RadioShack to auction off customer data, violating own privacy policy

RadioShack prepares to sell customer data in violation of its own privacy policy

RadioShack logoRetail chain RadioShack is looking to cash in the information it holds on its customers as part of its bankruptcy sale.

According to Hilco Streambank, personal data including over 65 million customers’ names and physical addresses, as well as 13 million email addresses, has been made available to the highest bidder.

All this despite the fact that the company’s online privacy policy quite clearly states:

We will not sell or rent your personally identifiable information to anyone at any time. We will not use any personal information beyond what is necessary to assist us in delivering to you the services you have requested. We may send personally identifiable information about you to other organizations when: We have your consent to share the information (you will be provided the opportunity to opt-out if you desire).

According to the Washington Post, the auction for RadioShack’s assets has already been completed, with Standard General – a hedge fund and RadioShack’s largest shareholder – the winner.

But the deal is yet to be completed as a bankruptcy court will need to approve the deal and, even then, there may be more legal hurdles to overcome before RadioShack can hand over any customer data.

According to a case filed in Texas, state regulators have offered up some objections to the proposed transaction, saying the sale would breach the company’s online privacy policy as well as in-store promises not to sell personal identifying information (PII).

The court filing also notes that the sale of customer data is illegal under state laws, which prevent the selling of personal information in violation of a company’s own privacy policies, as covered by the Texas Deceptive Trade Practices Act.

Responding to the possibility that RadioShack may sell its customer data in direct conflict with its stated privacy policy, New York Attorney General Eric Schneiderman said in a statement:

When a company collects private customer data on the condition that it will not be resold, it is the company’s responsibility to uphold their end of the bargain. My office will continue to monitor Radio Shack’s bankruptcy sale and whether it includes auctioning off private customer data. We are committed to taking appropriate action to protect New York consumers.

But it’s not only the authorities that are concerned about the privacy implications of this case – AT&T wants RadioShack to destroy the data, fearing that the data may fall into the hands of its competitors and claiming that some of it was obtained through the sale of its mobile contracts and is thus not RadioShack’s property in the first place.

To further complicate matters, a previous case in Manhattan may have some bearing after authorities approved the auctioning off of personal data under some circumstances.

In 2011, the Federal Trade Commission (FTC) gave the green light to the $13.9 million sale of Borders’ intellectual property to Barnes & Noble, on condition that the same privacy policy applied, the buyer operated within the same line of business, and if the data was sold in conjunction with other assets.

With Standard General reportedly looking to keep some RadioShack stores open, it may try to argue that any use of customer data may fall into a similar situation.

So what can consumers do to protect their data?

While the RadioShack ship may have already sailed, consumers should be aware that there is no legal requirement to hand over any information to a company beyond that which is required to complete the transaction.

So, next time a business asks for additional information that is incidental to the transaction being carried out, you are well within your rights to say no.