Lawsuit Over Ownership of Former Employee’s Twitter Followers Settled: PhoneDog v. Kravitz

If you have been in any of the seminars where I have presented on social media law, you have heard me say “an ounce of prevention is cheaper than the first day of litigation.” Right? Well it is true, and the context in which I said that is in reference to the lawsuit PhoneDog v. Kravitz that, according to Mashable, has now settled. I discussed this lawsuit in more detail HERE if you  would like to know more. The terms of the settlement were not disclosed but, quite frankly, anyone who understands the price of litigation knows that both parties lost in the end. That is why the takeaway is so important:

THE TAKEAWAY: Every company needs a contractual agreement that clearly states who owns social media accounts used on behalf of the company. It is that simple. Such an agreement can usually be included in an employee handbook, employment policies, or a social media policy. The cost of such an agreement will likely be cheaper than the very first day of litigation if a dispute arises over that issue.

Kravitz himself summed this up quite nicely: “If anything good has come of this, I hope it’s that other employers and employees can recognize the importance of social media … good contracts and specific work agreements are important, and the responsibility for constructing them lies with both parties.”

Federal Court in New York Refuses Service Via Facebook

UPDATE: See the recent discussion of the new Texas proposal here and join in the discussion over this idea: Texas Bill Proposes Allowing Substituted Service via Social Media – What Do You Think?

In a recent opinion a United States District Court in New York refused to allow the defendant to be served via Facebook, instead reasoning that the local papers were the most likely means of apprising the defendant of the lawsuit. The legal standard is that the method of service must be reasonably calculated to apprise the defendant of the pending lawsuit. The defendant is a transient young woman who was being sued for fraudulently running up credit card charges on her mother’s accounts, she had no regular place of residence but did have a Facebook profile with her picture on it. Do you believe she would be more likely to learn about this lawsuit through the local news papers or Facebook? What if it were you?

The Court gave further explanation of its reasoning and distinguished cases of email service as follows:

Service by Facebook is unorthodox to say the least, and this Court is unaware of any other court that has authorized such service. Furthermore, in those cases where service by email has been judicially approved, the movant supplied the Court with some facts indicating that the person to be served would be likely to receive the summons and complaintat the given email address. Philip Morris USA Inc. v. Veles Ltd., No. 06 Civ.2988, 2007 WL 725412, at *3 (S.D.N.Y. Mar. 12, 2007) (denying motion to dismiss for improper service where the court authorized service by email and fax because “Plaintiff showed that defendants conduct business extensively, if not exclusively, through their Internet websites and correspond regularly with customers via email. Furthermore, defendants do not disclose their physical addresses or location of incorporation. Through its investigation, plaintiff has shown that email and fax correspondence are likely to reach defendants”).

You can read more about this in the actual opinion and in the following story: Judge says bank can’t use Facebook to reach defendant — try local paper instead

How Do You Violate the Computer Fraud and Abuse Act? SunPower Lawsuit Shows How!

A new lawsuit has been filed by SunPower against 5 former employees and it’s rival SolarCity alleging violations of the Computer Fraud and Abuse Act. This is a good one to look at if you want to see how to violate the CFAA with style — especially if you are an soon-to-be-departing employee and you don’t want there to be any doubt until the 9th Circuit resolves the access issues in US v. Nosal.

You’re following me on this, right? Ok, good, let’s have a little test to see: do you know which of these two tidbits of factual information I am talking about that is so important, (a), (b), or both?

(a) “Leyden connected at least three personal USB storage devices, commonly known as flash drives, to SunPower’s internal computer network and downloaded thousands of sensitive sales files and documents in clear violation of the company’s internal guidelines, said SunPower, which said it conducted a forensic analysis of its computer systems before filing the lawsuit.”

“”The forensic evidence indicated that Leyden copied at least thousands of files containing SunPower confidential information and non-confidential proprietary information to these devices,” said the complaint. “These files included hundreds of quotes, proposals, and contracts, as well as files containing market analysis, forecast analysis and business analysis.””

“Leyden also accessed highly confidential data from SunPower’s SalesForce database, according to the lawsuit, including information on major commercial customers who accounted for more than $100 million in sales in 2011.”

OR

(b) “Aguayo, who joined SunPower in 2005, had accessed his company e-mail account after Nov. 1, his last day of employment. It said it than discovered that Aguayo had forwarded several e-mails containing customer information, price lists and market reports to his personal e-mail address in mid-November.”

Lets hear it, what is your answer?

Now, to give credit where credit is due, I first read about this in a nicely done article by Dana Hull (@danahull) from which the above quotes were taken: SunPower sues five former employees and rival SolarCity for data theft and computer fraud. Ms. Hull was kind enough to include a copy of the Complaint in her article so give her a shout-out and tell her thank you for making it a little easier for you to get a hold of this fun reading!

Data Breach and Privacy Lawsuits Must Have Real Damages to Succeed

People always want to tell me a little blurb about something that has happened to them and then ask me, the lawyer, the inevitable question: “can I sue?”

My answer is always the same: “of course you can sue!” You can always sue — but that doesn’t mean you will win.

One key element that (nearly) all civil lawsuits must have to be successful is that there be legitimate damages. As I have written about previously, there must be some actual ascertainable harm that constitutes damages in order to have a valid privacy or Computer Fraud and Abuse Act claim. This is a very well settled principal of law.

