Millions of RadioShack customers -- as many as 117 million -- may have taken the gadget chain at its word when it pledged that it would safeguard their personal information forever.
"We will not sell or rent your personally identifiable information to anyone at any time," the chain stated on its website. At the checkout registers in its stores, a placard read: "At RadioShack, we respect your privacy. ... We pride ourselves on not selling our private mailing list."
But RadioShack is now in bankruptcy, and its mailing list and hoard of customers' personally identifiable information have been -- guess what? -- placed up for sale. The winning bidder is the hedge fund Standard General, which earlier had acquired more than 1,700 of the chain's store locations.
The final step of Standard General's acquisition of Radioshack's corpse--the $26.2-million purchase of the customer data, along with the RadioShack name--is scheduled for approval Wednesday by U.S. Bankruptcy Judge Brendan Shannon of Delaware. And it's being endorsed, with a few conditions, by a court-appointed privacy ombudsman and the Federal Trade Commission.
What this means to you as a consumer is that, when while you may think that your personal information is protected by a merchant's promise, "never" doesn't mean "never." Rather, as Gilbert & Sullivan's Captain Corcoran might put it, "never" means: "hardly ever."
RadioShack was an assiduous collector of customer data, including home and email addresses. Most customers gave little thought to turning over this information at checkout, and those who did may have been comforted by the firm's foursquare pledge to keep the data to itself. RadioShack ended up with about 8.5 million email addresses, 67 million customer names and mailing addresses, and other information acquired through the firm's role as a seller of mobile phones and services for Verizon, AT&T, and Sprint.
The firm's proposal to sell the data in bankruptcy drew objections from 22 states and the District of Columbia, led by Texas. They complained generally that the sale violated RadioShack's promise and numerous state laws. (The Texas brief is here and the other states' positions are set forth here.) The Federal Trade Commission aired its own concerns.
In March, Shannon appointed New York lawyer Elise Frejka as privacy ombudsman. Earlier this month, Frejka has indicated, all the objectors evidently resolved their concerns in mediation before a retired Texas bankruptcy judge. As of this writing, his report hasn't yet been formally filed, but the outlines of the agreement are visible in Frejka's report to Shannon and a letter from Jessica Rich, head of the FTC's bureau of consumer protection.
The information held by RadioShack, Frejka assures the court, "is not of a sensitive nature." Most of it "is available from public sources." Since the company isn't planning to sell financial information or credit or debit card numbers as part of the data package, there's no "risk of identity theft."
Some might consider this a rather casual attitude for a consumer privacy ombudsman to take. Just because your home address may be public, you might not want it to be hawked around from merchant to merchant, even with the oversight of a bankruptcy judge. Consider how much it might cost Standard General to assemble from scratch a database of 67 million home addresses of would-be electronics buyers, and you can sense the value of what's being sold. As for the "risk of identity theft," individuals could have many reasons for limiting access even to public information about themselves, short of the risk of identity theft.
Frejka counsels that the sale should go through if it adheres to guidelines the FTC established in a 2000 settlement with online retailer Toysmart. That firm also had pledged never to sell customer data to a third party, and also put its database up for sale in bankruptcy.
With RadioShack, the FTC is asking only that the Toysmart model be followed. Frejka says it will be. Standard General's plans for its acquired RadioShack stores, she says, are close enough to the bankrupt firm's model as to be "substantially the same line of business." And it has offered the same pledge of privacy as RadioShack did. "The Ombudsman concerns are allayed," she told the court.
Yet this only shows that the Toysmart case and its offspring have punched a big hole in consumers' privacy rights and expectations. Toysmart tells us that "a consumer's privacy rights must be balanced with the best interests of a debtor's estate and creditors in a bankruptcy proceeding," Frejka says.
Is that so? RadioShack didn't qualify its pledge to protect customers' information, conditioned only on what might happen in bankruptcy; it made an absolute, unconditional pledge, which the FTC and the court's privacy ombudsman are waving away on behalf of a hedge fund and RadioShack's creditors.
This is how your "privacy" gets redefined and eroded in the modern age: bit by bit, until there's nothing left of it. The database of personal information of RadioShack's customers' should have died with the company, but it will live forever.