Protecting Social Media Contact Lists as Trade Secrets

Social media contact lists have become an increasingly important part of a business’s customer lists. While courts are still grappling with who legally “owns” the data that the employee acquired on the employer’s dime—such as LinkedIn customer connections or access to a list of Twitter-feed recipients—employers can still take steps to bolster the company’s claim of ownership.

The Uniform Trade Secrets Act adopted by every state but New York and the federal Defend Trade Secrets Act define a trade secret as information that derives its economic value from not being generally known to the public, and is the subject of reasonable efforts to maintain its secrets. Customer lists and contact lists may also be deemed trade secrets if they meet these criteria, but social media contact lists raise unique concerns that employers should consider specifically addressing in their policies and practices.

Therefore, employers who value their social media contact lists as trade secrets may want to consider using employee policies that designate these lists as the employer’s proprietary property, and that require the employees to protect the confidentiality of their content on behalf of the employer.

Here are some potential steps for employers to consider:

Implement a Comprehensive Social Media Policy: Employers should consider implementing a comprehensive social media policy that:

1. requires employees to maintain appropriate privacy settings for all social media accounts used for business (so the account’s contacts are not accessible by others who owe no duty of confidentiality to the employer);
2. instructs employees not to discuss customers and customer preferences (or other potentially confidential information) in social media posts that are accessible by others who owe no duty of confidentiality to the employer;
3. specifies what social media accounts and related data the company owns, while also appropriately addressing that social media technology, accounts and data are fluid; and
4. defines the steps the employee must take upon separation/termination to eliminate customer contact information and data from the employee’s personal accounts and to ensure that the employer has access to the social media lists and related data.

Require Employees to Sign Stand-Alone Agreements: Likewise, employers should consider requiring employees to sign stand-alone confidentiality and non-disclosure agreements whereby the employee acknowledges:

1. the employer’s ownership of social media accounts and related data;
2. the employee’s duty to protect the confidentiality for the employer; and
3. the employee’s obligations upon separation/termination (e.g., give the employer access to the information and refrain from using or disclosing it further).

Control Access to Business Social Media Accounts: Employers should also consider setting up their own social media accounts for business use where possible and making those accounts inaccessible to the employee upon separation/termination. Where applicable, employers may also want to state in the company’s social media policy and agreements above the procedure for employees to transfer access to an account back to the company.

Provide Periodic Trainings and Reminders: The use of periodic trainings and reminders can increase compliance and reduce the need for future litigation to address misappropriation incidents.

Treat Social Media Contacts Akin to Traditional Customer Lists: More generally, employers should consider training employees to view social media contact lists in the same protected light as the employers’ internal customer lists. Maintaining these contact lists in the same secure manner, restricting access on a need-to-know basis, and tracking the company’s investment in building those contact lists may further bolster their protection.

The list above is far from exhaustive, and employers should consult with qualified counsel before implementing and finalizing policies and procedures to protect social media contact lists.