"Attention Shareholders: Our Employees Are Quitting and Business is Bad"

The Challenges of Protecting Corporate Privacy Online

 

 
 
            For years, social networking sites liked LinkedIn, Spoke, or Plaxo have been touted as "acceptable" forms of employee social media use by employers. Lacking the features to showcase personal photos, interests, and other private details, these "professional" social media outlets offer a mild but certainly inoffensive way of participating in social networking on a professional level.  However, it may be these very characteristics that make professional social networking sites the single most informative – and potentially dangerous - tool that outsiders and competitors have about a company's activities. In today's climate, the evaporation of individual privacy has become commonplace, but the public disclosure of private corporate information poses unique risks that not all corporate decisionmakers may appreciate.

 

            As time has passed and technology progressed, professional social networking sites seem to be headed toward making public all of the inner workings of companies both across the U.S. and abroad.[1]  Contact and lead-generation builder Spoke has established a deeply integrated map of companies, their executives, and employees based on the collection and extraction of contact information from enterprise-level application such as Microsoft Outlook or Lotus Notes.  Comcast-owned Plaxo offers connection-based leads and referrals, but seeks primarily to store contact information for users and integrate them across multiple networks.  LinkedIn, the leader in professional networking sites, collects and discloses arguably the most information about companies through a combination of "Company Reports" as well as status updates regularly e-mailed to all of the "followers" of a company. Following a series of programming updates, LinkedIn now provides users the ability to access all kinds of information about companies, ranging from the identity and organizational structure of its executives[2], the education level of its workforce, attrition of departing employees (and where they are now) and comments posted by its employees – all with little or no control by the company or company public relations managers.  These are details that simply self-populate once users affiliate themselves with the company.  The amount of information that is publicly available about the most private details of corporations is truly staggering.[3] 

 

            The Blurry Line Between Personal and Professional Presences. Although the commonest examples of social networking uses involve Facebook, Myspace, or Twitter, the ability to manage employee use of these personal networking sites seem to pale in comparison to the challenges posed by professional networking sites. Because professional networking sites blur the lines between individual presence and the corporation’s professional existence, company decisionmakers and general counsel should at the least consider the plethora of legal issues that are raised when individuals promote themselves online or disclose information the corporation considers private:

           

·              Ruminations of an Individual or the Company Spokesperson?  Above all, social  networking sites do not contain any information about whether the company has reviewed or meaningfully approved the representations a user has made in the course of its affiliation with the company.  Even the way employees may joke in self-describing their job titles (“Corporate Gangster,” “Peon,” “Serf,” or “Plankton”[4]) can be humiliating to companies.  Public embarrassment aside, employees could also make representations in their professional networking profiles that are inaccurate, untrue, or overstatements – potentially leading to liability on the part of the employer. Representations made about the academic credentials[5], skill level, specializations, sophistication[6], or expertise of employees on professional networking sites, if inaccurate or misleading, could result in accusations of misrepresentation and increase potential liability on the part of the employer. These effects could be amplified if the profile shows apparent connection to the employer, or if such representations were made using company computers. 

 

·              Who Owns The Relationships? One of the most frequently-raised issues involving professional networking sites centers on the question of who “owns” the relationships the employee has formed with his or her list of contacts. These are hot-button issues in sectors where employees are placed in frequent and significant contact with clients, sales-oriented businesses or relationship- or referral-based industries. Companies may mistakenly believe that a general non-compete is enough to protect the employee from intentionally soliciting the company’s existing clients – but what about the employee’s mere act of updating his LinkedIn account, which automatically broadcasts to his contacts that he is now employed elsewhere? At least one court has found that simply notifying an employer’s clients of the employee’s change in employment constitutes solicitation.[7] In any scenario, companies must revisit their employment agreements to address these kinds of contingencies in specific and concrete ways. At least one Court has recently found that general non-disclosure language in an employment agreement does not bar that employee from contacting the employers’ employees, customers, and contractors – even for the specific purpose of pursuing a “relentless campaign to disparage the business through online posts and reports.”[8]

 

·              Binding the Employer. Employees' representations on LinkedIn and other professional networking sites are absolutely capable of binding their employers. For example, employees’ LinkedIn activities have sufficiently conferred personal jurisdiction/service on their companies[9] and affected determinations of the appropriate place for venue of a lawsuit.[10] Further, companies must be wary of the extent to which their employees’ activities online can be construed as action or omission on the part of the company itself.

 

·              Disaffiliation. Not only can employees self-affiliate themselves with companies on professional networking sites without the company’s approval, they can also be slow to de-affiliate.[11] If the employee then engages in actions or omissions while purporting to act under the authority of the company, the company may have no real way to correct facts about the employee’s status with the company.  

