UK: Social Media - Opportunities And Pitfalls For Law Firms And Businesses

Introduction

Social media has revolutionised the way many businesses work, including the organisation of client contacts and other communications. As the use of sites such as "LinkedIn" ( www.linkedin.com) becomes more widespread, employers may find it harder to control their client lists and ultimately to protect their business from departing employees set on poaching clients. In a recent study in the US, six out of ten employees admitted that they had taken company data (such as client lists) on their departure.

Many employers actively encourage their employees to use sites like LinkedIn. On LinkedIn, members connect with each other and can share lists of their connections on their profile page. LinkedIn results in employees posting lists of clients and prospective clients in a public domain. In businesses where client confidentiality is key (for example in the legal profession) this is clearly problematic. When an employee leaves his employment, he can quickly update the website to show that he has moved and inform all of his contacts that he has done so. This obviously makes it much easier for employees to attempt to poach clients following the termination of their employment, so to what extent can employers protect themselves?

Confidentiality obligations

An employer may be able to argue that its client list is confidential and that the employee has misused or disclosed this, in breach of their express or implied duties under their contract of employment.

In Hays Specialist Recruitment v Ions (2008), Hays applied for an order for pre-action disclosure against a former employee, Ions, to establish whether he had migrated details of business contacts from the Hays client list to LinkedIn. Ions argued that Hays encouraged him to use LinkedIn so it had, in effect, consented to this migration. The High Court held that Hays had reasonable grounds for considering that it might have a claim against Ions in relation to the transfer of confidential information to his LinkedIn account and it ordered pre-action disclosure against Ions. It is unclear how the matter progressed as no further hearings have been reported (suggesting the parties may have settled the matter). However the court was willing to entertain the possibility that Ions had potentially misused Hays' confidential information by migrating details from the database onto LinkedIn.

If the contacts are only located on LinkedIn and have not been migrated from a confidential database, it is difficult to see how an employer could argue that they are confidential, given that when a connection is made with another contact on LinkedIn, that individual can view the employee's full list of connections. In a situation like this, it may be easier for an employer to rely on some of the other remedies/protections set out below.

Database Rights

The client list may amount to a "database" under the Copyright and Rights in Database Regulations 1997. However a database right only arises if there has been "a substantial investment in obtaining verifying or presenting the contents of the database".

In the case of the British Horse Racing Board Limited v William Hill Organisation (2005) the European Court of Justice held that a database containing the times, dates and locations of horse races together with a list of runners and riders and gate numbers for each race did not require sufficient investment by the British Horse Racing Board to be afforded protection under the regulations.

It is therefore questionable whether adding individual contacts to, say, Outlook or LinkedIn over a period of time will be sufficient.

In Pennwell Publishing (UK) Limited v Ornstein (2007), Ornstein was a trade journalist who, when he joined Pennwell, had his own Excel spread sheet containing contacts from his previous employment. He added these contacts to Pennwell's Outlook list and did not maintain any separate list. On his departure, the question was whether Pennwell owned the list and could prevent him from taking it elsewhere. The High Court held that when Ornstein put his own list of contacts into Pennwell's Outlook list, he had created a new database which belonged to the employer; therefore he could not take his contacts with him. If he had maintained a separate list of pre-existing contacts on his own computer he would have been able to take these contacts.

However, Ornstein did not try to argue that the contacts in Outlook were not a "database" under the Regulations. A different outcome may have resulted if such an argument had been put forward, given that there may not have been a "substantial investment" in the creation of the Outlook list.

IT policy

In the Pennwell case, the Judge recommended that employers should put in place an E-mail/IT policy requiring employees to keep any personal contacts separate from their business contacts within Outlook.

Certainly, a comprehensive IT policy which incorporates policies on the use of email contacts lists and LinkedIn/similar sites is a useful tool. The employer could also consider going through lists of contacts on, for example, LinkedIn on termination and requiring the employee to delete any contacts which are client contacts. There is a question as to the employee's right to privacy here, particularly if they have private contacts to whom they are connected on LinkedIn, as well as client contacts. Also, it is doubtful how effective this would be, as it is very easy for the employee to reconnect with the client contact shortly afterwards.

Restrictive covenants

For this reason, where a business genuinely requires protection from ex-employees on termination, the best solution for employers may well be to include a non-dealing restrictive covenant in the employee's contract of employment. This would prevent the employee from having any dealings whatsoever with a client for a period following termination, including for example making connections with them on LinkedIn and attempting to solicit business from them. It would also prevent them from speaking to a client if the client contacted them unsolicited.

Legal/Contractual issues

Cloud-computing arrangements raise a variety of legal and contractual issues. Many of these are not specific to cloud-computing arrangements but apply more generally to many types of technology services agreements.

As with all restrictive covenants, the remedy for breach is for the employer to obtain an injunction for specific performance. In order to do so, the employer must be able to show that the covenant goes no further than is necessary to protect the company's legitimate business interests. The duration and scope of the covenant are relevant in determining this and should therefore vary depending on the seniority of the employee, the nature and location of their role, the lead time for new business and how quickly a client contact will go "stale".

Employers should seriously consider a forensic investigation of its IT systems where wrongdoing is suspected. In addition, the employer may be able to obtain an order for a pre-action disclosure, delivery of documents or for inspection of computers (including the employee's home computer) in order to gather evidence of the wrongdoing.

Whilst technology and social media are making it easier for employees to walk away with client lists and other confidential information it is also becoming easier for employers to detect such actions by employees. Using a combination of the protections and remedies set out above should protect employers but given the pace of development of technology and social media it is important to keep policies and practices under review.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.