Bankruptcy and Privacy Policies

James Chiodo, Certified Information Privacy Professional CIPP/US

We know that companies collect a lot of personal data from us. You may at times have read the privacy policy on a website or blog before deciding to use it to see if you are willing to let your personal data be used in a certain way.

Likely, your business has such a privacy policy, and you strive to maintain the integrity of the business by sticking to those promises. Problems often arise; however, when a company is heading for bankruptcy. Let’s use the case of ConnectEDU to discuss these concerns.

ConnectEDU has amassed tons of user data over the years. This includes personal information, including names, phone numbers, addresses, and even education histories. Most people are willing to accept the privacy policy which states the information wouldn’t be used for marketing purposes. Of course, that’s just the promises of the present owners. What if they were to sell the business?

The privacy policy actually includes a clause that would alert users and give them the opportunity to remove personal data in case of sale of the business. It seems as though they had thought of everything.

No one considered what would happen if ConnectEDU went bankrupt.

Now the company is selling off all of their assets. What is one of the biggest assets the company has? In a world that thrives on information, it’s all of that juicy personal data that is supposed to have been protected.

The FTC’s Jessica Rich has already written to the bankruptcy court, outlining ways in which this action may violate the FTC Act. According to her letter, the privacy policy should allow users to receive notice of the action and time to delete personal information that they do not want auctioned off to the highest bidder. So what does the FTC expect ConnectEDU to do before selling the data?

First, they at least want users notified of the impending sale of data and to be given the option to remove personal information. Second, they would prefer the data be destroyed rather than sold. Clearly, the second option would maintain the promised privacy for users.

This is important information for businesses or lawyers dealing with bankruptcy to consider. Privacy can’t go out the window simply because a company can no longer stay solvent.

The FTC is working to help protect the privacy of consumer data, even when unfortunate situations such as this arise.


New California & Nevada Privacy Laws Affect Website and Mobile App Owners ➞ Read More