Who really owns an employee’s Linkedin contacts? Web Security

Posted by Geraldine Hunt on Wed, Mar 12th, 2014

The popularity of Linkedin highlights how important having an internet and social media usage policy in place is. Millions of us use the professional network LinkedIn as both a sales, marketing and database tool. Some have a few contacts, while others have hundreds. The ownership of these contacts has been the subject of much legal debate. With nearly a billion people worldwide using some type of social networking site, many SMBs have now adopted social networking strategies as part of their overall marketing infrastructure truly embracing social networking applications as a genuinely effective business tool to engage directly with customers, releasing news, marketing products or simply as a way of raising a profile and ultimately to increase business performance. 

However social networking presents challenges for both individuals and companies.  As business embraces social networking as a way to propagate messages and build their brands the line dividing personal and company data is becoming increasingly blurred. In a  previous UK case a recruitment consultant moved confidential contact information to his LinkedIn account whilst employed at Hays Recruitment. The court reported that the consultant had planned to set up his own company in direct competition using the contact database concerned.  He had thought that once the contacts had been invited to connect to him and they had accepted on Linkedin, their contact information ceased to be confidential because it had been seen by all his other contacts. The High Court judgement required the handing over of business contacts built up on his personal page of the social networking site LinkedIn. This decision was one of the first to highlight the tension between businesses encouraging employees to use social networking websites for work but then claiming that the contacts and content remain confidential information at the end of their employment.   

More recently the issue came before the UK high court in July 2013 in the case of Whitmar Publications Limited v Gamage.  Whitmar sought an injunction against ex-employees who used the company's LinkedIn group contacts to market the launch of a rival business. While employed at the company one of the employees had maintained this group on behalf of the company. The court granted an injunction preventing the employees using the company's contacts, saying this was a misuse of "confidential information" and a breach of the implied duty of good faith.

These cases highlight the need for organizations to have clear social media policies in place 

It is also worth noting that, in 2012, an employment tribunal case, Flexman v BG Group, raised an altogether different issue related to an employee’s use of LinkedIn: can an employee in the UK be dismissed for using LinkedIn to search for job opportunities?  In the first case of its kind, the tribunal ruled that John Flexman, an HR manager at BG Group, had been constructively dismissed following a dispute concerning his LinkedIn account.  BG Group had claimed that Flexman breached its social media policies by uploading his CV to LinkedIn and ticking the “career opportunities” box on his LinkedIn profile.  It also accused Flexman of breaching confidentiality by stating on his CV that he was assisting the company in reducing its “attrition rate.”  

As a result, the company had ordered Flexman to remove any mention of BG Group from Flexman’s LinkedIn profile, other than his job titles and the dates he had worked there.  Flexman refused and demanded to know the source of the complaint.  After a dispute arose, Flexman faced an internal disciplinary hearing, with risk of dismissal, and Flexman eventually resigned and claimed constructive dismissal.  The tribunal upheld Flexman’s claim of constructive dismissal due to unacceptable delays in the company’s dealing of the case and the company’s failure to address a grievance related to the incident.  Unfortunately, the tribunal did not specifically address whether merely uploading a CV and ticking the career opportunities box was, indeed, a disciplinary matter.

So, do Linkedin contacts created during employment amount to confidential information?

The law states that general contact details available from the public domain does not constitute confidential information, but private contact information gained during your employment is a different matter. It has been held that direct dial telephone numbers and email addresses stored on your work IT equipment can be classified as confidential information, and as such is owned by the employer. The big difference with LinkedIn is that ownership of the account is personal to the account holder and the data is stored on LinkedIn servers, not that of your employer's. Other court rulings consider points like if the contacts are in the name of your personal Linkedin account or a group maintained on behalf of the employer.

The law in this area is still very grey and enforcement is tricky for an employer, especially where there is a mix of personal and private contacts on one account, and where you have private log-in details. All of these cases highlight the need for organizations to have clear social media policies in place to specify not alone internet and social media usage guidelines to protect email and web security  but also what belongs to whom on LinkedIn and other social media platforms. It’s key for employees to understand what is expected of them when using business-related social media accounts. This LinkedIn issue is only the tip of the iceberg with regards to the Internet and legal issues - the next 20 years is going to be very interesting!