Archive for July, 2012

SaaS Agreements – Customer Lists – Social Media Contacts

If you actively encourage or allow your employees to use LinkedIn and Twitter to store or build up their business contacts you need to ensure that you have control over how this information will be used if the employee ceases to work for you, as most contacts will be your SaaS customers, other employees and SaaS suppliers.

In the last few years there have only been a handful of court cases in the UK (and the US) providing guidance on this issue and whether or not contacts in social media channels such as LinkedIn and Twitter can be used by ex-employees.


In October 2011 a US company, PhoneDog Media, sued a former employee for taking 17,000 Twitter followers with him when he left the company. PhoneDog claimed that the followers constituted their client list which was confidential.

The BBC also had a similar problem last year when an employee with 60,000 Twitter followers moved to a rival TV channel and took all of her followers with her by simply renaming her twitter account.


Back in 2008 the High Court ordered a former employee of Hays (the recruitment firm) to hand over all of his LinkedIn contacts when he left the company to set up his own consulting business. Hays claimed that the contacts were confidential information of the company and that the former employer had breached the terms of his employment contract by using this information for business purposes.

Social Media Issues for Employers

The above decisions highlight the dangers of encouraging employees to use social networking websites for work. The list of contacts of a SaaS sales consultant in LinkedIn will probably read like an A – Z of your SaaS customer base.  Once an employee leaves your employment you need to be able to deal efficiently with “ownership” or breach of confidentiality issues relating to the use of these contacts. This can only be achieved if you have already considered the “ownership” problems inherent in social media contacts and have agreed on what should happen if an individual leaves the company.

Who owns a Profile or Account

This will often depend upon who set up the account, why it was set up and who is paying for, and/or maintaining it.

Generally a LinkedIn profile or Twitter account belongs to the employee, even if you instructed the employee to create it – as it relates to an individual. It is “ownership” of the contacts in the profile that is important and this is what needs to be controlled to stop employees downloading SaaS customer contacts into their social media contacts database before leaving your employment.

Who owns Contacts or Followers

This is the wrong question to ask as no-one can “own” a contact. The question to ask is whether you have in place the correct safeguards to prevent employees from using the contacts including when they leave.

For example if you have non-solicitation or non-compete clauses in an employee’s contract of employment these could prevent the employee from using the contacts stored in their profile, as they will be confidential information.


In view of the uncertain legal status of social networking contacts it is advisable for companies to have employees sign a social media policy which sets out what use can be made of social media contacts once an employee leaves the company. Other measures that companies could consider taking are:

  • to simply ban all use of social media sites such as Facebook, LinkedIn and Twitter;
  • to ensure that relevant employees add all new LinkedIn contacts to the company’s CRM database;
  • to include non-competition and non-solicitation clause in employment contracts or other agreements;
  • to include social media clauses in all employment agreements.

By considering the risks and taking necessary measures to prevent these issues arising in the future you should be able to avoid costly litigation when key employees leave, potentially taking your SaaS customer contacts and followers with them.


Irene Bodle is an IT lawyer specialising in SaaS agreements with over 10 years experience in the IT sector. If you require assistance with any SaaS, ASP, software on demand contracts or any other IT legal issues contact me:

To register for my newsletter click here


Other related articles:

Website Legal Requirements – Cookies – Updated ICO Guidance

The UK Information Commissioners Office (ICO) will now start to investigate and prosecute companies for breaches of the Privacy and Electronic Communications (Amendment) Regulations. These set out the obligations of website operators to provide users with information about cookies and obtain user consent to the use of cookies. Failure to comply with the rules can result in a fine of up to £500,000.

What is a Cookie?

Cookies are small text files placed on a user’s computer which record online activity. The majority of websites use cookies to measure visits and the use of websites (analytics cookies). Cookies are often also used to save user names, passwords and user preferences to make repeated use of a website more comfortable for the user. However, increasingly cookies are being used to collect information about users for the purposes of targeted marketing.

Changes to the Data Commissioner’s Guidance

On the 25th of May 2012 the ICO revised its guidance on how to obtain consent from users to the use of cookies.

It is now acceptable for website operators to obtain implied consent from users to the use of cookies, provided that:

  • users take some action from which consent can be inferred, i.e. accepting a privacy policy on a website;  and
  • users understand that their actions will result in cookies being set.

Where such implied consent is obtained by users agreeing to a privacy policy, the privacy policy must be easy to find on the website and not be difficult to understand.

However, where companies are collecting sensitive personal data (such as health information), be aware that implied consent will probably not suffice and explicit consent will need to be obtained.

Monitoring and Penalties for Breach

It is unlikely that monetary fines will be issued by the ICO in the first instance for failure to comply with the new cookie rules. The ICO has stated that it will consider ensuring compliance by requiring companies to give formal undertakings and by issuing enforcement notices.  Compliance of websites generally will be monitored by the ICO via its online reporting tool. Members of the public will be able to report cookie concerns about particular websites or sectors, by using the online tool on the ICO’s website.


Irene Bodle is an IT lawyer specialising in Internet Law and SaaS Agreements with over 10 years experience in the IT sector. If you require assistance with any Internet Law, SaaS, ASP, software on demand contracts or any other IT legal issues contact me:

To register for my newsletter click here


Other related articles:

Bodle Law
Assign a menu in the Left Menu options.
Assign a menu in the Right Menu options.

This website uses cookies. You may not use this website, unless you agree to our use of cookies. For further details about the cookies we use please visit our Cookie Policy

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.