Recent weeks have seen a flurry of legislative activity aimed at preventing employers from compelling disclosure of passwords to social networking sites as a condition of hire or of continued employment. However, potentially more troubling for employers are concerns related to post-employment password access to, and use of, non-personal, social media accounts used on the employer’s behalf. As a review of recent case law shows, employers who want to ensure uninterrupted and continual access to company social media accounts and to avoid post-employment disputes over ownership of friends, followers and connections would be well advised to plan ahead.

Employer knowledge of and access to passwords is essential in several contexts. For trade secret purposes, employers should strongly consider requiring the disclosure of passwords to any accounts used in the course of performing employment functions, including those that provide access to social media accounts used on the employer’s behalf. Blogs, Twitter, LinkedIn and remote storage sites such as Dropbox are some more familiar examples. Employers should consider taking steps to maintain the secrecy of passwords and ensure that employees do the same. In PhoneDog v. Kravitz, an on-going dispute over rights to Twitter followers garnered while a blogger worked on behalf of PhoneDog, the district court denied the defendant’s motion to dismiss the company’s misappropriation claims, ruling that the question of whether an account password is a trade secret required evidence outside the pleadings. See also TMX Funding v. Impero Technologies (claim that log-in and password information were trade secrets survived a motion to dismiss). A trade secret analysis will necessarily look at whether the employer kept the password secret, so any scenario where the employer does not know the passwords of its employees could undercut an employer’s claim that an account password known only to the employee is the employer’s trade secret.

The employer’s lack of access to an account password may also be problematic following employee terminations and defections. Employers will want to have and will need to have continued access to blog accounts, Twitter followers and LinkedIn connections that may have been developed at the employer’s expense and for the employer’s use. This continued access is particularly important where a company’s advertising revenues are tied to social media activity.

To the extent there are any developing trends in case law, courts appear reluctant to grant early dismissals of claims or counterclaims as they struggle to sort out new issues raised by relatively unfamiliar technology. Compare Ardis Health, LLC v. Nankivell (court ordered employee to return user names and passwords to social media sites used in her position as Video and Social Media Producer and permitted conversion claims against her to proceed to discovery) with Eagle v. Morgan (locking a terminated employee out of a LinkedIn account may subject an employer to misappropriation claims). In Health and Body Store, LLC v. Justbrand Limited, the first federal appellate case to address the use of social media passwords after termination, the Third Circuit recently held that the district court had abused its discretion in failing to consider whether terminated employees had breached fiduciary duties when the former employees changed a password to deprive their employer of access to websites that the parties had used jointly to conduct a separate Internet business.

Questions as to who “owns” passwords and social media accounts, including friends, followers and connections, and how they may be used are working their way through the courts. However, because technology moves faster than law, prudent employers should consider taking the following steps:

• Require employees to establish business-related accounts using a corporate e-mail address (where an e-mail address is required) and to make the employer the account holder or subscriber;
• Implement policies that protect the employer’s right to know all relevant, business-related passwords at all times and to be informed of any changed passwords;
• Require former employees to relinquish any rights to access accounts that have been used on the employer’s behalf;
• Give the employer the exclusive and unilateral right to change passwords and block access to those accounts upon any change in employment status; and 
• Enter an appropriate agreement with employees and consultants before they begin to engage in social media use on the employer’s behalf or include relevant provisions in Proprietary Invention and Assignment Agreements or other confidentiality and non-disclosure agreements.

Photo credit: robas