Posted on October 26, 2010 by Richard L. Santalesa

Is Social Networking Disclosing Your Trade Secret Customer Lists?

It was inevitable. First came social networks, then came the lawsuits: In the e-discovery context, in impeachment situations (Ledbetter v Wal-Mart Stores Inc.(06-cv-01958-WYD-MJW) (D Colo April 21, 2009); Mackelprang v. Fidelity Nat’l Title Agency of Nevada, Inc. (D. Nev. 2007); and Beye v. Horizon Blue Cross Blue Shield (D. N.J. 2006)), in the tort context (Wolfe v. Fayetteville, Arkansas School, 600 F.Supp.2d 1011 (W.D. Arkansas 2009)), as to how much privacy settings matter, on passwords and access, and this list represents merely the proverbial tip of the issues iceberg.

One issue still bobbing below the surface, as it appears there are no fully tried cases on the matter as of this writing, is disclosure of trade secrets, such as a client/customer list, through use of social media and social networking.

The Uniform Trade Secrets Act (“UTSA”) has served as a model for the enacted Trade Secret Acts of 46 states and the District of Columbia.  Massachusetts, New Jersey, New York, and Texas have not enacted a UTSA-model act – although the legislatures of Massachusetts, New York and New Jersey each introduced UTSA-based legislation in 2010. Under the UTSA a "trade secret" is defined as:

“information, including a formula, pattern, compilation, program, device, method, technique, or process, that: (i) derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and (ii) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.” (emphasis added).

See also Trade Secrets: A State-by-State Survey, Third Ed., with 2010 Cumulative Supplement; 18 U.S.C. 1839 (defining trade secrets for purposes of the Economic Espionage Act of 1996, which makes theft or misappropriation of a trade secret to benefit a foreign power or related to a product that is placed in interstate or foreign commerce a federal crime).

Various states expressly include a “customer list” in their UTSA’s definition of “trade secret.” (See Network Telecomms v. Boor-Crepeau, 790 P.2d 901, 902 (Co. 2010) (noting a trade secret under Colorado’s UTSA, Colo.Rev.Stat. Ann. § 7-74-102(4), includes the listing of names, addresses, or telephone numbers, or other information relating to any business or profession which is secret and of value); Industrial Insulation Group, LLC v. Sproule, 613 F. Supp.2d 844 (SD Texas 2009) (referencing Pennsylvania’s USTA, 12 Pa. Cons. Stat. Ann. 5301 et seq., which includes customer lists)).

However, even if a state’s UTSA does not expressly include customer lists in a provided definition such “low tech trade secrets” are routinely held by courts to fall within trade secret protection, under either UTSA-based or pre-UTSA common law as detailed by the Restatement (Second) of Torts §757. Section 757, Cmt. B specifies that “a trade secret may consist of any formula, pattern, device or compilation of information which is used in one's business, and which gives him an opportunity to obtain an advantage over competitors who do not know or use it.” A customer list readily qualifies under this definition.

Regardless of whether the applicable source of a trade secret’s protection is state statutory or common law, key issues as to whether a party may successfully claim protection for a trade secret depend on a threshold fulfillment of requirements, among others, that the materials do in fact qualify as actual trade secrets because they hold independent economic value, since they’re not widely known outside the entity, and that the owning party has taken reasonable measures to safeguard the materials’ secrecy.

In the realm of customer lists courts commonly hold lists that are readily ascertainable are offered no trade secret protection. See, Dowell v. Biosense Webster, Inc., 179 Cal.App.4th 564, 571 (2009) (affirming lower court’s holding “that there was no evidence that Biosense's customer list is a trade secret because it appears that the customers for the products at issue ... are easily identified from any number of publicly available directories and resources"); Ken J. Pezrow Corp. v. Seifert, 197 AD2d 856, 857 (N.Y. App. Div. 4th Dept 1993)("where an employer's customer lists are readily ascertainable from sources outside its business, trade secret protection will not attach and their solicitation by the employee will not be enjoined.'") (citations omitted). In fact, New York courts have applied a “general rule” that an employee may solicit an employer's customers when the employment relationship has been terminated, in the absence of some other contractual agreement to the contrary. A & L Scientific Corp. v. Latmore et al., 696 N.Y.S.2d 495 (2d Dept 1999)  (citing Catalogue Service of Westchester, Inc. v. Paul Wise et al., 405 N.Y.S.2d 723 (1st Dept 1978)).

