Social media clearly has numerous uses and benefits, as hundreds of millions of users worldwide can attest. From connecting with a long lost friend, to marketing a new product or service, to organizing a high school reunion or even an uprising in the Middle East, social media has become a ubiquitous part of our lives. But its rapid proliferation comes with risks.

In addition to the hazards to individuals on which the media regularly reports — invasion of privacy, harassment, bullying and the like — the increased risks to employers are just as compelling, albeit perhaps not as sensational. Most employers today have implemented social media policies that govern such things as if and when employees may access social media during the workday and appropriate uses thereof, but many companies fall short in protecting their trade secrets and customer relationships or goodwill.

Employees, especially younger ones, may unwittingly put their employers at risk simply by connecting with customers and/or vendors on LinkedIn, or by boasting about their latest achievements on Facebook or Twitter. Or they may be using social media intentionally to solicit customers or employees after termination.

As the line between business and personal information becomes increasingly blurred, employers must be cognizant of the risks inherent with the increased use of social media and take affirmative steps to protect their trade secrets and customer relationships before it is too late. Once a trade secret has been disclosed, its protections cannot be recovered; and once a customer leaves, he or she may never return.

 Setting Expectations

The most basic step that any employer should take to protect itself is to set expectations for its employees. In addition to creating the kind of culture where employees want to be protective of their employer, this can be accomplished by implementing policies that limit what employees are permitted to post on social media, and the security or privacy measures that must be put in place if they do so.

For instance, subject to the strictures of the National Labor Relations Act, employees should not be permitted to comment publicly on confidential projects or issues, even if they believe it is only to their “small” group of friends. While this is universally true, any policy should explicitly reference social media. Moreover, if employees are permitted to connect with customers and vendors on LinkedIn, their list of contacts should be set to private so that other LinkedIn users cannot view them. This type of policy is the building block for all others, and it isn’t enough simply to have such a policy in place; it must clearly and repeatedly be explained to employees, and perhaps even be the subject of an annual training.

While most employers have confidentiality and nondisclosure policies and agreements in place, they oftentimes do not specify that customer contact information, preferences, and the like that are maintained on LinkedIn and other social media sites fall within the strictures thereof. These policies and agreements should require that such information be deleted immediately from the employees’ accounts if they leave the company for any reason (just as hard copy customer lists must be returned or destroyed).

Although potentially difficult to enforce on their own, absent evidence of misappropriation or improper solicitation, policies such as this can influence a court’s opinion of a noncompliant former employee and add support to a request for injunctive relief should litigation be initiated. Of course, one purpose of these policies is to set clear expectations so as to avoid the need for litigation in the first place.

Who “Owns” Social Media?

Once employee expectations are established, the next thing an employer should do is assert an ownership interest over social media accounts and content, even if that content is already identified as confidential and must be deleted when the employment relationship ends. Few courts have addressed the issue of who “owns” social media. It is a difficult issue because accounts are often free and employees have already joined at the time of hire. Employers should, at the very least, have policies in place that inform employees that the company owns any content that was developed on the job or using the employer’s resources or confidential information.

For instance, the policy should be clear that customer information and goodwill are the company’s property even if posted on an employee’s LinkedIn account. (This policy must go hand in hand with the confidentiality policies discussed above or it will be ineffective.) There will always be disputes over whose goodwill it actually is, and social media ownership policies will certainly not be enforced by every court under every set of circumstances, but it is better to implement such a policy than face the risks of not doing so.

Last year, in Eagle v. Morgan, a federal court in Pennsylvania ruled that a company could not assume its former CEO’s LinkedIn account after she was terminated because although the company had expressed “an intense interest in the issue involving ownership of LinkedIn accounts,” it was clear that on the date the CEO was terminated “no policy had been adopted to inform the employees that their LinkedIn accounts were the property of the employer.” Had the company implemented such a policy, the outcome may have been different.

On the flip side, in Ardis Health LLC v. Nankivell, a federal court in New York ruled that a former employee must turn over the login, password and other access information to several websites, blogs, and social media pages that she had created and maintained for her former employer, because the employee had signed an agreement at the outset of her employment that all work created or developed by her “shall be the sole and exclusive property of [the employer], in whatever stage of development or completion,” and that she must return all confidential information upon request. The existence of such an agreement in this instance protected the company.

Where there is no policy or agreement, a court may leave the question of ownership to a jury, which is not a good result for employers, as jurors will not want to believe that their employers can appropriate or monitor their social media accounts. In PhoneDog v. Kravitz, a federal court in California denied a former employee’s motion to dismiss claims by his employer, alleging that the former employee unlawfully continued using the company’s Twitter account after he quit. There was no policy or agreement in place in this case, and the ultimate outcome will necessarily turn on who actually owns the Twitter account.

