A recent UDRP decision denying transfer of a company's domain name from a former employee illustrates the importance of properly maintaining the Registrant and contact details, along with the prudence of having more than one person administering corporation's domain name portfolio. In the National Arbitration Forum decision of Hennion & Walsh, Inc. v. Robert Isom, FA1118409 (2008), the company's domain name, hennionandwalsh.com, was registered by the firm's computer operator (Respondent), whose responsibilities included construction and maintenance of the firm's website. When registering the domain name with Registrar Network Solutions, the employee mistakenly used his name as the Registrant, while also setting password protection on the account. Upon leaving the company's employ, the employee did not leave the password or answer to the security question, nor did he remember them. Since the employee was the only person who previously knew the password or security question, the company was unable to make any changes to its website through Network Solutions. Network Solutions would only permit access to the website if Respondent renounced his interest in the domain name. Although the employee was being cooperative, Network Solutions required the filing of a UDRP for Respondent to officially renounce his rights to the domain name.
In the UDRP decision, the Panelist easily found that Complainant had established that the domain name was identical and/or confusingly similar to the common-law mark of HENNION AND WALSH, along with finding that the Respondent did not have rights or legitimate interests in the hennionandwalsh.com domain name. The claim was denied, however, based on the third element of a UDRP—due to lack of registration and use in "bad faith." Since the Respondent had "mistakenly" registered the domain name in his own name, and was Complainant's employee at the time, there was no bad faith at the time of registration. In addition, the Respondent had not accessed the account since leaving the company, nor ever claimed any personal interest in the domain name. The Panelist held that the Complainant simply wanted to correct its administrative failures through the UDRP, which the UDRP was not designed to do.
This decision provides a lesson of the unnecessary risks and expense that can occur when domain names are allowed to be registered in an individual employee's name, along with the account only accessible by the "key" employee. It is not unusual for employees in positions of responsibility to leave a company, with not all of them as amicable as in the present case. If there had been additional oversight of the domain name portfolio, with contact information resolving to a domain-name-specific email account such as domains@mycompany.com, then this scenario and the attendant "handcuffing" of the company website may have been avoided.
Vol. 53, June 2010