The prolific growth in the use of social media has resulted in an increasing tension between employers and employees over social media account ownership. The crux of the issue is that employers are encouraging their employees to use social networking websites, whilst trying to claim that the contacts should remain confidential at the end of their employment. This gives rise to serious questions as to the boundaries to be drawn between an employee's personal/professional networking and their employer's ownership of their endeavours. Social media account ownership is complicated by many factors –
- who created the account;
- whether the creation was prior to employment; and
- if the name includes the employer logo/brand, whether the account use was primarily professional or personal etc.
There is rarely a clear cut answer, unless an agreement in writing is drafted in advance on what will happen to a specific account when the employee moves on.
In the recent Data Protection Commissioner's (DPC) Report for 2013, the question of who owns contact information made by employees during the course of their employment was identified as an issue.
Case Study 15: Client list taken by ex-employee to new employer
The DPC investigated a complaint from an individual in relation to receipt of unsolicited correspondence to her home address, from a company with whom she had no business relationship. The correspondence referred to the individual's pension plan with another company and offered a review of her existing assets or advice concerning her future provision. It also indicated an intention to telephone the recipient to discuss the matter further. The individual contacted the company with whom she had set up her pension plan, and they confirmed that the person who had sent the letter had left their employment. Upon investigation, the DPC discovered that the ex-employee had written to 50 former contacts.
The new employer informed the DPC that any such data the employee possessed would be destroyed and no further attempts would be made to contact those individuals. However, the employee was subsequently discovered to have written to further contacts. As a result, the DPC carried out a site inspection of the new employer's premises (informing the employer of the inspection only on the morning of the inspection). The matter was resolved amicably when the MD of the company confirmed he personally oversaw the destruction of the data held by the employee. The DPC noted that there has been a significant increase in the number of data security breach notifications in relation to this type of matter.
In the absence of any Irish authority on the point, the most useful case is a UK case Hays Specialist Recruitment (Holdings) Limited v Ions  EWHC 745 (Ch) in which Hays (the plaintiff) alleged that the employee used his LinkedIn network to approach clients for his own rival agency, which he set up a few weeks before leaving them. The plaintiff argued that the contacts were confidential information of the company and that the former employee (Ions) had breached the terms of his employment contract by using this information for business purposes. The defence was that Hays encouraged employees to use the site, so once these contacts were in the public domain they were free for him to use. The High Court did not agree and the defendant was ordered to disclose all documents, including invoices and emails, that showed any use of his LinkedIn contacts by him and any business obtained from them.
It is clear from the above cases that if an employer actively encourages or allow employees to use social media as a mechanism to store or build up their business contacts, they must ensure they have control over how this information will be used if the employee ceases to work for them. If the site is primarily for business purposes the employer will have a stronger case in arguing ownership of it.
Employers need to ensure they make clear at the outset its approach to social media issues and the starting point for any protection is the implementation of clear well drafted social media policy which, amongst other items should deal with the following:
- A clear statement that the employer owns the account and the employee does not;
- A policy that employees store log-in details in a location accessible by the company;
- Clear guidelines as to who is authorized to change the name of the account, usernames and password; and
- Appropriate restrictive covenants covering the cessation of the working relationship bearing in mind that any restrictive covenant should not go any further than is necessary to protect the legitimate interests of the business.
Employers that fail to address the issue of social media ownership issues at the outset of the employment relationship may find themselves facing expensive legal battles over social media account ownership and lose a substantial number of clients, potentially causing irreparable damage to their brand and their business.