Understand Your Company’s Social Media Policy – Protect Your Accounts

It’s been a couple weeks since our last blog post. Sorry we’ve been slacking. This thing called “legal work” keeps getting in the way of our blogging time.  If anyone knows of a freelance legal blog writer who refuses to be paid and won’t come after us for wage and hour issues, that would be super….and in violation multiple laws.  But, we digress….

In our last post we told you about the importance of a company’s social media policy clarifying the Facebook or Twitter account owner. We mentioned the still-pending PhoneDog v. Kravitz case over a Twitter account. Today, we want to go into more detail about Eagle v. Morgan, a legal case involving the social media website, Linkedin, and connections created by Dr. Linda Eagle. Learn from this case and protect social media accounts that you may use at or for work.

Linkedin Legal Battle – Eagle v. Morgan

To summarize, Dr. Linda Eagle was a co-founder of Edcomm, Inc., which provides financial services.  In 2008, Dr. Eagle created a LinkedIn account and shared her password with her assistant, Elizabeth Sweeney, who helped maintain Dr. Eagle’s account.  On June 20, 2011, Dr. Eagle was fired.

Edcomm’s Policy on Social Media

While Dr. Eagle was employed as the head of Edcomm, but after she created her Linkedin account, the company instituted a policy requiring their employees to create and maintain LinkedIn accounts using their Edcomm email addresses and a company-created page templates. The accounts were to include:

  1. Headshots taken by a company photographer
  2. A link Edcomm
  3. Edcomm  phone numbers

Typically, Edcomm maintained the Linkedin accounts for the employees. Under the policy, at the end of the employment relationship the company mined company-related LinkedIn connections and information from the departing employee’s account.

After Dr. Eagle was fired, Edcomm changed her LinkedIn password, cutting off access to the account, and changed the name and photo on her account to match her replacement, Sandi Morgan.  By doing so, the company kept all of the connections Dr. Eagle had made since she created her account in 2008.  It also resulted in anyone searching for Dr. Eagle landing on Morgan’s page.

More Case Details

Dr. Eagle sued Edcomm asserting eleven different claims including violation of the Computer Fraud and Abuse Act (“CFAA”).  Dr. Eagle argued that as the result of the Edcomm’s “hacking” of her LinkedIn account, her reputation was damaged and that she lost business opportunities from not being able to respond to messages sent to her through LinkedIn.

The court dismissed Dr. Eagle’s CFAA claim based on its determination that Dr. Eagle had given Edcomm legitimate access to her account by sharing her password with her assistant and allowing the assistant to help maintain her account.

The court further found that Dr. Eagle’s claimed damages, the loss of business opportunities, were too “speculative” to sustain a CFAA claim. The CFAA requires that an individual demonstrate that she was actually harmed by unauthorized access to her computer, and merely claiming that Dr. Eagle had lost out on opportunities was not concrete enough.

The state claims continue forward and it will be interesting to see what comes of that.

The Court Findings in Eagle v. Morgan

In all of this, it is important to note that the court found that Dr. Eagle’s LinkedIn account belonged to the company based on its LinkedIn policy (even though it was implemented after Dr. Eagle created her account) and the fact that Dr. Eagle shared her password with her assistant, who helped maintain the account.

Protect Social Media Accounts at Work

  1. If an employer creates a policy such as that present here, the employer has the right to the account and everything in it, including your connections
  2. If you are an employee and you want to maintain privacy with an account, do not share your password with any of your coworkers
  3. If you must share your password with anyone, for any reason, change it immediately afterward.