 

Adding Social Networking To The Mix

Since the disclosure of an otherwise trade secret – even accidentally or “through inadvertence” – destroys the secrecy element and therefore removes what trade secret protection exists, Kewanee Oil Co. v. Bicron Corp., 416 U.S. 470, 476 (1974), at what point can using social networking to link-in, friend or make other connections with customers cross over into making a customer list, or a portion of a list, no longer protectable as a trade secret? With seemingly everyone, including us here at the Info Law Group, connecting to business associates as well as potential and actual clients, the question is not academic.

Indeed, witness a case filed earlier in the year, which is indicative of the issue. TEKsystems, Inc., a Hanover, Md-based recruiter of technical professionals, filed a federal action on March 16, 2010, TEKsystems, Inc. v. Hammerinick et al. (0:10-cv-00819-PJS-SRN), Complaint here, accusing former employees of wrongfully contacting former co-workers and clients in violation of the non-compete and non-solicitation agreements they entered into and for misappropriation of trade secrets. Docket available here. On the facts given above the case seems merely a run-of-the-mill action against former employees violating commonly used non-compete and non-solicitation prohibitions. But the topical kicker is that contacts by one of the former employees allegedly occurred through LinkedIn and that Teksystems claimed that the customers, described in the Complaint, as “key individuals responsible for recruitment [at outside entities] of professional placement staffing needs” were “valuable, confidential, and proprietary to TEKsystems, and [] not generally known in the public domain” with “significant economic value to TEKsystems” – in short a trade secret under Maryland’s Uniform Trade Secret Act, Md. Code Ann., Com. Law §11-1201(e).

The applicable non-compete clause prohibited the former employee for a period of 18 months after leaving from working for “any business that is engaging in or preparing to engage in any aspect of TEKsystems’ Business in which EMPLOYEE performed work during the two (2) year period preceding his/her termination of employment, within a radius of fifty (50) miles of the office in which EMPLOYEE worked at the time EMPLOYEE’s employment terminated.” The applicable non-solicitation clause provided that during the 18 month period after termination the employee would not “[a]pproach, contact, solicit or induce any individual, corporation or other entity which is a client or customer of TEKsystems, about which EMPLOYEE obtained knowledge by reason of EMPLOYEE’s employment ….”

While clearly onerous from the employee’s perspective, the Court never reached the merits or opined on validity of the provisions given the case's disposition by stipulated Confidential Settlement Agreement.  However, social networking in the form of LinkedIn entered the Complaint at Paragraph 37 where TEKsystems, in providing examples of one of the employee’s conduct, recounts the employee “has communicated with at least 20 of TEKsystems’ Contract Employees using such electronic networking systems as ‘Linkedin.’” In Paragraph 40, the Complaint alleged the employee “[p]rior to leaving TEKsystems, [] sent emails to a number of candidates advising them that she was leaving TEKsystems and joining Horizontal Integration.”

As an aside, the stipulation recognizes the new cloud storage landscape we’re operating in by defining “Computers,” in a laundry list of systems and storage the defendants would be required to search for documents to return to TEKsystems and then destroy, as “all servers, hard drives, ‘cloud’ storage systems, jump drives, zip drives, CBIZ or other electronic storage devices.” It also defines “Documents” as “the broadest meaning ascribed to it under the Federal Rules of Civil Procedure, and shall include documents in paper form, electronic form, on ‘cloud’ systems or otherwise maintained in any way by Defendants.”

Although the TEKsystems case concluded last week on Oct 18, 2010, per previously stipulated Permanent Injunction and Dismissal or Action, here, the case itself raises interesting broader questions:

