A lawsuit filed recently in federal court begs the question, “Who is permitted to create a social media profile on someone other than himself?” It’s a sticky question but one that hangs out there in legal limbo, for now.
As this article in the Pittsburgh Post Gazette indicates, Rick Senft, president and CEO of the Passavant Memorial Home Foundation, has a LinkedIn profile containing his personal information. The problem is, but he didn’t create the profile, and he didn’t authorize anyone to create it. Who did put it out there is probably known to the administrators at LinkedIn, but they aren’t revealing any details, not even to Senft. His attorney filed suit against the social media company to force it to tell Senft who created the “fraudulent account.”
When Senft discovered the profile based on his identity, he asked LinkedIn to remove it, which they did. He also asked who created the profile, but the company responded that it couldn’t provide this information outside of a “valid legal process.” Thus, the lawsuit ensued. It will be interesting to see how the suit is resolved in federal court.
I find this development interesting in view of the article I posted last week about Google and other companies complying with requests to provide much more detailed information, including the contents of email messages. Presumably those requests come from official authorities such as law enforcement agencies that can easily get a subpoena to force the information disclosure if necessary. By comparison, Senft, as a private individual, had to resort to a lawsuit to initiate the legal process that could ultimately get LinkedIn to tell Senft who set up his profile.
According to LinkedIn’s published user agreement, it’s clearly not permissible “to create a false identity.” That means that if Senft did not authorize anyone to create a profile about him on his behalf, the person who set it up has violated LinkedIn’s policy. What a shocker. He or she probably is not the first person to violate a service agreement. I doubt that LinkedIn is going to bring any legal action against any such individual, unless forced to as a result of legal action taken by Senft.
This case raises a whole bunch of questions: What right does an individual have to his or her own profile on a social media site? If a bogus account is created – even if it doesn’t contain fraudulent or harmful information – what is the legal fallout? Is the social media company legally or morally obligated to help discover who the fraudster is?
I don’t know who created Senft’s unauthorized profile, but what if it was someone who works for his organization? Maybe an employee thought it would be good to have the organization’s CEO be represented on a business-oriented networking site. It could have been an honest and earnest endeavor to help the organization, not to harm Senft in any way.
As my colleague Brian reported recently, CIOs and CISOs are concerned about the gray area of social media and the blurring of personal and work identities. This scenario suggests that every organization should revisit its policy concerning business-oriented social profiles. Policy should state that every person who is represented by a public profile should know about the profile and provide or approve the content, especially if any of the information is considered personal, such as a personal email address or personal cell phone number. This won’t head off every problem with social media, but it could have saved Senft from the need to file his lawsuit just to find out who created his unwanted profile.