Supervising Partner

 

Greg Rostron

Partner

Office: (07) 3009 8444
e: g.rostron@rostroncarlyle.com

 

LinkedIn - is your confidential client information not so confidential?

Pubications > LinkedIn - is your confidential client information not so confidential?


LinkedIn and various Social Networking Sites (SNS) are creating new challenges for the protection of an Organisation's Confidential Information.   Confidential Information includes Client Contact information as well as Connections made by Employees on SNS. Organisations should ensure that their employment contracts and Social Media Policies protect against the transfer of Confidential Information on SNS so as to protect this information against exploitation after an employee exists the Organisation.
Share |

 

 

 

 

What is LinkedIn?

According to Wikipedia:

“LinkedIn is a business-oriented social networking site.  Founded in December 2002 and launched in May 2003, it is mainly used for professional networking.  As of October 2009, LinkedIn claims more than 50 million registered users, spanning more than 200 countries and territories worldwide”.

 

What is LinkedIn used for?

LinkedIn (amongst other things) is an SNS that enables users to upload Contacts, create a profile, connect to other users, show their own Connections, join groups, recommend Connections, publish articles, answer questions and provide updates to their connections seamlessly and via integration to Twitter.  It is largely used for business networking and business development purposes.

 

Uploading Contacts to LinkedIn

LinkedIn (like most SNS) includes a feature that enables users to:

upload Client Contact information that is stored in an email program or third party email services;
and automatically invite these people to become Connections.

 

Therefore it's possible that Confidential Information in the form of Contacts stored in an email program can be automatically transferred from the Employer to the control of the Employee. These Contacts may later become Connections of the Employee that can then be viewed by world at large on sites such as LinkedIn. This may mean that what was confidential information looses the necessary quality of confidentiality.

 

The Evolution of Contact portability

One consequence of the transference and storage of Contact information to third party servers is that an Employee's Connections and potentially customers are becoming portable between Employers as they are controlled by the Employer not the Employee. An Employee can change jobs and seamlessly notify all their Contacts via LinkedIn.

 

Who owns the Customer Contact information?

Assuming that an Employee makes Contacts during the course of or incidental to their employment then prima facie, those Connections belong to the Employer.  If reduced to the form of a database, they may, in certain circumstances attract further protection under the Copyright Act 1968 (Cth).  The issue is that these Contacts can be contained on a server that is beyond the control of the employer.


UK Case law involving LinkedIn

In Hays Specialist Recruitment (Holdings) Limited and Another v Ions and Another [2008] (a UK case, not binding on an Australian Court) an employee had uploaded his employer's Confidential Information in the form of the Customer database to LinkedIn. 

 

The Court held that despite the fact that the Organisation encouraged the use of LinkedIn, there was no reason for the Organisation's confidential information to be "cut and paste" into the public domain.

Customer Contact information is generally regarded as being owned by the Employer provided it has the necessary qualities of confidentiality.

 

Breach of duty by Employees

Employees have an implied duty of fidelity and loyalty to their employers.   Therefore an Employee owes their Employer a duty of care not to harm their interests.  The extent of this duty generally includes any deliberate effort to remove or memorise information for later use.   The uploading of Confidential Client contact information for later use would seem to breach this duty.

 

Australian guidance

NP Generations Pty Ltd v Feneley (2001) 52 IPR 563 (NP Generations) involved a situation where the rental property manager (Respondent) kept a diary and address book including the Contact information of some of the owners of rental properties which she managed during her employment.   There was no written contract of employment between the parties.  When the Respondents employment was terminated, she took the diary with her and some months later began working for a competitor.  Soon after she contacted eight owners of properties that were on her former employer's rent roll and advised them that she had left her former employer.  She later wrote to a further 46 landlords who were Clients of the Applicant.

 

The Court held that the Respondent's list of customers was confidential, and that where Confidential Information is entrusted to an employee for a limited purpose it can only be used for that purpose. 

Moreover if a former employee takes with them a list of Customers, which were returned for legitimate purposes, that parting employee had an obligation to return copies to their former employer 52 IPR 563 at 565.

 

How long will it be until an Australian Court applies these principles to compel an Employee to destroy their Contacts and Connections on an SNS? Employees should not upload what they don't own.

 

Who owns the Connections made by Employees in LinkedIn?

There are perhaps four separate classes of Connections made in LinkedIn by Employees:

 

Connections made by Controllable Employees

 

Employer Connections

If the Connection is a Client of the Organisation and information about that person is part of the Confidential Information, then it is likely that regardless of when the person was added to LinkedIn they are likely to be owned by the Employer.

 

Controlled Connections

If the Employee made the Connection in their capacity as Controlled Employee (an Employee who participates in SNS as part of their job both after and during working hours), then it could be argued that the Connection belongs to the Employer.

 

Connections made by Non-Incidental Employees

 

Personal Connections

Connections made by Non-Incidental Employees created either after or during working hours that are not Customers are Personal Connections.

 

If the Employee made the Connection in their capacity as a private individual, not engaged in any activity associated with their employment, and the Connection is not does not form part of the Organisation's Confidential Information, then it likely that the Connection is owned by the Employee.