 

·              Mobile Uses. Problematic social media content is just as damaging coming from a mobile device or PDA as from the company computer.  Companies should thus address both proper and improper uses of company-issued PDAs, including the information that can be placed on them, how such information is used, and limitations on the personal uses of company-issued equipment. Equally important, the unauthorized disclosure of data located on mobile devices can be one of the most significant and arguably costliest kinds of catastrophes for a company and cause even larger data-security oriented consequences and headaches for business risk managers.

 

·              Oversharing Company Information. What do employees believe is permissible to share about the company or their activities? Although some companies may disallow employees from publicly disclosing their affiliation with the company, they may fail to set limits on the kind of information about their work activities that can be shared.  Even if an employee fails to identify their particular employer, such information could be obtained from other sources. Are employees permitted to publicly share information about the projects they are working on, the performance of the company, or their co-workers? Companies that have not addressed these issues could face problems should a dispute arise, as recent decisions appear to be making it harder for companies to prove they have adequately protected their confidential business proprietary and trade secret information, in light of the amount of information that is now publicly available on the Internet.[12]

 

            The Right Solution? The best way to handle the challenges of protecting corporate brand and reputation online is for company managers to thoughtfully assess with legal counsel the particular concerns and legal issues that may exist, so that solutions can be crafted and enforced. In most cases, companies have either no social media policies in place, or inadequate policies that do not address any number of potential risks that exist, including those identified above.

           

            Simple Is Not Always Best.  Some companies choose to craft well-intentioned “simple” or “1-page” social media policies in an effort to make it “easy to understand” for the benefit of their employees. Unfortunately, these kinds of policies can be so general that they lack basic information about the kind of information and representations that may be made by employees about their employment and the company, or may be so abstract so as to fail to effectively convey what is permissible and what is not. Employees are not philosophers, and it would be a mistake for companies to expect their employees to carefully weigh competing considerations and thoughtfully arrive at the right approach in exercising judgment on their tweets, posts and blogs. Arguably, the most offensive comments are usually heat-of-the-moment off-the-cuff remarks into which little thoughtful judgment may have been placed. Companies should thus avoid the problems that could come with uncertain language and be clear about their expectations and the rules.  Employees should not have to guess at determining what is and is not permissible.

           

To boot, it is arguably worse for companies to have vague and ambiguous social media policies than to have no social media policy at all – as any ambiguity will often be interpreted against the company, and courts could expect company policies to have been thoughtfully prepared and definite enough for uniform enforcement.           

 

            Not One Size Fits All. Again, employee policies and procedures may not lend itself to a “one-size-fits-all” approach, and depend significantly on the nature of the business, functions of the employees,  pervasiveness of technology in the workplace, and various other factors.  Companies and general counsel would be unwise to simply copy and paste from policies developed by others that fail to take these considerations into account.  Legal counsel should be consulted, and polices that may already be implemented should be revisited to consider new issues that may be pertinent due to the passage of time and advancements in technology.

 

            For information on assessing your company’s professional reputation, please contact Ice Miller’s Internet Technology, and Social Media team at info@theiceloop.com.  

 

This publication is intended for general information purposes only and does not and is not intended to constitute legal advice.  The reader must consult with legal counsel to determine how laws or decisions discussed herein apply to the reader's specific circumstances.

 

March 17, 2011

 


[1]  Sasqua Group, Inc. v. Courtney, 2010 WL 3613855 (E.D.N.Y. 2010) (demonstrating the ease of locating “names of the global head of foreign exchange businesses, the sales and trading head, regional heads, and specific traders” from Bloomberg, LinkedIn, Facebook, and Google searches). 

[2] Id.

[3] Id.

[5] Mohanty v. Bigband Networks, Inc., 2008 WL 426250 (N.D. Cal. 2008).

[6] Fensterstock v. Education Finance Partners, 611 F. 3d 124 (2d Cir. 2010) (Defendants argued that LinkedIn profile showed “unusual sophistication” on the part of the Plaintiff).

[7]  Merrill Lynch v. Schultz, 2001 WL 1681973 (D.D.C 2001).

[9] Universal Surface Technology v. Sae-A Trading America Corp., F Supp. 2d, 2011 WL 281020 (C.D. Cal. 2011).

[10] Rindfleisch v. Gentiva Health Systems, Inc., 2010 WL 3980182 (E.D.N.Y. 2010).

[11] Blayde v. Harrah’s Entertainment, Inc., 2010 WL 5387486 (W. D. Tenn. 2010). 

[12] Sasqua Group, 2010 WL 3613855 at *1.