Customer information has become an increasingly valuable business asset. And, the volume and detail of other available information about consumers has increased along with it, well beyond mere customer names and addresses to preferences, purchasing history, and online activity. This means that when a business is sold, customer information is often sold along with it. But careful diligence is required in handling this intangible asset, and the recent settlement in the RadioShack bankruptcy case is instructive.
As part of its Chapter 11 sale of assets, RadioShack proposed a sale of portions of its customer records database, containing personally identifying information (“PII”) such as customers’ name, mailing address, email address, phone number, and 21 other types of transaction data (such as store number and tender amount), of approximately 67 million customers. The proposal quickly drew objections, most notably from the FTC and a coalition of 38 state Attorneys General led by Texas.
Ultimately, a settlement was reached and the sale of customer information was approved, but in truncated form. RadioShack agreed to limit contact information to email addresses only, and only those that were active in the two years prior to the bankruptcy filing. Additionally, transaction data was reduced from 21 fields to 7. The purchaser agreed to abide by RadioShack’s privacy policies and to require affirmative assent to any material change to them. The settlement also provided that customers would receive a notice of the transfer of their information and an opportunity to opt out.