In our last post exploring the question of who owns social media, we addressed how employers can use confidentiality, nondisclosure and non-compete agreements to define ownership of a contact database when an employee leaves the company. But what if the employee departs and then argues that the contact information is publicly available, and therefore, the employee can use that information without regard to a confidentiality or nondisclosure agreement?
As litigators, we have often argued that customer lists, contact databases, etc. are confidential and sometimes even trade secret information. In the past, we could demonstrate that the company invested time and resources into developing the list, and that the information was not readily available to the public. For example, in the past it was very difficult to use publicly available information (like the telephone book) to figure out who the key contact people were at an organization. Today, with the Internet and social media, however, this kind of information is much more likely to be publicly available.
The Sasqua case amply demonstrates this point. (Sasqua Group, Inc. v. Courtney, 2010 WL 3613855 (E.D.N.Y. Aug. 2, 2010)). There, Lori Courtney worked as a recruiter for Sasqua Group, an executive search consulting firm specializing in the recruitment of professionals for the financial services industry. When Courtney left, Sasqua sought an injunction to preclude her from misappropriating its trade secrets. According to Sasqua, Courtney had access to its customer database prior to her departure, which contained client contact information, individual candidate profiles, contact hiring preferences, employment backgrounds, descriptions of previous interactions with clients, resumes and other information.
The court decided that although an employer’s customer list can sometimes qualify for trade secret protection, “the exponential proliferation of information made available through full-blown use of the Internet [presents] a different story.” The court noted that client information was readily ascertainable through LinkedIn, Facebook and similar services, sometimes in combination with a simple Google search.
In order to demonstrate this, Courtney’s lawyers put her on the stand during an evidentiary hearing and she showed the court – in real time – how easy it was for her to find contact information using the Web. The Court found that Courtney’s testimony readily established that customer information could be obtained using publicly available information, even by someone with no memory of what was in the client list database.
The court was also influenced by the fact that Sasqua failed to take basic steps to protect the secrecy of information in the databas. Computers were not password protected and employees were not bound by restrictive covenants. Thus, the case underscores our previous two posts on the importance of having agreements with employees and consultants that addresses confidentiality (among many other things) as well as enforceable policies and procedures relating to protection of confidential information (see Who Owns Your Company’s Social Media Profiles, Contacts and Content? and Managing Ownership of Social Media Through Confidentiality, Non-Disclosure and Other Employment Agreements.)
Additionally, this case raises the issue of how companies can best protect information they may later want to assert is confidential. Companies need to evaluate how the company (or its employees) use social media and other emerging technologies. Where is your information going? How much client information are you (or your employees) putting out there? How much control should you exert? Do you have restricted databases, or can anyone access all company information?
The takeaway? If an organization does not take steps to protect its own information, it will be harder for us (in litigation) to seek protection from the Courts. Do your agreements, policies and procedures offer you the protection you need? What do you do to protect information? We welcome your ideas!