Subscription Center  

News

Venable partner Keith Owens was interviewed in a July 19, 2016 Inside Counsel article on the legal issues surrounding the sale of consumer data following a bankruptcy. Following its Chapter 11 bankruptcy filing earlier this year, Sports Authority recently auctioned off most of its assets including 114 customer files with 25 million email addresses. Sports Authority stated in its privacy policy that in the event of a bankruptcy or similar event, it could sell customer information to another company.

"The law is still developing on whether customer data may be sold in bankruptcy and, if so, under what circumstances," said Owens. "Companies in bankruptcy may sell or transfer personally identifiable information in a bankruptcy sale so long as such sale complies with applicable non-bankruptcy law" such as compliance with a debtor corporation's privacy policy.

"It is legal for consumer date to be sold so long as the sale does not violate a debtor corporation’s privacy policy. They key consideration is whether the proposed sale of consumer data violates or otherwise conflicts with the company’s privacy policy," added Owens. "If it does, the Bankruptcy Court is likely to condition the sale on the buyer's compliance with the seller's privacy policy, or to disallow the sale from going forward."

On the issue of protecting customer data from cyber theft when transferring information, Owens said, "The onus often falls on companies to act in a commercially reasonable manner to minimize the threat of cyber security…So, it is important that a company protect digital assets from both internal and external threats to mitigate against the likelihood that a hacker will cause business interruptions or worse – steal important business data or secure embarrassing data that could be used for nefarious purposes including extortion and corporate espionage…The best way for customers to protect personally identifiable information begins when data is initially shared with the company."