How to Protect One of Your Company’s Most Important Assets During the Sale of Your Business or Bankruptcy

James Chiodo, Certified Information Privacy Professional CIPP/US

Customer Data Let’s imagine a scenario. Business A operates online and collects data. It has a privacy policy that explains to users how personal information that is collected will be used. After several years of business and data collection, Business A ends up filing bankruptcy.

The owners of Business A decide that selling the customer list is an excellent way to recoup some of their investment in the company. There’s just one problem: The privacy policy says, “We will never sell your data to a third party.” So guess who ends up getting sued by former customers and possibly the FTC? How can this scenario be avoided? Read on to learn how to protect yourself, your business, and the value of your collected data.

Real-Life Examples
Of course, we don’t have to image this scene. The FTC has engaged in proceedings with numerous companies over this exact issue. Consider a few relevant examples.

Toysmart: Toysmart went bankrupt and really only had one asset – data. The problem was that Toysmart’s privacy policy promised never to share data with a third party. The FTC filed a complaint against Toysmart. The result was that Toysmart was only allowed to sell information to another company that already focused on the same products and services, and that buyer had to abide by the promises made in Toysmart’s policy.

Radio Shack: You may be more familiar with the recent bankruptcy of Radio Shack. How many people had Radio Shack collected data from over the years? The answer is a whopping 117 million. Unfortunately, most of that data had zero value and had to be destroyed when the company closed hundreds of stores. This is because the sale of the data would have violated the company’s privacy policy and thus Texas state law. What should have been a massive asset was reduced to just the value of some email addresses.

Quirky: One of the most recent examples is that of Quirky; they tried to sell off data from a subsidiary of the company: Wink, Inc. The company’s privacy policy allows the sale of personal data in connection with a reorganization of the business or a sale of the company. So what was the problem? The privacy policy was changed in 2011 to add that clause. Therefore, issues came up with the legality of selling data collected prior to the policy change.

A Privacy Policy that Protects Your Assets

While no company plans on going out of business or filing for bankruptcy, the economy is fickle, and so are consumers. Why devalue one of your biggest assets in the modern world of data mongering? The key is to draft your privacy policy so it gives you the ability to sell customer data under specific circumstances without any legal liability.

True, consumers don’t want to hear that you intend to sell their data, even if it is only in case of liquidation of the business. So how can you create value for this sensitive data? Take an example from Amazon.

Amazon added an addendum to their privacy policy that already stated personal information will not be sold. The additional statement mentions the word “assets” and specifically states that personal data is including among those assets. The way the policy is worded allows Amazon to sell personal data associated with a portion of the business if that part of the company is sold, transferred, or acquired by another entity. The consumer hears what they want to hear: “We won’t sell your data.” At the same time, the data retains its value in case of sale or loss of the business.

Consider, too, what happened to Quirky. Changing your privacy policy as soon as possible is important, but what about data already collected? Be sure that users need to accept your new privacy policy in order to continue using your site. Then, any customer who continues to use your site after the change in policy will be protected under the updated policy instead of the older one.

Summary: Protect Your Data Value
In the modern business world, data has a tremendous value. Don’t cheat your company out of the value of its database through an outdated privacy policy. You can appease your customers and promise not to sell data now while still leaving your company open to selling data as an asset in case of sale of the company, acquisition by another entity, or bankruptcy.

For an attorney-drafted privacy policy to help protect your customer data and online business, visit:

New California & Nevada Privacy Laws Affect Website and Mobile App Owners ➞ Read More