Tag Archives: social media accounts

Illinois Poised to Ban Employer Access to Social Media Passwords

Readers of this blog know how much I love the topic of employers requesting social media (particularly Facebook) passwords from employees and candidates. But it seems to be the topic de jure, so I guess I have some obligation to keep myself up to date on the recent developments. I’ve previously written about several other states who are working on legislation to ban this practice. As far as I know, Maryland is the only state that has enacted a law. But it looks like Illinois is poised to do the same:

It is now up to Illinois Gov. Pat Quinn to decide whether to sign into law a bill that protects employees and job seekers from having to provide their social media passwords to current or prospective employers.

[Via the Chicago Tribune]

While it is unclear whether our good friend Bradley Shear (@bradleyshear) participated in drafting this legislation (as he did with Maryland’s law and SNOPA, which is based largely on Maryland’s law), he does provide some insight in the article. And I wouldn’t be surprised if Illinois’s law is based on Brad’s prior work. Regardless of Shear’s involvement, he is certainly on the front-lines of this fight. And, as I’ve said before, good on him for it.

Once again, if you’re doing this (requiring passwords) now, go ahead and stop (voluntarily–or if you’re in Maryland, because it’s the law, and if you’re in Illinois or California, because it is going to be the law). One way or the other, you will not be allowed to keep or continue this practice.

SNOPA – The United States and California Seek to Prevent Employers from Requiring Social Media Passwords

A new bill introduced in the United States House of Representatives would make it illegal for employers to require applicants and employees to turn over their social media passwords. The bill, styled: Social Networking Online Protection Act (SNOPA), would also would prohibit employers from demanding such access and from disciplining, discriminating against or denying employment to individuals for refusing to volunteer this information. (Be sure to read the comments from Brad Shear below; he points out that one of the major focuses of SNOPA is to protect college and university students, particularly student-athletes.)

In a similar vein, California continues to push forward with its plan to join Maryland with state legislation banning these types of practices by employers. California’s bill has passed committees in both the House and the Senate. A similar bill is pending in Washington.

As I have said all along, this was not a matter of if, but a matter of when:

And my favorite tweet of all:

You win Maryland, California, Washington, and Washington D.C.! I relent. You’ve earned your post on my blog. Well done.

Collecting passwords from potential or existing employees is a bad idea. Reviewing potential or existing employees’ public social media feeds, however, in many instances is a good idea. Just be sure you are aware of the concerns, such as union activity, and potential, albeit fairly small, potential for a discrimination claim to pop up down the road.

If you’re doing this (requiring passwords) now, go ahead and stop (voluntarily–or if you’re in Maryland, because it’s the law). One way or the other, you will not be allowed to keep or continue this practice.

Comments from Brad Shear:

Many of you are probably aware of Brad Shear and his excellent social media blog: Shear on Social Media. After I posted this SNOPA article, Brad reached out to me to explain some additional, significant aspects of the bill. In Brad’s words:

I worked with Rep. Engel’s office on the legislation and it is based off of my MD legislation that was recently passed and is awaiting the governor’s signature. Its focus is on password protected digital content. It has nothing to do with Google searches of employees and reviewing information based upon a Google search. I believe that businesses should treat digital content the same way as “real world” content. If it is not proper to ask to see an employee’s personal mail then it is not proper to see an employee’s personal email accessed on their personal iPhone, computer, etc…. In addition, employers do not want to create new legal duties to monitor in the digital world if the equivalent activity is not required to be monitored in the “real world”.

While there are only a handful of documented examples of employers demanding access to password protected content across the country, there are thousands of college students (mostly student-athletes) that are being forced to turn over their password protected digital/social media account information to their schools and/or third parties such as www.udiligence.com, www.varsitymonitor.com, and www.centrixsocial.com. The profiles these companies are compiling on college students are very troubling and these companies are trying to pitch their services to businesses so prospective job applicants and current employees are required to have their password protected digital/social media content screened (like a drug test). Therefore, if SNOPA or similar legislation (that protects all the groups that SNOPA protects) that stops these practices is not enacted, our children will grow up in a much different world with a toothless 1st amendment.