  1. At what point does use of a social network, particularly in an industry where direct outside client contact is first and foremost, divulge a trade secret client/customer list by crossing the line between those contacts made during and as a direct result of one’s employment for a specific company (and as a result considered a “trade secret”) and those contacts made “off-hours” by virtue of a person’s being part of a given industry and, perhaps, say “Linking In” to contacts of contacts?  LinkedIn’s entire business model is built around a “six degrees of separation” concept, but how many degrees away does an employee need to get before those “contacts of contacts” are no longer part and parcel of the employer’s existing or potential client/customer list?
  2. Given that social networks generally have “public” and “private” settings capabilities, could connecting to customers and clients act to inadvertently toss the employer's otherwise validly confidential and trade secret customer list into the public domain, destroying trade secret protection in the process by virtue of the fact that those outside the employee’s company conceivably can then “readily ascertain by proper means” the employer’s list of customer/clients using the employee’s socially networked contacts? Consider that according to the Restatement (Second) of Torts §757, factors courts will consider “in determining whether given information is one's trade secret" include:
    • the extent to which the information is known outside of the business;
    • the extent to which it is known by employees and others involved in the business;
    • the extent of measures taken to guard the secrecy of the information;
    • the value of the information to the employee/employer and competitors;
    • the amount of effort or money expended in developing the information;
    • the ease or difficulty with which the information could be properly acquired or duplicated by others.

So what can and should you do to address the social networking disclosure issue before a court potentially does it for you?

 

Recommendations

First, let’s recall that the Complaint in TEKsystems contained four counts, which are fairly typical in an action of this type: 1) breach of contract; 2) breach of confidentiality agreement (“NDA”); 3) tortious interference with contractual relations, and 4) misappropriation of trade secrets. NDA’s frequently utilize broad definitions of “confidential information” and TEKsystem’s NDA definition included “information not generally known by TEKsystems’ competitors or the general public concerning TEKsystems and that TEKsystems take reasonable measures to keep secret, including but not limited to ... customers’ names, addresses, telephone numbers, contact persons ... and the names, addresses, telephones numbers, skill sets, availability and wage rates of ... personnel.”

Had the NDA lacked such a definition or express inclusion of customer names and TEKsystems were forced to rely merely on a claim of misappropriation of trade secrets as a result, the issue of whether customer/client lists entered the public domain via social networking would have garnered notable prominence as the employee might have argued, depending on the factual specifics: “What trade secrets? The information was publicly available via my LinkedIn profile.”

The lesson? Ensure that your employee NDA’s include client information (identities, names, addresses, etc.) within the definition of “confidential information.” But merely defining information as confidential is not be enough unless  steps are taken to in fact treat the data as confidential – since as with trade secrets “confidential information” obviously ceases to become such when it enters the public domain. See generally, 1-800 Postcards, Inc. v. Ad Die Cutting & Finishing Inc., 2010 NY Slip Op 51368 (NY Cty Sup Ct July 9, 2010) (denying plaintiff’s claim of misappropriation of trade secrets where there is no employee “contract expressly restricting the former employees from competing with the prior employer.”)

Second, add a social media section to non-compete clauses and NDAs that clearly addresses use of social media and its effects on any materials considered trade secrets and confidential information. Specifically you should consider, beyond the usual items that e-mail and internet access may be monitored, etc., language providing that :

• Employees should use employer supplied computers, networks and equipment (i.e., smartphones, etc.) for business purposes only, while acknowledging the reality of working from home using home computers and systems with additional language that provides even usage of such home systems must comply with the NDA and non-compete clauses;
• Employees must disclose use of social networking sites; that such social networking may be monitored by the employer, and that consent is granted by the employee for the employer to access employee social networking sites for compliance with the employee’s contractual obligations. You may, under certain circumstance, wish to have the ability to direct an employee (or former employee) to remove any linkage to your company site or mention of the company or employment with the company; and
• Employees may be directed to select privacy settings to prevent "public" users from browsing or seeing their contacts.

Finally, the landscape of social networking is changing rapidly.  It's extremely important to carefully periodically review the various use, privacy, copyright and other policies social networking sites require acceptance of to ensure that your employees aren't binding you to provisions you were unaware of, that may not be practical to comply with given your specific industry or usage, or that may result in disclosure of confidential or trade secret information by default.

As always, to discuss any of the above or your specific needs and issues, feel free to contact me or any other attorney at the Info Law Group.
Tags: , , , , ,
Trackbacks (0) Links to blogs that reference this article Trackback URL
http://www.infolawgroup.com/admin/trackback/227787
Comments (6) Read through and enter the discussion with the form at the end
Jay Libove, CISSP, CIPP, CISM - October 26, 2010 11:37 PM

Points 2 and 3 of the recommendations in this article raise some deeper considerations:


Re: point 2. "You may, under certain circumstance, wish to have the ability to direct an employee (or former employee) to remove any linkage to your company site or mention of the company or employment with the company"

At what point does a company policy of this nature violate the civil rights of the employee? While "censorship" is not something that a company (unless acting under color of government) is legally capable of, companies cannot enslave people. Prohibiting a person from speaking that they were employed by a company is a serious imposition on the personhood of that employee or former employee.


