Creditors of a Chapter 11 debtor asserting “state law, constructive fraudulent [transfer] claims … are preempted by Bankruptcy Code Section 546(e),” held the U.S. Court of Appeals for the Second Circuit on March 29, 2016. In re Tribune Company Fraudulent Conveyance Litigation, 2016 WL ____, at *1 (2d Cir. March 29, 2016), as corrected.

Recent court filings highlight the need for health care providers to protect patient privacy by implementing specific procedures when filing claims in bankruptcy cases of their patients, as a matter of federal bankruptcy and other law. Last year, WakeMed, a Raleigh, North Carolina-based health care system, asserted a claim for $553.00 for unpaid medical services in a chapter 13 consumer bankruptcy case.

Last week, the United States Court of Appeals for the Sixth Circuit issued a decision in the case of Cyber Solutions International LLC v. Pro Marketing Sales, Inc. Although the decision blazes no new legal territory, the facts of the case and rulings offer important lessons for both lenders and licensees.

Personal data is a valuable corporate asset.  At times, the personal information collected from customers (such as email address, mailing address, phone number, etc.) can be a company’s most valuable asset.  Unfortunately, when a company attempts to sell this asset, it can find the value of the data significantly diminished due to promises made in a privacy policy the company implemented years before it ever contemplated such a sale.

Customer information has become an increasingly valuable business asset.  And, the volume and detail of other available information about consumers has increased along with it, well beyond mere customer names and addresses to preferences, purchasing history, and online activity.  This means that when a business is sold, customer information is often sold along with it.  But careful diligence is required in handling this intangible asset, and the recent settlement in the RadioShack bankruptcy case is instructive.

Be careful what you’ve promised your customers…or what has been promised about data you buy!

Last month, bankrupt company RadioShack settled with a coalition of seventeen attorneys general to destroy most of the company’s customer data in its files. The agreement was part of a Bankruptcy Court-approved $26.2 million sale of RadioShack’s assets.

When a bankrupt company’s most valuable assets include consumer information, a tension arises between bankruptcy policy aimed at maximizing asset value, on the one hand, and privacy laws designed to protect consumers’ personal information, on the other.

Much has been written of late about data breaches and the liabilities for the unauthorized acquisition of Personally Identifiable Information (PII) from institutions, including financial institutions. But what about when the alleged “breach”--the release of information --is voluntarily and/or legally compelled? What are the risks for creditors who take collateral, in security for the repayment of debt, containing PII data? What are the risks to businesses when they transfer assets that include PII? What liabilities do they face? What are the rights of customers?

Following the Texas Attorney General’s objection to the sale of RadioShack Corporation’s consumer data as an asset in its bankruptcy, 37 other state attorneys general and a large number of other consumer protection entities formally raised similar concerns. RadioShack, which filed for bankruptcy on February 5, 2015, revealed in a representative’s deposition on March 20, 2015 that it held personally identifiable consumer data of 117 million consumers, or 37% of the residential population of the United States.