Recently I was asked by a client what remedies there might be for a website designer who already had access to their financial and confidential information. The client suspected the web designer might be trying to misuse their access to that information and their control over the client’s website for the designer’s own gain and benefit. Of course, there are all sorts of statutes, rules and regulations that govern the access to, use and safeguarding of a client’s financial and confidential information by financial institutions, financial advisors, lawyers, accountants and other professional fiduciaries.
But what happens when someone you thought was your friend, who just happens to have a “website design” business, but who has all of your login credentials, access to your credit card information and control over your website, social media sites and your online payment and billing portal, suddenly seems to have a very different view of how to grow or manage your online business? Does your website designer or IT expert owe you the same fiduciary duty to act in your best interest and to safeguard your financial and confidential information as your accountant or lawyer? What can or should you do to protect yourself and your business?
In a recent unpublished opinion, the First District Appellate Court in Illinois had an opportunity to summarize current Illinois law regarding the requirements to establish a fiduciary relationship in a business setting. This case cannot be cited as binding precedent, and involved the outright usurpation of a corporation’s opportunity by an employee who acquired a competing business. However, the general discussion and principles cited are beneficial to see that your website designer, just like an employee, may be acting as your fiduciary and therefore owes you a much higher degree of loyalty and good faith than just the average contractor or vendor your business might engage.
In Advantage Mktg. Grp. v. Keane, 2019 IL App (1st) 181126-U, 2019 Ill. App. Unpub. LEXIS 553 (Mar. 29, 2019) the Court described a fiduciary relationship as follows;
Generally, “[e]very person who accepts the responsibility of acting on behalf of another is a fiduciary.” Graham v. Mimms, 111 Ill. App. 3d 751, 760, 444 N.E.2d 549, 67 Ill. Dec. 313 (1982). “An agency is ‘a consensual fiduciary relationship between two legal entities’ whereby ‘the principal has the right to control the conduct of the agent, and the agent has the power to effect [sic] the legal relations of the principal.'” State Security Insurance Co. v. Frank B. Hall & Co., 258 Ill. App. 3d 588, 595, 630 N.E.2d 940, 196 Ill. Dec. 775 (1994) (quoting Gunther v. Commonwealth Edison Co., 126 Ill. App. 3d 595, 598, 467 N.E.2d 1104, 82 Ill. Dec. 31 (1984)); see also Restatement (Third) of Agency § 1.01 (2006) (defining agency as “the fiduciary relationship that arises when one person (a ‘principal’) manifests assent to another person (an ‘agent’) that the agent shall act on the principal’s behalf and be subject to the principal’s control, and the agent manifests assent or otherwise consents so to act”). “An employee need not be an officer or a director to be accountable since an agent must act solely for the principal in all matters related to the agency and refrain from competing with the principal.” E.J. McKernan, 252 Ill. App. 3d at 530. Indeed, “[w]hen a principal-agent relationship is present, a fiduciary relationship arises as a matter of law.” Stathis v. Geldermann, Inc., 295 Ill. App. 3d 844, 859, 692 N.E.2d 798, 229 Ill. Dec. 809 (1998) (citing State Security Insurance, 258 Ill. App. 3d at 595). The fiduciary owes a duty of loyalty to the entity for whom the fiduciary is acting. Graham, 111 Ill. App. 3d at 761 (citing Dick v. Albers, 243 Ill. 231, 236, 90 N.E. 683 (1909)). “Among other factors, the precise nature and intensity of the duty of loyalty depends upon the degree of independent authority exercised by the fiduciary [citation] and the reasonable expectations of the parties at the beginning of the relationship.” Id.
In the case of a website designer or IT expert, you have placed your trust and confidence in that person and gave the expert access to your confidential and financial information. Thus, under the above principles, your website designer or IT expert is clearly your fiduciary and unquestionably owes you and your business a duty of loyalty and good faith. And if they breach that duty, they can be held to account for money damages for the injuries and losses your business incurs.
But when I told the CEO of my client that they might have a really good lawsuit against their website designer for a breach of fiduciary duty, after her eyes glazed over, she very appropriately asked: “But what do I do right now?” So, here are a few do’s and don’ts I recommended:
(a) Don’t give anyone your permanent login credentials for any website or any social media site, no matter who they are. Most sites have a way to change the password, so if your designer or IT expert needs temporary access; grant them temporary access for what they are going to do. But as soon as they are done, change the password again. Any trustworthy professional who isn’t trying to take advantage of you or your business will be okay with this. If they aren’t, fire them and find someone else. Besides, periodically changing your passwords is a good security measure.
(b) Do have your business attorney create a Confidentiality and Non-Disclosure Agreement and make anyone who is going to be granted access to your confidential or financial information sign it, PERIOD! Most website designers’ contracts and IT experts’ agreements are designed to protect them; not you or your business. Using a written confidentiality agreement for your fiduciaries tells them you are serious about privacy and confidentiality. It can also give you specific contractual remedies if they turn out not to be loyal.
(c) Do be very cautious about website designers who want you to use their payment processing portals instead of the mainstream, well-known sites like PayPal or one your bank provides; they may be trying to get positioned to earn extra fees from those portals at your expense.
(d) Do make sure you, and not the website designer or IT expert, own the URL for your website and social media pages and the associated domains. Allowing a fiduciary to own them means they have control, not you.
(e) Don’t wait to take the above steps until after your website designer or IT expert has hijacked your business. Otherwise, your only remedy may be the lawsuit I described above. Our litigation team is always ready to help businesses who have been injured by a fiduciary, but we can also help you draft the necessary agreements and implement a plan to guard against such things.
Peter M. Storm
Storm & Piscopo, P.C.
Business litigation, planning and drafting