Ownership of contents of online email account gets called into question after account owner diesAjemian v. Yahoo!, Inc., 987 N.E.2d 604 (Mass. Ct. App. May 7, 2013)

Who owns the data in an online account after the account owner dies?  It’s a question that’s growing in importance as online email accounts become commonplace and cloud storage services like DropBox and Google Drive gain users.  A Massachusetts court faced that question in Ajemian v. Yahoo!, Inc., but left it unresolved.

In Ajemian, an individual (Robert) opened a Yahoo! email account for the primary use of his brother, John.  Robert shared the account as a co-user.  Several years after Robert opened the account, John died.  Robert and his sister Marianne were appointed co-administrators of John’s estate.  At the time of John’s death, Robert had not accessed the Yahoo! account for several years and had forgotten the password.

Robert and Marianne tried to get access to the contacts in Yahoo! account to retrieve email addresses of John’s friends and notify them of John’s death and memorial service.  Robert and Marianne also wanted access to the emails in the account to help identify and locate John’s assets and administer his estate.

After negotiations, Yahoo! agreed to turn over the subscriber information for John’s account to Robert and Marianne if they obtained a valid court order, which they did.  Yahoo! believed that the Stored Communications Act prohibited it from disclosing the contents of the emails in the account, however.  This prompted Robert and Marianne to sue Yahoo! in the Massachusetts probate court.  Robert and Marianne argued that the emails were the property of John’s estate and, therefore, as administrators of the estate, they were entitled to access to the emails.  Robert also argued that as co-owner of the account, he was entitled to its contents.

The probate court dismissed the lawsuit on various grounds, including that the Terms of Service (TOS) governing the Yahoo! account required the lawsuit to be filed in California.  On appeal, the Appeals Court of Massachusetts decided that the TOS was unenforceable because Yahoo! failed to prove that it reasonably communicated the TOS to Robert and that he indicated his acceptance of the TOS, such by clicking on a box that says “I Agree” (i.e., a “clickwrap” agreement).  Even if Robert had accepted the TOS, the court would not enforce the forum selection clause contained in the TOS because it was unreasonable and overbroad.   The Appeals Court sent the case back to the probate court for a ruling on the issue of access to the contents of the Yahoo! account.

LegalTXTS LessonBecause the contents of online accounts can be quite valuable, they should be treated as an asset in an estate planning program.  Much hassle and confusion can be avoided by making pre-death decisions about how one’s online information should be handled upon one’s death, such as entitlement of access to the accounts and ownership of their contents.  To plan effectively, one might need to take into account the terms and service corresponding to online services.  In Ajemian, for example, the terms and conditions for the Yahoo! account purportedly limited the transferability of the account and terminated the rights to the Yahoo! ID and the account’s contents when the account owner died.  If an online service has similar terms, a workaround might be needed to preserve the rights of the account owner’s estate to data stored by the service.

Enhanced by Zemanta

Employer sues ex-employee for not updating his LinkedIn profileJefferson Audio Visual Systems, Inc. v. Light, 2013 WL 1947625 (W.D. Ky. May 9, 2013).

What would you do if your ex-employee told everybody he still works for you?  One company’s response was to sue.  In the first case of its kind, the company decided to sue its former employee for fraud for not updating his LinkedIn profile.

Jefferson Audio Visual Systems, Inc. (JAVS) fired its sales director, Gunnar Light, after he mishandled a potentially lucrative deal and made defamatory statements about JAVS to a prospective customer.  Shortly afterwards, JAVS filed a lawsuit against Light alleging various claims, including fraud.  JAVS argued that Light was fraudulent in failing to update his LinkedIn profile to reflect that he was no longer a JAVS employee.  A Kentucky federal court dismissed the fraud claim because JAVS failed to show that it was defrauded by Light’s LinkedIn profile.  At most, JAVS alleged that the profile tricked others.  Under Kentucky law, a party claiming fraud must itself have relied on the fraudulent statements.

LegalTXTS Lesson: JAVS’ actions against its ex-employee might have been rather extreme, but the case is a reminder that ex-employees can leave behind an electronic wake that is damaging.  Because computer technology is an integral part of work life, management needs to be intentional in disengaging ex-employees from the electronic systems and online persona of the organization.  Each organization must determine for itself what measures for dealing with such post-termination issues are feasible, effective, and consistent with its objectives, but here are some suggestions:

1.  Promptly update the organization’s website, social media profiles, and any other official online presence to reflect that the former employee no longer works for the organization.

2.  Specify who owns Internet accounts handled by the ex-employee for the organization’s  benefit and the information stored in the accounts.  This includes social media accounts and cloud storage accounts (e.g., DropBox, Google Drive, SkyDrive) to the extent they contain proprietary data.  As part of this measure, be sure to obtain the information needed to access the accounts, including any updates to login credentials.

3.  Restrict the amount of access to which former employees, as well as current employees whose departure is imminent, have to workstations, databases, and networks of the organization.  Limiting access helps to prevent theft of trade secrets and proprietary information.  Many CFAA lawsuits have been spawned by a failure to take this precaution.

4.  Check if the employee left behind anything that would enable him or her to gain unauthorized access to company systems, like malware, viruses, or “back doors.”

5.  Enable systems that allow of erasure of the organization’s data from electronic devices used by the ex-employee to remotely access the work network, such as smartphones, laptops, and tablet computers.

6.  Establish guidelines on employee use of the company’s intellectual property on personal internet profiles (e.g., Facebook, Twitter, LinkedIn), including trademarks and trade names.
Enhanced by Zemanta