It looks like RadioShack customer data is going to be safe—for now—but the issue of whether company data is a sellable asset at bankruptcy remains open.

As nerds everywhere mourned the February announcement of RadioShack’s intention to file for bankruptcy, the tech industry paid particular attention to one aspect of the process. RadioShack said it would sell off its customer data, which includes personal information on some 117 million customers, writes CNN Money. This data includes information such as customer names, phone numbers, mailing addresses, e-mail addresses, and, in some cases, purchase history.

In fact, RadioShack’s customer data was named first under the company’s list of assets to be auctioned. “Customer File: Over 13MM E-Mail Addresses, Over 65MM Customer Name and Physical Address Files,” the list notes.

In case you weren’t one of the geeks who used to lurk around the retailer’s strip mall locations, you should know that back in the day, RadioShack was actually on the leading edge of what we now call Big Data. You couldn’t even buy a battery from the company without giving them your name and address.

People objecting to the proposed data sale point out that RadioShack posted a data privacy policy in its stores stating that it wouldn’t sell its mailing list, and that such a policy should apply even in the case of a bankruptcy auction, CNN Money writes.

But do such policies still apply when a business goes bankrupt? “Any promises made by the RadioShack entity are as good as their promises to pay their creditors: that is to say, pretty much null and void unless the presiding judge and or creditor’s committee agrees to honor them,” writes Paula Rosenblum in Forbes.

The selling of this data had implications for consumers who would undoubtedly be getting junk mail and spam from would-be buyers of the information. But vendors that sold products in RadioShack stores also worried that their data might be available to competitors. For example, AT&T objected to its customer data being made available to Sprint, which was named as a potential purchaser of some of the stores.

Moreover, AT&T contended the data didn’t even belong to RadioShack. “Given that RadioShack was acting as a selling agent for AT&T and other mobile phone providers, is the data even theirs to sell in the first place?” Rosenblum writes. “AT&T argues no. It’s a really murky issue.”

In addition, people were concerned that the data could be used for identity theft. “If this data ends up in the hands of hackers, it can be used to launch phishing attacks, leaving customers exposed to malware by email, phone and text, in order to steal more personal and financial information,” Adam Levin, founder of IdentityTheft 911, told ABC News.

Altogether, 33 state governments plus the District of Columbia objected to the sale, starting with Texas, where RadioShack is based, and soon joined by Tennessee, Oregon, and Pennsylvania.

RadioShack’s privacy ombudsman—yes, it had one—soon weighed in on the issue, noting that at least for the time being, personal information wouldn’t be sold, and that the company would alert the bankruptcy court if that changed.

So it looks like the data will stay with RadioShack. The hedge fund purchasing some of the chain’s assets, Standard General, agreed not to buy the data so the sale could be completed by April 1, thus avoiding paying an additional month’s rent on the stores, writes Korri Kezar for the Dallas Business Journal. However, she warns, the ownership of the data isn’t yet settled.

Moreover, the data ownership issue remains worrisome for other companies. Retailers such as Sears, Kmart, and Macy’s are also expected to close some stores this year, notes US News and World Report. And what would happen to user data should a Google or Facebook go bankrupt, asks the Washington Post.

“This is an interesting object lesson for retailers,” Rosenblum notes. “My partner Brian Kilcourse has said for years that retailers really need to start thinking about their ‘information assets.’ Technology companies generally have clauses in their contracts that prohibit assignment of ownership to another party except during a merger or acquisition. In other words, they protect themselves.” The data, though, are subject to no such rules and regulations, she adds.

In addition, the Federal Trade Commission has gone back and forth on the issue in the past several years, depending on the business the company was engaged in.

It didn’t allow the sale of information from Toysmart (particularly because some of the customer names were children), but did allow the sale from Borders, under certain conditions, writes Joshua Brustein for Bloomberg. Numerous other companies that have gone bankrupt have also sold off their data without fuss, write the Motley Fool and Advertising Age.

In fact, one source quoted by Brustein advised companies not to have a data privacy policy, because of the potential value of the data asset. “When a company makes public representations imposing excessive limitations on its use and disclosure of personal information, it has the potential to significantly diminish the value of the company’s personal information assets,” notes 2010’s prescient paper, “Emerging Privacy Issues in Bankruptcy.”

In any event, if you’re involved in big data at all, raise a glass to RadioShack: This is where the data collection craze was born.

Related Posts