If you were a regular customer at a RadioShack in the past decade—and given the company’s eventual fate, there’s a good chance you weren’t—then you may have noticed that they were one of the first chains to ask you for your address, phone number, and email address upon checking out. Gathering this information was ostensibly so they could send you mail about their upcoming bargains on radio-controlled cars or whatever it was people went to RadioShack for, and their privacy policy included a commitment that the company would not sell or rent your personal identifiable information to anyone at any time.
Of course, RadioShack is bankrupt now and selling off its assets as part of the proceedings—including that personal information you gave the company because the nice kid at the register asked for it.
RadioShack is trying to auction off its customer data on some 117 million customers as part of its court-supervised bankruptcy.
The data in question, according to a legal challenge launched by Texas regulators on Friday and joined by the state of Tennessee on Monday, includes “consumer names, phone numbers, mailing addresses, e-mail addresses, and, where allowed, activity data.”
The states say the sale breaches the 94-year-old chain’s promises to its in-store and online customers that it would not sell their personal identifying information (PII) data.
“The Debtors have affirmatively stated in multiple privacy policies currently in effect that consumer PII will never be sold. Yet the Debtors come before this Court with a Motion which seeks to do precisely that,” according to the challenge.
Texas and Tennessee aren’t the only parties objecting to RadioShack selling this particular asset; AT&T, which sold cell phones through a deal with RadioShack and used the same means to collect customer data at the company’s stores, has also lodged a complaint. The telecom company insists that information that RadioShack collected through this arrangement isn’t theirs to sell.
RadioShack doesn’t dispute that it’s trying to sell this data, but it does argue that Texas and Tennessee overstate the amount of customer data it possesses, saying that it’s more like 13 million email addresses and 65 million names and physical addresses rather than the 117 million that the states have claimed. Regardless, the question remains: Is this RadioShack’s data to sell? And how bound is a company to its privacy policies, especially once it’s declared bankruptcy?
These are questions that are very relevant when considering what it looks like when a major retailer disappears in 2015. When Circuit City went under in 2008, data like this wasn’t collected as widely, and tracking customer shopping habits and information wasn’t as sophisticated as it is now. But when Borders collapsed in 2011, and Barnes & Noble paid $14 million for its intellectual property assets, most of what they were buying was the customer data that the rival bookseller collected. At the time, the FTC considered blocking the sale before it opted not to.
Privacy and personal data collection are hotter topics now than they’ve ever been, as consumers are savvier about what their information is worth to businesses, and as businesses have more sophisticated means of mining that data in targeted ways. Ad Age points out that what RadioShack intends to do isn’t new, but the way Texas, Tennessee, and AT&T are reacting to it is.
“It’s funny that people think it’s new that RadioShack is trying to monetize that asset,” said Justin Yoshimura, founder of Retail Growth Fund, a private equity fund that invests in e-commerce sites and has been involved in acquisitions of bankrupt retailers including Delia’s, Caché, Deb Shops and WetSeal. “All of those had the customer list as part of the sale. . . .”
Selling customer data as part of bankruptcy assets “is very common,” said Robert Braun, partner and co-chair of the privacy information management and data protection group at the Jeffer Mangels Butler and Mitchell law firm. However, he suggested the practice has not been challenged in any major way yet, especially now that corporate privacy policies are commonplace.
The question, ultimately, is what legal obligations a company—and a bankruptcy court, whose objective is to ensure creditors receive the most possible money from the bankrupt business—has to their privacy policy in bankruptcy proceedings. As Americans grow increasingly concerned with how their data is used, and as things remain tumultuous for retailers in an economy that is shaky for brick-and-mortar businesses in an age of online commerce, these questions are only going to be more pressing.
That’s a question that Texas is going to help bring to the fore with its lawsuit. But regardless of what happens with RadioShack’s data, it’s probably a wise idea for the privacy-concerned to take a company’s stated policies with a grain of salt.
