Failed 'Dot-Coms' Selling Personal Consumer Data

Failed ‘Dot-Coms’ Selling Personal Consumer Data

By GREG SANDOVAL

July 1, 2000 12 AM PT

CNET NEWS.COM

SAN FRANCISCO —

Some failed “dot-coms” are releasing information their customers may have thought would remain under lock and key as they scramble to sell assets to appease creditors.

Boo.com, Toysmart and CraftShop.com have either sold or are trying to sell customer data that could include information such as phone and credit card numbers, home addresses and even statistics on shopping habits.

The practice has angered some privacy watchdogs and possibly thousands of consumers who assumed the data would not be transferred.

“It is inappropriate and potentially illegal to sell customer information when it was collected under the assumption that it wouldn’t be shared,” said Dave Steer, a spokesman for Truste, which monitors privacy on the Internet. “It’s an invasion of privacy and if not handled swiftly could happen again and again.”

Boo.com and Toysmart are among the more than 2,000 sites that have met Truste’s criteria for safeguarding their customers’ privacy.

When Fashionmall.com Inc. purchased some of the assets of Boo.com this month, it specifically noted that it had acquired data on Boo.com’s 350,000 customers. Since filing for protection from creditors under U.S. bankruptcy law in May, CraftShop has been actively seeking a buyer for its customers’ personal information that it had promised “to never disclose . . . ever.”

Toysmart, meanwhile, advertised the sale of its customer list and database in the Wall Street Journal last month after ceasing operations. The company overseeing the sale of Toysmart’s assets, Recovery Group, said it has received several bids for the customer information.

A final sale will depend on settling the question of whether the action violates Toysmart’s privacy agreement.

“A federal judge [Carol Kenner] will probably decide whether the information can be sold,” said Stephen Gray, Recovery Group’s managing director.

The industry has sought to temper consumer fears by posting detailed explanations about information being collected and how it is used. Privacy agreements are now standard on most Internet retailers’ sites, with varying degrees of actual privacy depending on the wording.

In CraftShop’s privacy statement, the company stated: “We will hold your secure online shopping information in the strictest confidence. We will never release it to any person or any company for any purpose. We do not sell, rent or lend any part of our mailing list.”

The company that buys the CraftShop name is free to use the list as long as it does so as CraftShop.com, according to the company’s former chief executive, Angus Mackey.

While such a transfer may be perfectly legal, the CraftShop sale is taking advantage of a loophole, according to Andrew Shen, policy analyst with the Electronic Privacy and Information Center, a privacy watchdog group based in Washington.

Shen said lawmakers should bar bankrupt companies from selling customer data to pay their creditors or for any other reason.