Privacy watchdog group TRUSTe issued guidelines Wednesday designed to address the issue of what happens to consumer information when a dot-com shuts down or merges with another company.
Currently in draft form, the guidelines say that the privacy policies instituted when a dot-com is in business must be followed when they are going out of business.
The guidelines also say that both the company selling a consumer database and the company acquiring it have the responsibility of ensuring that the privacy guidelines are followed.
“Our goal with these guidelines is to strike a reasonable balance between consumer privacy rights and expectations, and the business need to realize the full value of corporate assets,” TRUSTe president and chief executive officer Bob Lewin said. “In an economy valued by information, customer data is like gold and, as such, deserves enhanced protection.”
TRUSTe has posted the privacy guidelines on its Web site for a 60-day public comment period, after which it will distribute a final version to the general public and licensees of its privacy seal program.
Ins and Outs
TRUSTe recommends that companies undergoing a merger or a bankruptcy have a neutral third party oversee any transfer of personal information to ensure that consumer rights are protected against the “singularly focused demands imposed by creditors.”
The watchdog group said that depending upon privacy promises already, companies in flux must notify their customers of any transfer of information and obtain consent prior to turning over personally identifying information to another company or entity.
If a company promised never to share personal information with outside entities, it should obtain specific opt-in consent from consumers before sharing information, the guidelines said. However, if the company’s privacy guidelines indicate that personal information might be shared with others, customers should be given the chance to opt out of any data transfer.
“From the writing of the business plan through each of a company’s evolutionary steps, privacy must be top-of-mind throughout a company’s lifespan,” Lewin said. “Clearly, privacy is not just an issue for advocates and policy makers. Rather, it has become a fundamental concern among creditors and shareholders.”
The Privacy Flap
The privacy issue came to a head last summer when TRUSTe licensee Toysmart.com announced that it planned to sell its customer database along with the rest of its assets.
The outcry from privacy groups led the U.S. Federal Trade Commission (FTC) and over 40 attorneys general to file suit to stop the sale. In January, a deal was reached to have a subsidiary of The Walt Disney Co., an original backer of Toysmart, purchase the information for US$50,000 and destroy it.