 

Employer Connections

Difficulties arise where Employer Connections are made by Non-Incidental Employees.  It would appear that in the absence of a binding Social Media Employment Contract or Social Media Policy that these Connections may be owned by the Employee provided their making is not incidental to their employment. Organisations should consider carefully whether they want their Non-Incidental Employees to create Connections online with their Clients.

 

Employee use of Contacts and Connections post Employment

In the absence of an express contractual limitation contained in a Social Media Employment Contract and subsequently enforced, both Contacts uploaded that become Connections and Connections created in LinkedIn remain stored on LinkedIn after termination. 

 

The effect is that Contacts and Connections (that may be Clients) in certain instances are becoming more linked to the Employee than the Employer despite the fact that in most instances the Contact would seem to form part of the Employer's Confidential Information.

 

Applying NP Generations to Employee use of LinkedIn

With a few key strokes an Employee can notify all their Connections on LinkedIn that they have changed Employers. Importantly, when the user changes their job title, that information is communicated to their Connections via status updates to other Connections.  It could be argued that this is the Web 2.0 equivalent of notifying potential customers that they have changed Employers and is analogous to NP Generations.

 

Actions to be taken by Employers to protect erosion of Contacts and Connections

Employers should ensure that their employment contracts and Social Media Policies for Controllable Employees include provisions requiring removal of the Employers Contacts and Connections as soon as they resign from the Organisation. A Social Media Policy (amongst other things) should prohibit or at least attempt to limit Non-Incidental Employees making Connections with Clients and should provide further guidance relating to desirable online behaviour.

 

Terms defined in this article

Confidential Information includes any information that the Organisation deems to be confidential including information about Clients and  prospective Clients.

Contact means information about a Client or potential Client of an Organisation which may include but by no means be limited to name, address, email address, telephone contact and information for example.

Connection means a person who has voluntarily connected to another person via an SNS site.

Controlled Connections means a person who is not a Customer of the Employer and whose details do not form part of the Confidential Information of the Employer but was made by a Controllable Employee.

Controllable Employee means an Employee who participates in SNS as part of their job after and during working hours.

Customers means Clients and vice versa.  The term refers to a person or person representing an entity that an Employer is in a contractual relationship with.

Non-Incidental Employees are employees whose participation in SNS is not essential to the performance of their job.

Employees means contractors, agents directors and officers of the Organisation.

Employer Connections means a person who is a Customer of the Employer or whose details form part of the Confidential Information of the Employer.

Organisation means the entity type which the Social Media Policy and the contractual clauses apply to.

Personal Connections means a person who is not a Customer of the Employer who the Employee made contact with and connected with online, in any other capacity other than as the Employee of the Employer.

Social Media Employment Contract means a contract of employment that includes provisions regulating and controlling an Employees use of SNS as part of their employment.

Social Media Policy (SMP) is a document, communicated to an organisation's Employees so as to be legally binding, setting out the way in which Employees are to participate on Social Networking Sites and the rules that the Organisation wants to apply.  The SMP attempts to validly regulate the activities of both Controllable Employees (employees that use SNS as part of their jobs) and Non-Incidental Employees (who don't use SNS as part of their job) who participate in SNS during and after hours because their use of use of SNS:

- might cause serious damage to the relationship between the employer and Employee;

- may damage the employers interests; and

- may be incompatible with their duties to the employer.

Social Networking Sites (SNS) are web-based services that allow individuals to:

- construct a public or semi-public profile within a bounded system;

- articulate a list of other users with whom they share a connection; and

- view and traverse their list of connections and those made by others within the system.

SNS Sites include, but are by no means limited to: LinkedIn, Myspace, Beebo Twitter and Facebook and include both the Social Elements and the Business Element.

Social Networking means the process of using an SNS.

Web 2.0 means web development and web design that facilitates interactive information sharing, interoperability, user-centered design and collaboration between people on the World Wide Web.  Examples of Web 2.0 include web-based communities, hosted services, web applications, social-networking sites, video-sharing sites, wikis, blogs, mashups and folksonomies.  Put simply a Web 2.0 site allows its users to interact with other users or to change website content, in contrast to non-interactive websites where users are limited to the passive viewing of information that is provided to them.

Wikipedia http://en.wikipedia.org/wiki/LinkedIn accessed 14 December 2009 at 9.03am

Faccenda Chicken Ltd v Fowler [1987] CH 117

Angus & Coote Pty Ltd v Render (1989) 16 IPR 387

N P Generations Pty Ltd v Feneley (2001) 80 SASR 151

Boyd, d. m., & Ellison, N. B. (2007). Social network sites: Definition, history, and scholarship. Journal of Computer-Mediated Communication, 13(1), article 11. http://jcmc.indiana.edu/vol13/issue1/boyd.ellison.html

 

"The information contained in this article is general in nature and cannot be regarded as anything more than general comment. Readers of this article should not act on the basis of this comment without consulting one of Rostron Carlyle's legal practitioners who will consider their particular circumstances".

 

Related Legal Practices

 

Rostron Carlyle also has the following related speciality Practices that can assist organisations :

 

Technology Law

Corporate Law Practice

Intellectual Property Practice

Defamation and Media Law Practice

 

 

A Rostron Carlyle lawyer will be a person that you can relate to.  We'’ll talk your language. Most

importantly, a relationship with a Rostron Carlyle lawyer will be "a relationship you can rely on".