The Consumerist reports that RadioShack, facing bankruptcy, planned to take its customer database and put it up for auction to pay back its creditors, which contains millions of:
- Physical addresses.
- Customer names.
- Email addresses.
- Other identifiable information.
What's the problem? RadioShack's privacy policy promised consumers it wouldn't sell their data, and now, privacy activists and state law enforcement officials have objected so strongly that RadioShack has backed down from this plan.
Even for an independent contractor working in IT, this issue is worth following. No matter how big or small your company is, it's crucial to understand how privacy policies work.
Do Privacy Policies Get Liquidated in a Bankruptcy?
A Washington Post article details the history of multiple bankruptcy-related privacy policy disputes. As it turns out, the Federal Trade Commission stopped Toysmart.com from selling its user data after the dotcom bubble burst in 2000. That data, which contained children's information, was securely destroyed instead.
While the FTC has stopped other companies in the past, many tech businesses are uncertain about their responsibilities in bankruptcy or merger. Google, Facebook, and other companies leave their privacy policies open-ended.
These liabilities may seem pretty "big picture" for an independent contractor working in IT, but these issues could come up. For instance, a database admin could be hired to oversee a data migration by a client that has acquired a competitor. In this situation, the contractor could unwittingly be violating the client's privacy policy simply by transferring data from one company to the next.
For this reason, it's important to check your client's privacy policies and know the liability issues surrounding them. To learn about covering these legal risks, check out Errors and Omissions Insurance, which can pay for third-party data liability lawsuits.
Privacy Policy Issues and IT Contractors: What You Can Learn from RadioShack
A privacy policy is one of the most important documents a new business can use, especially if it requires customer data to operate. Privacy policies are a contract between the web page or service provider and the user. You and your clients are legally responsible to fulfill the obligations you set out in your privacy policies.
You can use our sample privacy policy as a starting point for your own policy. Here are some of the basic things your policy should do:
- Outline who has access to the private data you store.
- Disclose whether you share data with third parties (e.g., marketers, outsourced IT, or other companies).
- Allow a way for users to contact you about privacy issues.
In RadioShack's policy, the company said it wouldn't sell its customers information to other companies, suggesting this bankruptcy auction is a violation of the contract the company has made with its customers.
In the world of tech, liabilities and risks change every day. While it's crucial to use contracts and policies to protect your company, it's impossible to plan for every contingency. A smart risk management strategy should use privacy policies and contracts, but also have the lawsuit protection that small business insurance can offer.
