Review Your Privacy Policy

If you have an online business and there’s the possibility of an acquisition or bankruptcy in your company’s future, you would be wise to review your privacy policy.

What kind of promises does your policy make about using personal information, and are those promises realistic if your company is acquired or goes bankrupt and must sell its assets?

Personal Information is Valuable Digital Currency

Personal information is the new digital currency, and for many online companies, it’s their most valuable asset.

If your privacy policy claims that you will never share a specific type of personal information with third parties, such as email addresses, you may be unable to transfer or sell information assets as part of an acquisition or bankruptcy proceeding.

Earlier this month, a bankrupt, youth-oriented website found itself in this position when the Federal Trade Commission (FTC) warned them that selling their former subscribers’ information would violate the company’s privacy policy and risk enforcement action.

David Vladeck, the director of the FTC’s Bureau of Consumer Protection, was very clear on this point.

“The XY privacy policy is simple, explicit, and clear,” Vladeck wrote. “Subscribers and members were told that their personal information would not be sold, shared, or given away to ‘anybody.’ Therefore, any sale or transfer of the data to a new company, new owner, or other third party would directly contravene the privacy representations and could constitute a deceptive practice by the original company or its principals.”

In June, privacy lawyers Lisa J. Sotto, Scott H. Bernstein, and Boris Segalis of Hunton & Williams wrote an excellent article entitled “Emerging Privacy Issues in Bankruptcy.

They conclude:

“While it is critical to address consumers’ privacy expectations in preparing privacy notices, it is also important for companies to avoid excessive privacy commitments that may adversely affect strategic business interests now and in the future, including the value of the company’s personal information assets.”

If you’re a large company your privacy policy should be subject to regular review and revision as it adapts to your evolving business.

Privacy policies need not only accurately reflect current information practices, but should also be forward-looking documents that anticipate future information needs.

So word your privacy policy appropriately and as always, provide your customers with transparency, accountability and choice surrounding the collection and use of their personal information.