Re: point 3. "Employees may be directed to select privacy settings to prevent "public" users from browsing or seeing their contacts."

Here the balancing act is not for the courts or the legal profession, but rather is a case where new technology and new media raise a challenge to the whole cost/benefit relationship of past business practices, specifically the treatment of customer lists as trade secrets.

How much business value does a modern competitive business *lose* by making its high powered employees' contacts *not* public on e.g. LinkedIn? How much, even absent LinkedIn, in the fully Google-indexed world, with every press release lined up for the searching from the comfort of your armchair, can a company's business dealings actually remain secret?

Finally, Business needs to consider the degree to which they decrease their employees' value (future employability/ ease of next job search) with restrictions on their employees' social networking (particularly LinkedIn) use; how much more must they compensate a highly qualified employee in order to successfully hire and retain her in such a locked-down environment, relative to a competitor who values the positive exposure and keeps his employees happier?


This will be interesting to follow, not only in the courts, but also in the business schools.

Jay Libove, CISSP, CIPP, CISM - October 26, 2010 11:54 PM

One more thought:

We've seen cases in the past where e.g. airline loyalty programs' terms and conditions have successfully resulted in about-faces by not only companies but also the IRS. (Re: http://taxprof.typepad.com/taxprof_blog/2008/07/the-tax-treatme.html )

e.g. A company's demand to keep frequent flyer miles accumulated in an employee's account as a result of the employee's business-paid travel would cause the employee to commit a contract violation against the airline's loyalty program terms of service.

The alternative of tracking of those miles as a fringe benefit was not cost-justifiable, so the IRS released this as a taxable fringe benefit ...


LinkedIn, etc, could put such poison pills in their terms of service:

Make it so that it would effectively be a contract violation by the employee-user of the social media site to obey certain draconian or unconscionable employer mandates...

Businesses would then be in the position not only of the legal and business discussions I posed in my earlier comment, but also of whether they could direct an employee to violate a contractual agreement (the terms of service of the social networking site).

This could make the businesses' decision more black-and-white: "To LinkedIn (at all, under any reasonable terms my employee wants to make of it) or Not (to have no presence of any of my employees on LinkedIn at all)".

Richard L. Santalesa - October 27, 2010 9:56 AM

Jay, thank you for your thoughtful and informative comments. Increased exploration and analysis is exactly the goal of my post, as we’re clearly in the very early stages of understanding what the long term effects of social networking and social media are. In response to your comments regarding recommendation points 2 and 3, you query “[a]t what point does a company policy of this nature violate the civil rights of the employee? * * * Prohibiting a person from speaking that they were employed by a company is a serious imposition on the personhood of that employee or former employee.�

I agree this may be a potentially troubling response to the problems raised by unchecked employee use of social networking. However, companies already may impose significant post-employment restrictions on a former employee's right to work in a broad geographic area for defined periods of time after leaving employee (witness TEKsystem’s non-compete clause quoted in my post) and may impose even more invasive requirement pre-hiring as a requirement to employment (i.e., drug testing, etc.).

While acceptance of practices X & Y certainly does not mean that we as a society need accept requirement Z (witness the legislative responses to banning of use of genetic testing in employment situations). Still, I think the concern here as to the employee civil rights is venue specific with the caveat that if an employer could, above and beyond my potential suggestion for consideration, also ban you from listing your employment with them on your resume, or personal webpage, then we would be entering a realm, in my opinion, bordering on an unconscionable prior restraint-like situation.

As to your point on item 3 that this represents the intersection of new technology, new media, business practices and cost/benefit relationship to employer and employees, respectively, I agree. However, given that the legal fabric and management of risk/liability is deeply interwoven into new tech/new media/business/employment issues saying this “balancing act is not for the courts or the legal profession� to resolve discounts the existing landscape we labor on. Would it be better if these issues were resolved by employer and employees in cooperation without legislative action or intervention by courts? Probably. But will that in fact be the route taken? Likely not.