This principle holds true for data breach claims as well. In the recent case Reilly v. Ceridian, the Third Circuit held that lawsuits for data breach require something more than speculation of what harm might occur — they require proof that some actual ascertainable harm has occurred — that there are damages. In the words of the court,

In this increasingly digitized world, a number of courts have had occasion to decide whether the “risk of future harm” posed by data security breaches confers standing on persons whose information may have been accessed. Most courts have held that such plaintiffs lack standing because the harm is too speculative. See Amburgy v. Express Scripts, Inc., 671 F. Supp. 2d 1046, 1051-1053 (E.D. Mo. 2009); see also Key v. DSW Inc., 454 F. Supp. 2d 684, 690 (S.D. Ohio 2006). We agree with the holdings in those cases. Here, no evidence suggests that the data has been—or will ever be—misused. The present test is actuality, not hypothetical speculations concerning the possibility of future injury. Appellants’ allegations of an increased risk of identity theft resulting from a security breach are therefore insufficient to secure standing. See Whitmore, 495 U.S. at 158 (“[A]llegations of possible future injury do not satisfy the requirements of Art. III.”).

So, we all know that violating privacy rights and hacking others’ computers and data is wrong and, if it happens to you, you too will want to know what rights you have. So don’t ask whether you can sue – ask the better question: whether you can win. A big factor in determining whether you can is whether you have some actual damages.

Your business needs a social media policy and this is why.

It is foolish to not have one. Having a social media policy is like having a Will for your businesses’ branding and marketing efforts and the cost of getting that policy will likely be less than the bill for the first day in litigation if you do not!

Social media is the next big thing when it comes to branding and marketing your business. Actually, it is already here. This has been one of the biggest news stories of 2011 and it is not going away anytime soon.  I am a believer. I love it and I encourage all of my clients to find ways to implement it in their businesses. It is free to sign up and free to use (for the most part) with only time and effort being the primary investment. Businesses usually have their social media being managed by employees, independent contractors, or outside “experts”. The key to success with social media is to have many “connections” with others and develop relationships with them. But, who really owns those connections and relationships?

That is a good question–do you really know who owns your businesses’ social media connections and relationships?

This is a question that has been brought to the forefront because of the recent lawsuit PhoneDog v. Kravitz that is pending in federal court in the Northern District of California.

The essence of this case is pretty simple: PhoneDog used social media such as Twitter, Facebook and YouTube to promote its services and Kravitz worked for PhoneDog as a product reviewer and video blogger and, in conjunction with the duties of his job, Kravitz used a Twitter account with the handle of @PhoneDog_Noah that had approximately 17,000 followers (wow, @shawnetuma only has 1,130 if you’d like help me out). As always seems to be the case in today’s ever changing job market, Kravitz resigned from PhoneDog and PhoneDog asked him to turn over the Twitter account but, instead, he simply changed the handle to @noahkravitz which now has over 24,000 followers and, for its bio says “People are not property. Love over gold.” (it’s ok, I followed him also)

PhoneDog sued Kravitz and Kravitz filed a Motion to Dismiss which is a long and costly way of saying “judge, they have no case so please throw it out.” The court, however, did not see it so clearly and in its Order on Defendant’s Motion to Dismiss allowed PhoneDog to go forward with the key claims of misappropriation of trade secrets and conversion. That does not mean it will be an easy battle for PhoneDog or that it will ultimately prevail. In fact, based on traditional principles of trade secret law I have a feeling it will not, and have previously written about these issues in other blog posts that I would encourage you to read:

Are LinkedIn Contacts Trade Secrets?

LinkedIn: think before you sync!

The issue is not, however, whether PhoneDog will win. The real issue is why is it even having to fight? Let’s assume for the sake of argument that it does win. At what cost will that victory come and, at that cost, will it truly be a victory?

How much will it cost your business to win?

Take a look at the 10 page Complaint in PhoneDog v. Kravitz and take a guess at what it cost in legal fees alone just to prepare and file it. Add to that a $350 filing fee, costs for service of process, and lots and lots of your time and your attorneys’ time which costs lots of money. But, you’re not done yet–not by a long shot. Filing the lawsuit is just the beginning. Go here and take a look at the Docket Sheet for PhoneDog v. Kravitz; they have been fighting over this since July, have addressed over 30 documents filed in the record of the case, and are still not past the initial stages of the lawsuit. Do you want to take a guess at how many thousands of dollars PhoneDog (and Kravitz) have spent so far?

Let me stop here and make something clear. I love being a trial lawyer and I love trying cases. I love technology and technology related cases. There is nothing I would enjoy more than being the attorney handling a case like this. Moreover, I would love for someone to pay me a lot of money to do it! Do you have an interest in having a part of how this body of social media law develops? Would you like to sponsor my efforts to shape it? If so, let’s get rolling!

If your interest, however, is focused on the financial strength of your business and not on shaping the future of social media law, this is probably not a wise use of resources. But if you do not have a policy addressing these issues, it is likely that you could end up doing exactly that though not by choice.

“An ounce of prevention is worth a pound of cure”

That old saying could not be more true than when it comes to having a social media policy for your business. All of the issues that are being litigated in PhoneDog could have been addressed and agreed to from the very beginning in a written social media policy, along with a host of other issues that arise concerning the use of social media. What is even better is that the cost of obtaining such a policy will probably be less than what it would cost for just the first day of litigation! It really is a wise investment for your business and all you have to do to get started is just give me a call. But, …

If you don’t want to do that, then give me a call anyway and we can start planning our litigation strategy — this is going to be fun!