Question: What happens when a company “hijacks” a former employee’s LinkedIn profile? Answer: In some cases, that employee sues for identity theft and invasion of privacy. The bigger question right now is whether that employee will prevail – particularly when she pursued her case without the assistance of a lawyer. Some of you may recall the Linda Eagle v. Edcomm case – which centered on a former employee’s claims that the company wrongfully misappropriated her LinkedIn account after she left the company.
That lawsuit was tried to the United States District Court for the District of Pennsylvania in November 2012. The Court heard oral arguments on post-trial motions on Wednesday and promised to issue a decision soon. So, while we are waiting for that decision, let’s look back to the facts which prompted the lawsuit.
The lawsuit centered on the following allegations. Eagle worked for Edcomm in an executive position. When she was terminated, Edcomm took over Eagle’s account by using her username and password, replacing her picture with that of another employee, but leaving Eagle’s honors, awards, recommendations and connections. Eagle claimed she was wrongfully locked out of the account and that Edcomm hijacked her her identity and invaded her privacy.
Eagle admitted that she created and used her account to promote Edcomm’s banking education services; foster her reputation as a businesswoman; reconnect with family, friends, and colleagues; and build social and professional relationships. While she was employed with Edcomm, she admitted another employee assisted Eagle in maintaining her LinkedIn account and that employee had access to Dr. Eagle’s password.
Edcomm had a different story. Edcomm encouraged its employees to use LinkedIn. It further urged employees to create LinkedIn profiles, with Edcomm templates, and with Edcomm email addresses. Edcomm, you see, asserted at trial that its policies “claimed ownership” over any LinkedIn account created with an Edcomm email address; that is, the LinkedIn account (and everything contained there) was the property of Edcomm. (We are not privy to that policy so can’t comment on its effectiveness.)
Edcomm claimed that because of this policy, it could “mine” all of the contacts or information in a former employee’s LinkedIn account, so long as Edcomm did not steal that former employee’s identity. Eagle had created her LinkedIn account with an Edcomm email address and used Edcomm resources to maintain and supplement her LinkedIn profile. Finally, Edcomm asserted that when it took over Eagle’s LinkedIn profile, it replaced her picture, her experience, education, etc. and that no one would have been mistaken for that of Eagle’s. Edcomm also later gave Eagle back her account.
I have to admit that Edcomm’s side of the story sounds pretty valid. Yet, Eagle still sued, asserting the following claims: 1) violation of the Computer Fraud and Abuse Act; 2) violation of the Lanham Act; 3) invasion of privacy for misappropriation of identity and publicity; 4) identity theft; 5) conversion; 6) tortious interference with contract; 7) civil conspiracy; and civil aiding and abetting. Edcomm then asserted counterclaims for misappropriation, unfair competition and conversion (of a laptop computer).
In an October 4, 2012, Order, the Court dismissed the Computer Fraud and Abuse and Lanham Act claims, but permitted the state law claims to go to trial. In its post-trial submissions, Edcomm requested that the Court dismiss Eagle’s claims and further requested that the Court award Edcomm $41,000.00 in damages against Eagle. We will see how it turns out.
So from these facts, what could Edcomm have done better and what did Edcomm do right? Here are my takeaways:
- Define (via agreements and policies) the difference between personal and business social media sites. If you want to retain the LinkedIn profile after an employee departs, make sure that employee knows he/she does not own that profile. Edcomm probably could have done a better job with this.
- If you do this, some employees will not choose to create accounts that you can later claim as your own. You may choose instead to do this on an individual basis for certain employees who have a big social media presence – those who are the “face” of your company.
- When in doubt, address the ownership as soon as you learn about a site that might impact both personal and business. Don’t wait until the employee departs the company.
- Insure that you have administrative rights and passwords to all sites designated as “business.” Many lawsuits arise because employees leave and convert the sites for personal use, refusing to return the site or administrative access to the site. Edcomm had the administrative passwords, but there was a question about whether they were entitled to use them (see number 1 above)
- Insure that you have defined (via agreements or policies) that the company not only has the right to access the site, but also owns all site content. That is, you want to preclude an employee’s right to claim ownership to content after the fact (other than clearly personal information, such as name, education, experience, awards, honors, etc.). It is not clear from Edcomm whether this aspect was appropriately defined.
- Know that recent legislative movements may impact the right to access or otherwise demand access to sites that contain both personal and business-related information. (See Emerging Issues in Social Media – The Status of Social Media Password Legislation)
In short, it is always better to clearly define ownership of content and the social media site before a lawsuit is filed. If you have had issues with ownership of your social media sites, we would love to hear your story.