Finally, your analogy to airline loyalty programs and subsequent IRS treatment of same highlights just how out-of-the-box and far afield some of the results and responses to the issues raised may be in the future. And I, too, feel this issue and those others raised by social networking will be interesting to follow not only in the courts, but in the business schools for years to come. Stay tuned.

Bob Gezelter - October 27, 2010 12:32 PM

Explicit disclosure of customer lists is but one of the dangers of social media. Even making seemingly innocuous posts can disclose confidential information that can lead to the exposure of a client, without ever mentioning the client's name.

Disclosure is not the only hazard. Two other hazards worth mentioning are: aggregation/collation, and outside archiving.

Aggregation/collation uses bits and pieces of information disclosed in the course of a volume of postings to discern information that is not intended to be released. This is a technique that was quite successfully used in the electronic intelligence community, as evidenced by declassified historical accounts of activities during the first half of the 20th century.

An example is the recent popularity of geo-location services. When the feeds from different parties are correlated, it is possible to determine their relationship purely from the cascading coincidences of the geo-location feeds. Positive and negative conclusions can be reached. This is information that previously went unremembered.

Outside archiving occurs when the feeds are distributed to outside parties. Twitter, Facebook, LinkedIn, and other social networking sites often provide feeds for a variety of purposes. Once something has been posted, it may be effectively impossible to expunge the posting. One can delete it from the social networking site, but there is no way to guarantee that all copies have been expunged. This is a challenge in many ways.

These and other hazards of micro-blogging were discussed in "Micro-Blogging and Self-Surveillance", an entry in my blog at http://www.rlgsc.com/blog/ruminations/micro-blogging-and-personal-information.html

Richard L. Santalesa - October 27, 2010 1:04 PM

Bob, excellent points. While my post obviously focuses on a specific issue, aggregation and third party archiving of social networking content are additional currently unplumbed areas that will undoubtedly come to the foreground in the near future.

Urs E. Gattiker - @ComMetrics - November 2, 2010 9:12 AM

Dear Richard

Thanks for this interesting blog post.

Let me just put forward some issues on how I see it as business person. Also, I am not an expert on legal issues.

I know that even when we recruit, employees have already been part of networks like LinkedIn for years (PS. we just hired a guy who joined LinkedIn in year one of its existence).

So I find it simply impractical to put any claim on his or her LinkedIn connections. Yes, of course, we surely will benefit from these connections, whilst the person is a member of our team.

We point this out in our social media guidelines for staff and clients here:

===> http://info.cytrap.eu/?page_id=686

Based on our social media policy, we train our staff as far as privacy and confidentiality are concerned. The result is that you will be unable to see our employees' list of connections on Xing (similar to LinkedIn):

http://www.xing.com/profile/UrsE_Gattiker

Nevertheless, when the individual leaves our employment, she will take her contacts with her. Of course, she will also continue using LinkedIn or Xing, Facebook, etc. after she has gone and joined another company, possibly in the same industry.

PS. ===> We tell our team not to use geo location networks and setting the options correctly on Facebook to prevent this from happening
===> Facebook geo-tag is turned on by default, read more:
http://commetrics.com/?p=10242 ===> (see under Saturday heading - including VIDEO on how to do set these options right)

I find our company does many things right so it has little to fear from its secrets getting out. There is no magic ingredient to success that can be found on a person's network of contacts. Of course, if one were to get customer details this way we could have a problem.

On the other hand, we all know who our competitors are and, in turn, their major clients. So what is the secret here?

The fuss over social network contacts and information shared with these contacts in one's social network or on groups (e.g., LinkedIn) suggests that there is a great prize for getting access to such data. But is there really?

Having a long-term relationship with a client that has purchased and been satisfied with our product and services for years should be worth something. It usually makes it impossible for a competitor just calling up and getting the contract instead of us.

Finally, regarding our social media guidelines we put in as well:

"... their spirit must be observed as well as their letter."

So far, employees have been cautious and using these tools wisely.
So how using social networks and connecting with a person or a group of individuals could result in a claim that a particular connection in and of itself of a former staff member violated the employer's trade secrets remains a mystery to me.

In a court where the judge(s) is social media savvy individual she will surely see that this makes no sense... But who knows...

Richard, thank you for sharing this important information with your readers.

Post A Comment / Question Use this form to add a comment to this entry.







Remember personal info?
Send To A Friend Use this form to send this entry to a friend via email.