Similarly, in Christou v. Beatport LLC, the plaintiff claimed that a former employee misappropriated its trade secrets, including login information for profiles on MySpace and lists of MySpace “friends.” The defendants argued that a list of MySpace friends “is broadcast to the public via the Internet and thus cannot be considered a trade secret.” A federal court in Colorado denied the defendant’s motion to dismiss, holding that whether the information was a trade secret is a factual issue, but opined that:

Social networking sites enable companies … to acquire hundreds and even thousands of “friends.” These “friends” are more than simple lists of names of potential customers. “Friending” a business or individual grants that business or individual access to some of one’s personal information, information about his or her interests and preferences, and perhaps most importantly for a business, contact information and a built-in means of contact. Even assuming that employees generally knew the names of all of the “friends” on [the former employer’s] MySpace pages, it is highly unlikely, if not impossible, that employees knew the contact information and preferences of all those on the “friends” list from general experience.

This is an evolving area of law, and information that was protectable 10 years ago may not necessarily be protectable today.

In Sasqua Group Inc. v. Courtney, a federal court in New York ruled that LinkedIn connections and Facebook relationships with clients cultivated by a former employee were not trade secrets belonging to the firm because although that information “may well have been a protectable trade secret in the early years of [the company’s] existence when greater time, energy and resources may have been necessary to acquire the level of detailed information to build and retain the business relationships at issue … for good or bad, the exponential proliferation of information made available through full-blown use of the Internet and the powerful tools it provides to access such information [now] is a very different story.”

While this case is a classic example of bad facts making bad law, having policies in place at the very least sets expectations for employees, and at best it could carry the day in court.

Beware of Overreach

When implementing policies and agreements related to social media, employers must beware not to infringe upon employees’ rights under state or federal law, including the National Labor Relations Act, which safeguards employees’ right to engage in “protected concerted activities,” Additionally, many states have now enacted or proposed some form of social media privacy laws, some of which prohibit employers from requiring employees or applicants to disclose login information to social media accounts and retaliating against those who refuse to do so.

Employers must also ensure that their own conduct does not run afoul of any laws, including the federal Stored Communications Act, which prohibits the unauthorized access of electronic communications and has been applied to social media. Earlier this year, in Ehling v. Monmouth-Ocean Hospital Service Corp., a federal court in New Jersey held that an employee’s Facebook posts were protected by the Act because she had configured her privacy settings to restrict posts to her “friends” (but found that the employer had not violated the act by viewing the employee’s wall, because a co-worker, who was one of her Facebook friends, showed the post to their employer).

Similarly, in Maremont v. Susan Fredman Design Group Ltd., a federal court in Illinois refused to grant summary judgment to an employer on claims brought by an employee alleging that it had illegally accessed her Twitter and Facebook accounts while she was on medical leave, finding that there were factual disputes as to whether the employer exceeded its authority in accessing those accounts.

Legal issues aside, most employers do not want to create a culture where their employees are constantly in fear of being monitored, which will harm morale and decrease loyalty. This can have the exact opposite effect of what the policies are intended to promote, as disgruntled or disloyal employees are the most likely to take actions harmful to the company.

What Constitutes Solicitation on Social Media?

Regardless of what policies and agreements are implemented, employers must typically still establish that a former employee misappropriated trade secrets and/or improperly solicited customers or employees to obtain relief. The lines are not as clear as they were in the past, however. Does “friending” a customer on Facebook constitute solicitation? Updating one’s LinkedIn account to identify a new employer? Tweeting how great a new employer’s product or service is? These questions largely remain open and have not been addressed in most jurisdictions.

In fact, recent research has uncovered no published decisions in the employment context regarding what constitutes improper solicitation using LinkedIn, the most prolific business-centric social media site that has more than 225 million users worldwide.

However just last month, a Massachusetts court issued an unreported decision in KNF&T Staffing Inc. v. Muller, holding that updating a LinkedIn account to identify one’s new employer and to list generic skills does not constitute solicitation. In this rather narrow decision, the court did not address whether a LinkedIn post could ever violate a restrictive covenant, and several other cases involving this issue settled before it could be resolved.

Outside of the employment context, the Court of Appeals of Indiana, in Enhanced Network Solutions Group Inc. v. Hypersonic Technologies Corp., held that a nonsolicitation agreement between a company and its vendor was not violated when the vendor posted a job publicly on LinkedIn and an employee of the company applied and was hired for the position, because all major steps that led to the employment were initiated by the employee.

In the context of Facebook, a Massachusetts court ruled in Invidia LLC v. DiFonzo that a hairstylist did not violate her nonsolicitation provision by “friending” her former employer’s customers on Facebook because “one can be Facebook friends with others without soliciting those friends to change hair salons, and [plaintiff] has presented no evidence of any communications, through Facebook or otherwise, in which [defendant] has suggested to these Facebook friends that they should take their business to her chair.”

Likewise, in Pre-Paid Legal Services Inc. v. Cahill, a former employee posted information about his new employer on his Facebook page “touting both the benefits of [its] products and his professional satisfaction with [it]” and sent general requests to his former co-employees to join Twitter. A federal court in Oklahoma denied his former employer’s request for a preliminary injunction, holding that communications were neither solicitations nor impermissible conduct under the terms of his restrictive covenants.

In sum, common sense continues to reign supreme in determining what constitutes solicitation in the age of social media, and if it looks, tastes and smells like solicitation, it probably is. Nevertheless, it is imperative that employers protect their trade secrets and goodwill by setting clear expectations and implementing policies and agreements that clearly express those expectations and provide a means by which to enforce them if necessary.