Concerns arose when RadioShack proposed to include 67 million customer contacts (a subset of the 117 million customer contacts it had amassed) in its asset sale to General Wireless. In its initial proposal, RadioShack offered to sell the customers’ (a) first and last name, (b) physical mailing address, (c) email address and (d) phone number, together with 21 other types of transaction data.
The FTC raised concerns that, because the deal would likely violate RadioShack’s express promise to customers not to rent or sell their information, it could constitute an unfair or deceptive practice under Section 5 of the Federal Trade Commission Act. Specifically, the FTC reasoned that companies that collect private customer data on the condition that it will not be resold have the responsibility to uphold their obligation and protect that information even if the company ceases to exist through a sale or bankruptcy.
Consumer data is a significant business asset. Businesses are advised to confirm their privacy policies are clear and permit the business to operate as it currently operates and as it may operate in the future, including expressly permitting transfers in connection with a sale of assets, merger or change of control. This is not the first time the FTC and state regulators have raised objections to the sale of customer data, but is a reminder consumer data and privacy is an increasing focus of state Attorneys General.