Is Social Networking Disclosing Your Trade Secret Customer Lists?

It was inevitable. First came social networks, then came the lawsuits: In the e-discovery context, in impeachment situations (Ledbetter v Wal-Mart Stores Inc.(06-cv-01958-WYD-MJW) (D Colo April 21, 2009); Mackelprang v. Fidelity Nat’l Title Agency of Nevada, Inc. (D. Nev. 2007); and Beye v. Horizon Blue Cross Blue Shield (D. N.J. 2006)), in the tort context (Wolfe v. Fayetteville, Arkansas School, 600 F.Supp.2d 1011 (W.D. Arkansas 2009)), as to how much privacy settings matter, on passwords and access, and this list represents merely the proverbial tip of the issues iceberg.

One issue still bobbing below the surface, as it appears there are no fully tried cases on the matter as of this writing, is disclosure of trade secrets, such as a client/customer list, through use of social media and social networking.

The Uniform Trade Secrets Act (“UTSA”) has served as a model for the enacted Trade Secret Acts of 46 states and the District of Columbia.  Massachusetts, New Jersey, New York, and Texas have not enacted a UTSA-model act – although the legislatures of Massachusetts, New York and New Jersey each introduced UTSA-based legislation in 2010. Under the UTSA a "trade secret" is defined as:

“information, including a formula, pattern, compilation, program, device, method, technique, or process, that: (i) derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and (ii) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.” (emphasis added).

See also Trade Secrets: A State-by-State Survey, Third Ed., with 2010 Cumulative Supplement; 18 U.S.C. 1839 (defining trade secrets for purposes of the Economic Espionage Act of 1996, which makes theft or misappropriation of a trade secret to benefit a foreign power or related to a product that is placed in interstate or foreign commerce a federal crime).

Various states expressly include a “customer list” in their UTSA’s definition of “trade secret.” (See Network Telecomms v. Boor-Crepeau, 790 P.2d 901, 902 (Co. 2010) (noting a trade secret under Colorado’s UTSA, Colo.Rev.Stat. Ann. § 7-74-102(4), includes the listing of names, addresses, or telephone numbers, or other information relating to any business or profession which is secret and of value); Industrial Insulation Group, LLC v. Sproule, 613 F. Supp.2d 844 (SD Texas 2009) (referencing Pennsylvania’s USTA, 12 Pa. Cons. Stat. Ann. 5301 et seq., which includes customer lists)).

However, even if a state’s UTSA does not expressly include customer lists in a provided definition such “low tech trade secrets” are routinely held by courts to fall within trade secret protection, under either UTSA-based or pre-UTSA common law as detailed by the Restatement (Second) of Torts §757. Section 757, Cmt. B specifies that “a trade secret may consist of any formula, pattern, device or compilation of information which is used in one's business, and which gives him an opportunity to obtain an advantage over competitors who do not know or use it.” A customer list readily qualifies under this definition.

Regardless of whether the applicable source of a trade secret’s protection is state statutory or common law, key issues as to whether a party may successfully claim protection for a trade secret depend on a threshold fulfillment of requirements, among others, that the materials do in fact qualify as actual trade secrets because they hold independent economic value, since they’re not widely known outside the entity, and that the owning party has taken reasonable measures to safeguard the materials’ secrecy.

In the realm of customer lists courts commonly hold lists that are readily ascertainable are offered no trade secret protection. See, Dowell v. Biosense Webster, Inc., 179 Cal.App.4th 564, 571 (2009) (affirming lower court’s holding “that there was no evidence that Biosense's customer list is a trade secret because it appears that the customers for the products at issue ... are easily identified from any number of publicly available directories and resources"); Ken J. Pezrow Corp. v. Seifert, 197 AD2d 856, 857 (N.Y. App. Div. 4th Dept 1993)("where an employer's customer lists are readily ascertainable from sources outside its business, trade secret protection will not attach and their solicitation by the employee will not be enjoined.'") (citations omitted). In fact, New York courts have applied a “general rule” that an employee may solicit an employer's customers when the employment relationship has been terminated, in the absence of some other contractual agreement to the contrary. A & L Scientific Corp. v. Latmore et al., 696 N.Y.S.2d 495 (2d Dept 1999)  (citing Catalogue Service of Westchester, Inc. v. Paul Wise et al., 405 N.Y.S.2d 723 (1st Dept 1978)).

