It’s common in trade secrets or noncompete cases for plaintiffs to demand forensic imaging and searching and, ultimately, destruction of electronic information contained on the defendants’ computer system or devices. Lawyers regularly hire forensic experts to examine computer systems for information, either to swear under oath that nothing has been found, or to locate information for production and potential removal. What is less commonly handled, but should be considered in many cases, is the forensic searching and cleansing of social media information.
That is an especially important consideration for businesses that use third parties to manage targeted social media advertising and customer relationship management (CRM) software. The same is true for the CRM software and social media marketing vendors themselves. The rapid rise of targeted advertising on Facebook, LinkedIn, and other social media sites is creating new issues to unpack in trade secrets litigation.
A Novel Challenge
In a recent case, we were hired by the defendants after a court had already granted a temporary restraining order (TRO) against them and ordered the client to locate, remove, and give back any copies of a spreadsheet that contained tens of thousands of existing and potential customers who were potential revenue sources. While we argued that the spreadsheet was neither confidential nor a trade secret, the court order required a full forensic investigation, and forensic experts were hired to search the computer network and devices of the client.
The client had used some of the spreadsheet information in a social media campaign, using a vendor that took people’s information, located their profiles on Facebook, and sent them advertising. Some of these folks had joined Facebook Groups related to the client and interacted within those groups.
Because the list used by the contractor was arguably a derivative of the object of the TRO, we had to find out who on the marketing list had been put into contact with the client through that marketing campaign and cleanse their names from the computer system and the social media pages. Trade secrets lawyers are likely familiar with computer system cleanses. But this kind of social media purge presented a novel challenge, and one our forensic experts frankly admitted they had no knowledge about how to execute such a search and purge.
Our team created a plan to purge that information. This involved a detailed protocol to ensure that all of the client’s social media was cleansed of data from the alleged trade secret. We had to learn how Facebook allows access to marketers and how to scrub the data it stores as part of its marketing efforts. We repeated the effort for other social media accounts the client owned. Think of it like cancer: we had to zap every instance of the cancer so that no trade secrets remained exposed. After doing so, we demonstrated our full compliance and were able to get the TRO dismissed because the data was no longer within the possession or use of the client.
Proactive Steps to Protect Your Organization
There are several lessons learned that could be of value to nonprofits, businesses, and their CRM database vendors. First is being careful about what types of information you share with third-party vendors, including CRMs and social media marketing agencies. Only share information that is essential for business purposes.
The vendors themselves should be aware of the risks they are inheriting when they take other organizations’ data. Once that data is mixed in with yours, you are infected and could become part of a forensic cleaning process to retrieve that data.
For those reasons, it’s important to have strong contractual protections involving data security and trade secrets. One example of a protection worth considering is a nondisclosure agreement (NDA) with third-party marketing companies to make clear what information must be kept confidential. The NDA should also have language requiring cooperation if data needs to be recouped later.
The other big lesson here applies beyond the specifics of this case: careful onboarding practices for both employees and vendors. When new employees come on they need to be screened to make sure any and all information they have retained is analyzed and assessed as to whether it is problematic. Whomever you hire to handle social media marketing, you will want to make sure they are getting their data from places they are supposed to. To avoid getting caught up in costly litigation, ensure the data they are using is not somebody’s trade secret.
For more information, please contact me or your regular Parker Poe contact.