Are You Using Customers’ Information Illegally?

Do you collect data on your customers?

If you do and you attempt to sell that information, you could run into opposition from the Pennsylvania Attorney General and the Federal Trade Commission (“FTC”).

Dozens of state Attorneys General, including Pennsylvania’s, and the FTC objected recently to RadioShack’s attempt to sell data that it had collected on its customers.  According to news outlets, the bankrupt electronics retailer had tens of millions of customer records for sale, including more than 117 million containing information about the physical addresses of shoppers and 8 million associated with e-mails.  The company had offered these records for sale despite the fact that its Privacy Policy explicitly stated that it would not sell this information. 

This Privacy Policy violation drew the opposition of the state Attorneys General and the FTC.  As a result of mediation earlier this month, RadioShack agreed to limit its sale to about 67 million customer records.  The sale of the information will also be restricted to the e-mail addresses of those who specifically requested product information in the last two years, and the purchaser will only receive access to seven of 170 fields of data that RadioShack kept on its customers.  Finally, customers will be given the opportunity to have their e-mail addresses removed from the list of e-mails that will be sold.

As more companies are beginning to realize, customer data can become a valuable business asset.  The data allows companies to gauge customer interest and better market its products and/or services.  Additionally, this information can be sold to others who are interested in marketing to a business's customers.  The rise of the internet and internet-connected devices has only made it easier to collect such data.

However, companies need to be cognizant of customers' privacy concerns.  Some customers may object to the selling of their information; others may not want this information collected in the first place.  The RadioShack settlement serves as a good reminder for companies that:

  1. You should have a Privacy Policy in place to mitigate any potential exposure regarding the handling of customers’ information.
  2. Your Privacy Policy should be explicit about what type of information you collect and how you use that information.
  3. You should abide by your Privacy Policy, whatever it says.

If you need help drafting a Privacy Policy or if you have questions about data collection and handling customers’ information, contact our office at 814-870-7600 or complete this form on our website.