Consumer Data in Dot Com Era—Toysmart
RadioShack—Following the Toysmart Example
RadioShack’s sale process replayed several of the Toysmart themes and similarly met a negotiated—not judicially determined—resolution. Following the sale of its 1,743 store leases this spring to General Wireless, an affiliate of hedge fund Standard General, RadioShack initiated an auction process for the sale of its intellectual property, including the RadioShack name and a collection of customer information.
RadioShack’s customer information, however, is a valuable asset. Accordingly, as part of the bankruptcy process, the RadioShack trustee sought court approval to sell a subset of such information in its database, including 67 million complete customer names and physical addresses, and around 8.3 million email addresses, to General Wireless for $26.2 million dollars.
The debtor and various objectors mediated these issues and ultimately reached a deal modeled on the Toysmart approach. In the end, Bankruptcy Court Judge Brendan L. Shannon approved the parties’ settlement, authorizing the sale subject to certain conditions, including that General Wireless must:
- Send emails to all included email addresses notifying customers of the purchase and offering them seven days to opt-out of the transfer of their personal information;
- Mail those customers for whom it has a physical address, but no e-mail address, a notification that it has purchased the assets of RadioShack and offering such customers 30 days to opt-out of the transfer of their information;
- Provide a notice on the RadioShack website, with both an online opt-out option and a toll-free telephone number to call to exercise the option; and
Furthermore, the deal prohibits RadioShack from transferring sensitive information, such as debit or credit card numbers, dates of birth, Social Security numbers or other government-issued identification numbers.
In the intervening 15 years since the Toysmart brouhaha, very little legal guidance has developed to define the contours of pre-bankruptcy privacy promises in bankruptcy sales. As in the Toysmart situation, the privacy-related objections raised to the RadioShack sale were consensually resolved, leaving parties without a judicial resolution to these issues. Nevertheless, certain themes are emerging.
First, by virtue of settling, the FTC and states seem to recognize that consumer privacy rights are not absolute—they must be balanced with the best interests of a debtor’s estate and creditors in bankruptcy.
Third, the ability for customers to opt-out of the transfer of their personal information seems to be key. This was a sticking point in the Toysmart matter, leading to the ongoing controversy even after resolution with the FTC.
More broadly, however, perhaps the main lesson from RadioShack is this: Privacy policies ideally should anticipate bankruptcy scenarios and alert consumers that their information may be sold in bankruptcy or other divestitures. Such a direct acknowledgement would serve consumers by advising them of the possible fate of their personal information, thereby allowing them to make an informed decision about what information to volunteer. It would also serve the eventual debtor and its creditors, simplifying the sale process and maximizing the sale value of collected information.