Upholding Your Privacy Policy

James Chiodo, Certified Information Privacy Professional CIPP/US

Security concept: Information Privacy on keyboard backgroundWhen a Merger Occurs, Remember the Privacy of Existing Customers

When it comes to what information a brand collects and what they do with that consumer’s information, every business is different. That is why privacy policies exist. Consumers need to be informed of how their data is being collected, stored, and used by a company they do business with.

When a merger between companies occurs, however, there can be a difference between how the two businesses handled privacy matters. Are there restrictions on what a business can do with data that is acquired through a merger?

The FTC realizes that buying and selling companies or parts of companies is just how business works in our modern world. The fact is, however, that any promise made involving privacy needs to be lived up to. If your business buys out another, that does not negate promises concerning privacy that were made to the purchased company’s existing customers.

Really, when buying or merging with another company, you have two choices about privacy. You can either abide by the privacy policy that the existing customers already agreed to or you can ask those consumers for permission to use their data differently from now on.

This is not a new topic for the FTC. It has been clearly addressed in Section 5. Companies are not allowed to alter their privacy policy to insert inconsistencies with the original promises that were made to a customer. Gateway Learning proves to be a warning example to businesses in this regard. The company promised consumers that their personal information would not be shared with third parties.

Later, that policy was changed, and the business proceeded to share consumer information in accord with their new policy and not the one that was agreed to with consumers initially. The FTC alleged that it was unfair for Gateway Learning to make their new privacy policy retroactive without getting consent from their existing customers first.

The same principles would apply when one business acquires another. Facebook came up against these concerns when they purchased WhatsApp. There were certain promises made in the WhatsApp privacy policy that were beyond the privacy rights Facebook offers their users. Facebook was faced with a decision. The FTC made it clear that promises made by WhatsApp to their consumers prior to the acquisition had to be maintained or it would be a violation of Section 5 for both companies.

If you have recently acquired a business or are considering merging your company with another, consider the ramifications in terms of customer privacy. In most cases, there are really only two choices. You either need to continue to live up to the promises existing customers were given in the past or customers need to be provided with the new privacy policy in advance and given the opportunity to opt out.


New California & Nevada Privacy Laws Affect Website and Mobile App Owners ➞ Read More