The Radio Shack bankruptcy case raised a fundamental question regarding the sale of personally identifiable customer information: Can it be done? The answer is “Probably”. (You expected anything else?)
The Radio Shack settlement provides a number of takeaways respecting the sale of personally identifiable customer information, in and out of bankruptcy:
- Even government actors such as the FTC and state AGs appear to recognize that privacy rights are not absolute and need to be balanced against the interest driving a sale.
- A bedrock principle is the need to honor the promises made by the company that collected the information.
- Government regulators require an “opt-out” process.
- Company privacy policies and disclosures should make it explicitly clear that information collected from customers may be sold and/or provided to a successor or buyer company, including if such information is sold in the context of bankruptcy.
- Don’t ignore HIPPA, which will always apply to medical information.