When trade secrets meet Facebook

Is a customer list a trade secret once it's been recreated as a LinkedIn or Facebook account?

By Richard C. Darwin and Erin Welsh

May 22, 2010 07:30 AM ETe

Computerworld - Social networking sites are changing the way people interact, socially and professionally. Sites like Facebook and LinkedIn let people establish relationships and store information on their contacts. When effectively used and managed, these sites can significantly increase the productivity of salespeople and other revenue-generating employees. But the use of these social networking sites by employees to manage their business contacts can also have implications when those employees leave to join a competitor. Client lists and customer databases are frequently alleged to be trade secrets. If an employee has used a client list to build a network of links and/or contacts on Facebook or LinkedIn, does that list lose its trade secret status?

In most states, a trade secret is a form of intellectual property that is governed by statute. In order to prove that a customer list (or anything else) qualifies for trade secret protection, an employer must establish three things: (i) that it is a form of information, e.g., a pattern, compilation, process, formula or the like; (ii) that it provides a competitive business advantage by virtue of the fact that it is not generally known to the public or competitors; and (iii) that the employer has taken reasonable steps to maintain its secrecy.

Many companies believe -- or perhaps just assume -- that their customer or client lists are trade secrets. But all customer lists are not created equal. Courts often find that lists or databases that can be easily recreated from other sources and do not include detailed information regarding client preferences and accounts, and/or that are simply compilations of publicly available information, do not qualify for trade secret protection. A customer list that otherwise qualifies as a trade secret may also lose that protection because the employer fails to take adequate steps to keep it confidential -- for example, by failing to restrict access to it, failure to take steps to market or stamp it as confidential, or failure to restrict the manner in which it is used by employees.

When an employee utilizes a trade secret customer list to create links to customers on LinkedIn or Facebook, a number of issues arise that potentially affect the trade secret status of that list. If the set of links essentially replicates the information on the customer list, and can be viewed by other than the employee's network (or worse, by the public), those links may form the basis of an argument that the list is no longer "secret" at all. If the employer has not implemented a policy restricting use of social networking sites by employees, it may face an argument that it has failed to take steps "reasonable under the circumstances" to maintain the secrecy of its customer lists. And given the fact that each link between an employee and a customer on these social networking sites represents a mutual agreement to share their information (links cannot be established without the consent of both parties), they raise the more fundamental question of whether an employer can or should be permitted to use trade secret law to control -- much less "own" -- a relationship between two people.

The law on these issues is not well developed, and it looks like employers -- and the courts -- will likely be struggling with them for a long time. While these issues play out, employers would be well advised to assess the use of social networking sites by their employees, in particular, those who have access to and/or use their customer lists. Employers should also consider the extent to which those customer lists may be compromised as a result of the use of social networking sites, and whether that risk outweighs the benefits of allowing their sales personnel and business developers to use these powerful networking tools. Finally, employers would be wise to consult with counsel and consider possible changes to the company's policies and procedures relating to the use of internet sites, and social networking sites in particular, to protect against the unauthorized disclosure and use of proprietary customer information.