atLaw
Harold B. Murphy
617 226-3414
Shareholder
Areas of Concentration
Bankruptcy and Financial Restructuring
Office
The dot.com gold rush is over. Companies that months before had stock market valuations approaching IBM’s can no longer pay the electric bill to keep their websites up and running. As dot.com companies file for bankruptcy, they are once again changing the way business is done.
One of the touted benefits of on-line retailers (“e-tailers”) compared to conventional brick and mortar retailers was the luxury of not having to dedicate their capital to tangible assets such as retail locations, equipment or manufacturing plants. When a dot.com goes “dot.bomb,” the result is usually very little in the nature of hard assets available for its creditors. An exception is the information collected by the e-tailer on its customers.
In the information age, e-tailers have been highly successful in gathering information from and regarding their customers. An e-tailer’s database of customer information is frequently its most valuable asset. This customer information includes not just the customer’s name and address (including email address) but also information such as credit card numbers, personal shopping habits, and names and ages of other family members.
To encourage and provide a measure of comfort to customers voluntarily revealing personal and confidential information, e-tailers’ websites frequently contain a privacy statement or guarantee regarding their permitted use of such information. An e-tailer often represents that customer information will not be sold or disclosed to a third party. Although, as a general matter, U.S. law does not provide individuals with property rights in information about them, an e-tailer’s privacy statement does create an obligation to consumers.
In the context of a bankruptcy, an e-tailer’s promise can deprive its creditors of a significant asset—it can also threaten consumers with the loss of their privacy. If the company sells its customer information, the estate may be burdened with individual consumer claims for breach of the privacy statement. The privacy statement may also create a license to use the customer information only as long as the e-tailer complies with its representations.
This is precisely the scenario that occurred in the bankruptcy case of toy e-tailer Toysmart.com—one of the first of a wave of e-commerce bankruptcies. Toysmart had collected a substantial and detailed database of its customers. Toysmart’s webpage prominently featured a privacy statement assuring its customers that “Personal information… is never shared with a third party.”
Prior to its creditors filing an involuntary bankruptcy case, Toysmart hired a consultant to assist in the sale of its assets including its database of customer information. Toysmart ran advertisements regarding the availability of its assets, in the national edition of The Wall Street Journal. In addition to gaining the attention of prospective purchasers, the ads came to the attention of the Federal Trade Commission and several state attorneys general.
After the involuntary bankruptcy petition, Hanify & King was asked to represent Toysmart in its bankruptcy proceeding. Among other things, Toysmart altered its proposed sale, providing for the sale only as part of a package with its other website-related assets. On behalf of Toysmart, Hanify & King negotiated an agreement with the FTC that allowed the sale of Toysmart’s customer information only to purchasers engaged in Toysmart’s line of business and who expressly agreed to abide by Toysmart’s privacy policy.
Since the Toysmart case, the FTC and state attorneys general have increasingly acted as consumer watchdogs regarding the sale of customer information in the context of bankruptcy proceedings. The FTC and attorneys general have sought to enjoin the transfer of customer information contrary to a company’s privacy statement. They have also successfully conditioned the transfer of customer information on the requirement that individuals be able to “opt out” their personal information from such sales. Congress has joined in by seeking to amend the Bankruptcy Code to close the “Toysmart.com loophole” by expressly excluding “personal identifiable information” subject to a privacy policy as an asset of a bankruptcy estate.
The most significant change, however, has occurred on the websites of not just surviving e-tailers but almost every company that solicits information on the internet. Succinct and unequivocal privacy statements, such as Toysmart’s, have been replaced by those drafted by lawyers with an eye towards future uncertainties. These revised privacy statements contain few unconditional promises, even fewer uses of the word “never”, and many caveats. Increasingly, these privacy statements also expressly provide that customer information is an asset of the company that can freely be sold to a third party.