 

Adding Social Networking To The Mix

Since the disclosure of an otherwise trade secret – even accidentally or “through inadvertence” – destroys the secrecy element and therefore removes what trade secret protection exists, Kewanee Oil Co. v. Bicron Corp., 416 U.S. 470, 476 (1974), at what point can using social networking to link-in, friend or make other connections with customers cross over into making a customer list, or a portion of a list, no longer protectable as a trade secret? With seemingly everyone, including us here at the Info Law Group, connecting to business associates as well as potential and actual clients, the question is not academic.

Indeed, witness a case filed earlier in the year, which is indicative of the issue. TEKsystems, Inc., a Hanover, Md-based recruiter of technical professionals, filed a federal action on March 16, 2010, TEKsystems, Inc. v. Hammerinick et al. (0:10-cv-00819-PJS-SRN), Complaint here, accusing former employees of wrongfully contacting former co-workers and clients in violation of the non-compete and non-solicitation agreements they entered into and for misappropriation of trade secrets. Docket available here. On the facts given above the case seems merely a run-of-the-mill action against former employees violating commonly used non-compete and non-solicitation prohibitions. But the topical kicker is that contacts by one of the former employees allegedly occurred through LinkedIn and that Teksystems claimed that the customers, described in the Complaint, as “key individuals responsible for recruitment [at outside entities] of professional placement staffing needs” were “valuable, confidential, and proprietary to TEKsystems, and [] not generally known in the public domain” with “significant economic value to TEKsystems” – in short a trade secret under Maryland’s Uniform Trade Secret Act, Md. Code Ann., Com. Law §11-1201(e).

The applicable non-compete clause prohibited the former employee for a period of 18 months after leaving from working for “any business that is engaging in or preparing to engage in any aspect of TEKsystems’ Business in which EMPLOYEE performed work during the two (2) year period preceding his/her termination of employment, within a radius of fifty (50) miles of the office in which EMPLOYEE worked at the time EMPLOYEE’s employment terminated.” The applicable non-solicitation clause provided that during the 18 month period after termination the employee would not “[a]pproach, contact, solicit or induce any individual, corporation or other entity which is a client or customer of TEKsystems, about which EMPLOYEE obtained knowledge by reason of EMPLOYEE’s employment ….”

While clearly onerous from the employee’s perspective, the Court never reached the merits or opined on validity of the provisions given the case's disposition by stipulated Confidential Settlement Agreement.  However, social networking in the form of LinkedIn entered the Complaint at Paragraph 37 where TEKsystems, in providing examples of one of the employee’s conduct, recounts the employee “has communicated with at least 20 of TEKsystems’ Contract Employees using such electronic networking systems as ‘Linkedin.’” In Paragraph 40, the Complaint alleged the employee “[p]rior to leaving TEKsystems, [] sent emails to a number of candidates advising them that she was leaving TEKsystems and joining Horizontal Integration.”

As an aside, the stipulation recognizes the new cloud storage landscape we’re operating in by defining “Computers,” in a laundry list of systems and storage the defendants would be required to search for documents to return to TEKsystems and then destroy, as “all servers, hard drives, ‘cloud’ storage systems, jump drives, zip drives, CBIZ or other electronic storage devices.” It also defines “Documents” as “the broadest meaning ascribed to it under the Federal Rules of Civil Procedure, and shall include documents in paper form, electronic form, on ‘cloud’ systems or otherwise maintained in any way by Defendants.”

