Employer Fails to State Stored Communications Act Claims Absent Allegations That Employees Interfered With Company Accounts – Castle Megastore v. Wilson
[Post by Venkat Balasubramani]
Castle Megastore Group, Inc. v. Wilson, et al., 2013 WL 672895 (D. Ariz. Feb. 25, 2013)
Castle Megastore is going after three of its former employees for their alleged breaches of contract, misappropriation of trade secrets, and related acts. Not surprisingly, the acts of the ex-employees Castle complains of involve social media.
Castle alleges that one of the defendants (Wilson) posted an image displaying Castle’s computer system to Twitter. Wilson is also alleged to have “prepared application materials to other companies that contained ‘confidential information regarding CMG, including CMG’s facilities data, [CMG’s] employees, its annual revenue, [etc.]”
One of the other defendants, Flynn, was engaged by Castle as a “social media specialist.” Castle alleges that Flynn posted a video of a “confidential [Castle] Managers’ meeting” to Vimeo, and also shared the link and password to the Vimeo account to his co-defendants. Castle also alleges that after he was terminated, Flynn “changed the password of the Facebook account he created for Castle.”
They key question is whether any of defendants’ actions violate the Stored Communications Act, which is the only federal claim alleged by Castle. If the answer to this question is no, the court can decline to exercise jurisdiction over the remaining claims and send the lawsuit to state court.
The court says that the answer to this question is no. The court says that Vimeo may or may not be an “electronic communications service” facility as defined by the Stored Communications Act, but there’s no evidence that Flynn was not authorized to access the Vimeo account (or authorize others to view it). Castle did not allege that Flynn obtained the video through unauthorized access to Castle’s Vimeo account or that he authorized others improperly to access this account. The court says:
[s]ending or using a link and password to access a personal account created on a third party website does not appear to violate the SCA.
The court also says that Castle’s bare allegations that Flynn allegedly changed the Facebook password is not sufficient to state a claim under the SCA. Again, the court says that it’s unclear that the page is even an electronic communications service under the SCA. [Castle did not bring a claim under the Computer Fraud and Abuse Act.]
Two themes recurring throughout social media ownership cases are present in this case.
First, it’s not easy to slot social media assets into particular legal buckets. We’ve seen attempts by parties to characterize social media assets as trade secrets, tie them to trademark or publicity rights, or make all sorts of clunky attempts to fit them into existing regimes of intellectual property law, but usually it’s a poor fit. And this case is no exception.
Second, there’s also the recurring issue of whether accounts are private accounts or employer accounts, or as Eric has flagged before, often mixed. Here, the Vimeo account appeared personal (although the facts are taken from pleadings, so they are hardly conclusive), and the court says that there’s not enough to characterize the Facebook account as a business account. Interestingly, the case highlights the possibility that preventing an employer from accessing a business account that’s offered by a third party may constitute a Stored Communications Act violation.
Ultimately, the solution (at least as to the Facebook account) is to have contractual protection. While it can set expectations between the parties, it can also answer the question of whether an account is personal or business in nature. (Query as to how to best deal with this in an agreement. Should the accounts be referred to generically (e.g., any account incorporating the branding of the company) or by name?)
[image credit: Shutterstock:zozian greetings .. “bluebird sticker”]