Most Read Contributor in United States, September 2016
The Radio Shack bankruptcy case raised a fundamental
question regarding the sale of personally identifiable customer
information: Can it be done? The answer is "Probably".
(You expected anything else?)
When Radio Shack filed for bankruptcy protection, it had
collected personally identifiable customer information respecting
117 million individual customers. Radio Shack had promised
sell" their personally identifiable information to any third
party. In the bankruptcy proceedings, the customer information was
identified as an asset. Radio Shack proposed to sell this
asset for the benefit of creditors. The FTC, many state attorneys
general, Verizon and AT&T objected to the proposed sale. A
privacy ombudsman, permitted by the Bankruptcy Code, was also
appointed by the Court.
The Bankruptcy Court ordered all parties to mediate the dispute.
In mediation, a deal was reached permitting customer information to
be sold. However, a number of conditions were attached to the sale.
First, the buyer had to agree to be bound by Radio Shack's
sale and an opportunity to "opt-out" either via email or
mail, depending upon whether Radio Shack had a valid email address
for the customer. Third, opt-out information had to be
"prominently" posted on the Radio Shack website. Finally,
the buyer was prohibited from the use of "sensitive"
information, including debit/credit card information, date of birth
and government IDs such as Social Security numbers.
The Radio Shack settlement provides a number of
takeaways respecting the sale of personally identifiable
customer information, in and out of bankruptcy:
Even government actors such as the FTC and state AGs appear to
recognize that privacy rights are not absolute and need to be
balanced against the interest driving a sale.
A bedrock principle is the need to honor the promises made by
the company that collected the information.
Government regulators require an "opt-out"
Company privacy policies and disclosures should make it
explicitly clear that information collected from customers may be
sold and/or provided to a successor or buyer company, including if
such information is sold in the context of bankruptcy.
Don't ignore HIPPA, which will always apply to medical
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
On 28 July 2016, the European Court of Justice rendered a decision in a dispute between an Austrian Consumer Protection organization known as VKI and Amazon EU Sàrl, a subsidiary of Amazon registered in Luxembourg.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).