Although the TEKsystems case concluded last week on Oct 18, 2010, per previously stipulated Permanent Injunction and Dismissal or Action, here, the case itself raises interesting broader questions:

  1. At what point does use of a social network, particularly in an industry where direct outside client contact is first and foremost, divulge a trade secret client/customer list by crossing the line between those contacts made during and as a direct result of one’s employment for a specific company (and as a result considered a “trade secret”) and those contacts made “off-hours” by virtue of a person’s being part of a given industry and, perhaps, say “Linking In” to contacts of contacts?  LinkedIn’s entire business model is built around a “six degrees of separation” concept, but how many degrees away does an employee need to get before those “contacts of contacts” are no longer part and parcel of the employer’s existing or potential client/customer list?
  2. Given that social networks generally have “public” and “private” settings capabilities, could connecting to customers and clients act to inadvertently toss the employer's otherwise validly confidential and trade secret customer list into the public domain, destroying trade secret protection in the process by virtue of the fact that those outside the employee’s company conceivably can then “readily ascertain by proper means” the employer’s list of customer/clients using the employee’s socially networked contacts? Consider that according to the Restatement (Second) of Torts §757, factors courts will consider “in determining whether given information is one's trade secret" include:
    • the extent to which the information is known outside of the business;
    • the extent to which it is known by employees and others involved in the business;
    • the extent of measures taken to guard the secrecy of the information;
    • the value of the information to the employee/employer and competitors;
    • the amount of effort or money expended in developing the information;
    • the ease or difficulty with which the information could be properly acquired or duplicated by others.

So what can and should you do to address the social networking disclosure issue before a court potentially does it for you?

 

Recommendations

First, let’s recall that the Complaint in TEKsystems contained four counts, which are fairly typical in an action of this type: 1) breach of contract; 2) breach of confidentiality agreement (“NDA”); 3) tortious interference with contractual relations, and 4) misappropriation of trade secrets. NDA’s frequently utilize broad definitions of “confidential information” and TEKsystem’s NDA definition included “information not generally known by TEKsystems’ competitors or the general public concerning TEKsystems and that TEKsystems take reasonable measures to keep secret, including but not limited to ... customers’ names, addresses, telephone numbers, contact persons ... and the names, addresses, telephones numbers, skill sets, availability and wage rates of ... personnel.”

Had the NDA lacked such a definition or express inclusion of customer names and TEKsystems were forced to rely merely on a claim of misappropriation of trade secrets as a result, the issue of whether customer/client lists entered the public domain via social networking would have garnered notable prominence as the employee might have argued, depending on the factual specifics: “What trade secrets? The information was publicly available via my LinkedIn profile.”

The lesson? Ensure that your employee NDA’s include client information (identities, names, addresses, etc.) within the definition of “confidential information.” But merely defining information as confidential is not be enough unless  steps are taken to in fact treat the data as confidential – since as with trade secrets “confidential information” obviously ceases to become such when it enters the public domain. See generally, 1-800 Postcards, Inc. v. Ad Die Cutting & Finishing Inc., 2010 NY Slip Op 51368 (NY Cty Sup Ct July 9, 2010) (denying plaintiff’s claim of misappropriation of trade secrets where there is no employee “contract expressly restricting the former employees from competing with the prior employer.”)

Second, add a social media section to non-compete clauses and NDAs that clearly addresses use of social media and its effects on any materials considered trade secrets and confidential information. Specifically you should consider, beyond the usual items that e-mail and internet access may be monitored, etc., language providing that :

• Employees should use employer supplied computers, networks and equipment (i.e., smartphones, etc.) for business purposes only, while acknowledging the reality of working from home using home computers and systems with additional language that provides even usage of such home systems must comply with the NDA and non-compete clauses;
• Employees must disclose use of social networking sites; that such social networking may be monitored by the employer, and that consent is granted by the employee for the employer to access employee social networking sites for compliance with the employee’s contractual obligations. You may, under certain circumstance, wish to have the ability to direct an employee (or former employee) to remove any linkage to your company site or mention of the company or employment with the company; and
• Employees may be directed to select privacy settings to prevent "public" users from browsing or seeing their contacts.

Finally, the landscape of social networking is changing rapidly.  It's extremely important to carefully periodically review the various use, privacy, copyright and other policies social networking sites require acceptance of to ensure that your employees aren't binding you to provisions you were unaware of, that may not be practical to comply with given your specific industry or usage, or that may result in disclosure of confidential or trade secret information by default.

As always, to discuss any of the above or your specific needs and issues, feel free to contact me or any other attorney at the Info Law Group.