Thanks for the additional insight and commentary Brad. Keep up the good work. I encourage all of my readers to review SNOPA in order to understand its purpose and its reach.


Who Owns Your LinkedIn Account? Before PhoneDog, there was Eagle v. Edcomm.

I recently wrote about Who Owns Your Twitter Account (based on the now infamous PhoneDog case). But there is another case out there to consider when evaluating ownership of social media accounts:  Eagle v. Morgan, et al., Civil Action No. 11-4303 (E.D.Pa. December 22, 2011) (“Edcomm“). The facts, for purposes of this post, are fairly straightforward.

Plaintiff, Linda Eagle, founded Edcomm, Inc., in 1987 to provide financial services and training. “In 2008, Dr. Eagle established an account on LinkedIn, which is a professional network on the Internet.” Eagle subsequently sold Edcomm and was involuntarily terminated. The new owners of Edcomm, knowing the password to Eagle’s LinkedIn account, logged in and changed the password (so Eagle could not access it). The new Edcomm owners altered Eagle’s LinkedIn account so that:

individuals searching for Dr. Eagle were routed to a LinkedIn page featuring Ms. Morgan’s [Interim CEO] name and photograph, but Dr. Eagle’s honors and awards, recommendations, and connections.

Of course, within three weeks, Eagle was able to regain control of her LinkedIn account, which creates the controversy we are interested in discussing: does Eagle or Edcomm own the account?

A little more procedural history: Edcomm, apparently unhappy with the deal, subsequently brought suit claiming securities fraud, fraudulent inducement, common law fraud, breach of contract, breach of the covenant of good faith and fair dealing, and other common law claims and demands for injunctions, declaratory relief, and indemnification. Eagle fired back with her own suit alleging 11 different causes of action:

(1) violation of the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030(a)(2)(C); (2) violation of the CFAA, 18 U.S.C. § 1030(a)(5)(C); (3) violation of Section 43(a) of the Lanham Act, 15 U.S.C. § 1125(a)(1)(A); (4) unauthorized use of name in violation of 42 Pa.C.S. § 8316; (5) invasion of privacy by misappropriation of identity; (6) misappropriation of publicity; (7) identity theft under 42 Pa.C.S. § 8315; (8) conversion; (9) tortious interference with contract; (10) civil conspiracy; and (11) civil aiding and abetting.

As expected, Edcomm counterclaimed. Significantly, the counterclaim alleged that while under Eagle’s management, Edcomm implemented a policy requiring Edcomm’s employees to create and maintain LinkedIn accounts. These employees were required to: (a) utilize their Edcomm email address for LinkedIn accounts; (b) utilize a specific form template, created and approved by Edcomm, for their description of Edcomm, work history, and professional activities, as well as photographs taken by a professional photographer hired by Edcomm; (c) contain links to Edcomm’s website on LinkedIn accounts and the Banker’s Academy webpage, as well as Edcomm’s telephone number; and (d) utilize Edcomm’s template for replying to individuals through LinkedIn.

More significantly:

According to the Counterclaim, for all departing employees, Edcomm, at the direction of management, requested and retrieved Edcomm-related LinkedIn connections and content from the departing employees’ accounts.

Edcomm alleged Eagle misappropriated the LinkedIn account when she regained access and control and refused to return it to Edcomm. Eagle moved to dismiss  but the trial court refused to dismiss Edcomm’s claim that Eagle had misappropriated the LinkedIn account by re-taking possession of it. Bound by the allegations of the counterclaim, the court recognized:

Edcomm argues that it was the rightful owner of Edcomm’s number and the LinkedIn account connections. Edcomm prepared and distribution marketing materials containing its number, and Edcomm’s personnel developed, maintained, and furthered the LinkedIn Account for Edcomm’s sole benefit and use. Although Dr. Eagle knew of Edcomm’s proprietary interest in these items, she nonetheless misappropriated both Edcomm’s telephone number and her LinkedIn account connections for her own use.

