The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/80353
might not have belonged to her even though her name appeared on the account. The case is currently proceeding to trial. However, in Sasqua v. Courtney, the court ruled that information sought to be protected as a trade secret was readily available on the Internet (and thereby denied a request for injunctive relief). The defendant argued that information on the former employer's customer list was publicly available on LinkedIn and therefore was not a trade secret. The court agreed since the company had a list of clients on LinkedIn, Facebook and Bloomberg. Most notable, the court identified the employer's failure to impose restrictive covenants and said that even if the information was protectable when it was first developed, "the proliferation of the information made available through full-blown use of the Internet and [the] powerful tools it provides" make the protection of similar information uncertain. Jurisdiction can become a major issue as many cloud computing facilities are not located geographically near the users of the data. In fact, computers storing key data might not be inside the same country and are therefore not subject to the same privacy and privilege rules. Specifically, the rules regarding privacy of personal information in the European Union are far stricter than in the U.S., meaning that it can be difficult to retrieve data that have crossed the border. There is not a preponderance of case law on this jurisdictional issue because the use of cloud computing has been a recent transition in the business world. It is expected to be a factor in upcoming e-discovery cases, particularly for companies with multiple locations and those that use global IT providers. Defending Against the Unknown The most powerful defense against many of these issues is to carefully consider what information is released at the outset. Social media posts should only be made by a few designated individuals at the company who are very aware of the consequences of posting company information online. Before posting, the question should always be asked: "Could this hurt us if it was used as evidence in court?" This question should preferably be addressed by several individuals within the company in order to weigh the marketing benefits against the potential risks. This is especially true for companies subject to regulatory considerations or statutory requirements, such as law firms, municipal and government agencies, and financial institutions. Another important step is to implement (and enforce) strict social media policies with employees. In particular, make it clear that any mention of the company, its intellectual property, trade secrets or use of its copyrights will not be allowed. If this policy is clearly stated and enforced and an issue arises regarding a nonauthorized post about the company, such policies are an excellent first line of defense. Rescuing Data from Oblivion Retrieving information from the cloud ranges in difficulty based on the provider's willingness to assist. For example, Facebook has a feature wherein users can zip all of their content and email it to themselves. However, since access to the actual computers storing the information is uncommon, other methods are typically warranted. Most e-discovery and digital forensics professionals can perform select data collection to retrieve information for cases involving data in the cloud. The determination of fault (and therefore the burden of paying for preservation) is something that has not yet been explored. Does it fall on the user, the company being sued or the online provider and its partners? This will likely be addressed in the near future, particularly with the number of cases that involve some component of social media use. The Careful Pioneer The overall lesson of social media use in the corporate world is to employ a strict, written agreement to clearly define the company's stance on social media use. Having similar controls and rules for those that post to social media sites is also critical, as is the plan for when that person leaves a company's employment. But most important, if you want information protected by privilege or under intellectual property rules, don't put it on the Internet. Gavin W. Manes, Ph.D. is the President and CEO of Avansic. He is a nationally recognized expert in e-discovery and digital forensics, having published over 50 papers on computer security and digital forensics. Gavin has also briefed the White House, the Department of the Interior, the National Security Council and the Pentagon on computer security and forensics issues. He can be reached at gavin.manes@avansic.com. Peer to Peer 11