According to LinkedIn, over 300 million people use it’s social network to manage their professional identity and engage with business contacts.
For most of us this means connecting with people we have met through our previous and current employment.
However, this practice is driving interesting developments in English law as some employers are starting to view LinkedIn accounts, or rather the contacts within them, as the property of the organisation.
Recruitment firms place a particularly high value on the service LinkedIn provides and some believe that employees who take their LinkedIn contacts to another recruiter are no different to an employee who leaves with the company’s client or candidate database.
Are ‘Contacts’ Confidential Information?
The principle to be decided is this: Are LinkedIn contacts ‘confidential information’?
Previous case law has decided that while head offices and main telephone numbers can NOT be considered confidential information (as they are in the public domain anyway); personal extension lines and named email addresses ARE confidential. See Pennwell Publishing (UK) Ltd –v- Ornstein & Others ( EWHC 1570)
Who ‘Owns’ the Account?
According to LinkedIn’s terms and conditions “ownership” of the account is that of the employee and this would appear to stand providing the account is in their own name.
However a ruling in a 2008 case, Hays Specialist Recruitment (Holdings) Ltd & Another –v- Ions & Another ( All ER 216), suggests that any contact information acquired during employment must be deleted or returned to the employer upon leaving the company.
Another example of a ruling in a 2022 case is Clayton recruitment vs Mr Wilson, in which the High Court ruled it was wrong for Mr Wilson to refuse to disclose his personal LinkedIn password before leaving his employer to set up his own business ( EWHC 1054).
While this doesn’t require the employee to close their LinkedIn account, it does pose some practical questions as to how this can be effectively managed and verified.
To manage this expectation, the contract of employment should be reviewed and potentially amended to explicitly address social media contact information.
A social media policy would also help to set out other aspects of social media etiquette, protecting the organisation from reputation and other damage.
It’s important to clearly communicate expectations early on in the relationship, however organisations should also consider how they would enforce a request to delete contact information and it should also be remembered that many people’s information can be accessed publicly by searching social media sites or search engines.
ISO 27001 Information Security
Assent Risk Management provides information security consultancy including ISO 27001 Management Systems, a risk-based standard which includes controls to manage social media.