The court concluded that, under Pennsylvania common law, Edcomm had, at a minimum, stated a claim for misappropriation of an idea:

The Counterclaim Complaint expressly alleges that, with respect to the LinkedIn account connections and content, “Edcomm personnel, not Dr. Eagle, developed and maintained all connections and much of the content on the LinkedIn Account, actions that were taken solely at Edcomm’s expense and exclusively for its own benefit.” While Plaintiff argues that Edcomm fails to allege facts that would show that it made a substantial investment of time, effort, and money into creating the cell phone number or LinkedIn account, Edcomm counters that its employees developed the accounts and maintained the connections, which are the route through which Edcomm contacts instructors and specific personnel within its clients. As these conflicting allegations create an issue of fact requiring further discovery, the Court must deny the Motion for Judgment on the Pleadings as to the misappropriation counterclaim.

(Emphasis added). Note that this was a ruling on a motion to dismiss and not a ruling on the merits. In allowing Edcomm’s “misappropriation of ideas” claim to proceed, the trial court acknowledged that Edcomm sufficiently alleged it had made a substantial investment of time, effort and money into developing Eagle’s LinkedIn account and thus that it was wrong for Eagle to then access and take the account away from the company after her termination.

Why you care: Ultimately, the court held that Eagle’s LinkedIn account may not belong to her even though it is her name that appears on the account. This is an interesting development, particularly given the difference between “individual” and “business / entity” accounts on LinkedIn. Can a company legally claim an individual’s LinkedIn account if that account was created solely for transacting and developing company business? This case may be the first in deciding that issue (although, as stated above, at this stage, no decisions on the merits have been made.

Disclaimer: As recognized by other commentators, this decision may raise more questions than it actually answers:

Thus, it seems that under the right circumstances, a LinkedIn account may not actually belong to the individual whose name appears on the account’s home page, and whose professional history and accomplishments are detailed in the account’s profile. This is an interesting development, but one that may not withstand further scrutiny, given the Court’s acceptance, without much discussion, of the notion that a LinkedIn account is a “novel” idea worthy of protection. The viability of this decision may also be impacted by the LinkedIn user agreement, which states that the “user” is the owner of the account. The Court did not address this fact in its decision, and in this case, if the company’s allegations prove to be true, the company may well be deemed to be the account “user.”


The facts of the case are interesting and quite specific. If this sounds like an issue that interests you, I definitely recommend you read the entire opinion. I have provided a courtesy copy [here].

I will use this as an opportunity to again point out the importance of social media policies. My guess is that, in determining that the account may belong to Edcomm, the court gave strong consideration to the fact that Edcomm had a policy of requiring employees to: (a) utilize their Edcomm email address for LinkedIn accounts; (b) utilize a specific form template, created and approved by Edcomm, for their description of Edcomm, work history, and professional activities, as well as photographs taken by a professional photographer hired by Edcomm; (c) contain links to Edcomm’s website on LinkedIn accounts and the Banker’s Academy webpage, as well as Edcomm’s telephone number; and (d) utilize Edcomm’s template for replying to individuals through LinkedIn. Add the fact that Edcomm required departing employees to “return” Edcomm-related “LinkedIn connections and content from the departing employees’ accounts,” and you start to see why a court might see the account as a company asset as opposed to an individual asset.

As I have advised in previous posts, social media policies need to be well thought out and clear. With Edcomm and PhoneDog behind us, my advice remains the same. Employers concerned about maintaining ownership of social media accounts should establish policies stating:

  • that the business owns the account;
  • that the employee has no right to use the account after termination of employment;
  • that the employee must turn over the account upon termination of employment; and
  • that only the employer is allowed to change account names and settings.

It will be interesting to follow these cases as they progress through the courts.