount to a database under the Copyright and Rights in Database Regulations 1997. However, a database right only arises if there has been "a substantial investment in obtaining, verifying or presenting the contents of the database".
In the case of the British Horse Racing Board Limited v William Hill Organisation, the European Court of Justice held that a database containing the times, dates and locations of horse races together with a list of runners and riders and gate numbers for each race did not require sufficient investment by the British Horse Racing Board to be afforded protection under the regulations.
It is therefore questionable whether adding individual contacts to, say, Outlook or LinkedIn over a period of time will be sufficient. In Pennwell Publishing (UK) Limited v Ornstein, Ornstein was a trade journalist who, when he joined Pennwell, had his own Excel spreadsheet containing contacts from his previous employment. He added these contacts to Pennwell's Outlook list and did not maintain any separate list. On his departure, the question was whether Pennwell owned the list and could prevent him from taking it elsewhere. The High Court held that when Ornstein put his own list of contacts into Pennwell's Outlook list, he had created a new database which belonged to the employer; therefore he could not take his contacts with him. If he had maintained a separate list of pre-existing contacts on his own computer he would have been able to take these contacts.
However, Ornstein did not try to argue that the contacts in Outlook were not a database under the regulations. A different outcome may have resulted if such an argument had been put forward, given that there may not have been a 'substantial investment' in the creation of the Outlook list.
IT policy
In Pennwell, the judge recommended that employers should put in place an email or IT policy requiring employees to keep any personal contacts separate from their business contacts within Outlook. Certainly, a comprehensive IT policy which incorporates policies on the use of email contacts lists and LinkedIn or similar sites is a useful tool.
The employer could also consider going through lists of contacts on, for example, LinkedIn on termination and requiring the employee to delete any contacts which are client contacts. There is a question as to the employee's right to privacy here, particularly if they have private contacts to whom they are connected on LinkedIn as well as client contacts. Also, it is doubtful how effective this would be, as it is very easy for the employee to reconnect with the client contact shortly afterwards.
Restrictive covenants
For this reason, where a business genuinely requires protection from ex-employees on termination, the best solution for employers may well be to include a non-dealing restrictive covenant in the employee's contract of employment. This would prevent the employee from having any dealings whatsoever with a client for a period following termination, including, for example, making connections with them on LinkedIn and attempting to solicit business from them. It would also prevent them from speaking to a client if the client contacted them unsolicited.
As with all restrictive covenants, the remedy for breach is for the employer to obtain an injunction for specific performance. In order to do so, the employer must be able to show that the covenant goes no further than is necessary to protect the company's legitimate business interests. The duration and scope of the covenant are relevant in determining this and should therefore vary depending on the seniority of the employee, the nature and location of their role, the lead time for new business and how quickly a client contact will go stale.
Investigation
Employers should seriously consider a forensic investigation of its IT systems where wrongdoing is suspected. In addition, the employer may be able to obtain an order for a pre-action disclosure, delivery of documents or for inspection of computers (including the employee's home computer) in order to gather evidence of the wrongdoing. While technology and social media are making it easier for employees to walk away with client lists and other confidential information, it is also becoming easier for employers to detect such actions by employees.
Using a combination of the protections and remedies set out above should protect employers, but given the pace of development of technology and social media it is important to keep policies and practices under review and to make sure that they are implemented properly and monitored carefully. A few simple steps can avoid considerable pain and expense down the line.
David Williams is head of employment and Kathryn Dooks is an associate at Kemp Little.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrump and Latin America: Lawyers Brace for Hard-Line Approach to Region
BCLP Mulls Merger Prospects as Profitability Lags, Partnership Shrinks
Trending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250