Last week one lucky bidder – General Wireless – became the proud owner of personally identifiable information from approximately 67 million former customers of RadioShack. The 90-year-old electronics retailer sold off other intellectual property assets such as trademarks, patents and domain names in a Chapter 11 auction.
But before General Wireless can start mining this sensitive consumer data and soliciting business from the individuals in the RadioShack databases, the bankruptcy court must determine whether any conditions will be placed on use of that data. The buyer will want to extract as much value as possible from its investment while several state attorneys general fight to protect the privacy rights of consumers who probably assumed that RadioShack’s own privacy policies promising never to sell or rent their personal information meant the data would die along with the failed company.
Unfortunately for RadioShack customers, that’s not how it works today. While the bankruptcy court will likely not allow the consumer lists to be sold off to known spammers, it will probably follow guidelines laid out by the Federal Trade Commission during past bankruptcies and permit the data to be sold to a buyer in the same line of business that agrees to adhere to the same privacy policies of the company selling the data. Another option would be to allow the use of the data only if consumers explicitly opt in.
In fact, the FTC on Monday asked the bankruptcy court judge to protect the information by requiring General Wireless to abide by the same terms RadioShack customers agreed to when providing their information.
For people like me who believe that personal data should not be owned by anyone other than the individual that data is about, the solutions provided by the courts don’t go far enough in protecting sensitive information from getting into the wrong hands. RadioShack isn’t the first company, nor will it be the last, to go out of business. So it’s about time legislation be passed to require all personally identifiable information possessed by a company going through bankruptcy be destroyed and not be treated as an asset that can be sold off to extract the most value for creditors.
But if our elected officials are unable or unwilling to stand up for the privacy rights of their constituents, perhaps it’s time for consumers to take matters into their own hands using a model deployed by the Nature Conservancy. The not-for-profit organization purchases environmentally sensitive land from private owners in order to prevent it from being developed for commercial purposes, therefore protecting the environment and preserving that land for future generations.
While it would need a better name, this “Nature Conservancy for Consumer Data” could establish and grow a fund that could be used to purchase customer information databases from companies looking to sell off that data as part of bankruptcy proceedings. Besides destroying the acquired data, this organization could also serve as a platform for teaching businesses how to change their mindset and realize they are not “owners” of customer data that must be monetized, but rather “custodians” charged with protecting it.
Just as consumers have increasingly been placing a high value on environmental protection when selecting companies they do business with, so too will they begin judging companies based on their reputation for safely protecting their sensitive information.
Who else is willing to join this crusade to help consumers take back control of their personal information?
Suni Munshani is the CEO of Protegrity