The dispute over the disposition of customer records held by the "Clear" airport traveler program casts a spotlight once again on the handling of consumer personal data when a business falls on hard times. In such circumstances, the desire of the debtor to preserve or maximize the value of its business assets can conflict with legitimate privacy interests of individuals who were customers of the business.

No. 08-6038 (8th Cir. BAP 11/16/09)

The dispute over the disposition of customer records held by the "Clear" airport traveler program casts a spotlight once again on the handling of consumer personal data when a business falls on hard times. In such circumstances, the desire of the debtor to preserve or maximize the value of its business assets can conflict with legitimate privacy interests of individuals who were customers of the business.

The nature of online commerce requires the collection of information from individuals to identify the parties to individual transactions, transfer funds for payment, and ensure the delivery of the goods or services being acquired. Public concern about the potential for abuse of such information by online merchants gave rise to the development of so-called "privacy policies" that provide a measure of reassurance that information collected will be protected from unauthorized use and disclosure.

On September 21, 2011, FTC Bureau of Consumer Protection Director David Vladeck sent a letter to the court appointed consumer privacy ombudsman in the Borders Group, Inc. (Borders) bankruptcy proceeding advising against the sale of Border's customer information absent customer consent or significant restrictions on the transfer and use of the information.

This blog series has been following the continuing flow of large security breaches of Protected Health Information (“PHI”) and how affected providers and insurers have been responding to their discovery. The New York City Health and Hospitals Corporation’s North Bronx Healthcare Network (“HHC”) has recently become perhaps the largest marcher in the parade of PHI security breaches with a reported 1,700,000 persons affected.

Last month, bankrupt company RadioShack settled with a coalition of seventeen attorneys general to destroy most of the company’s customer data in its files. The agreement was part of a Bankruptcy Court-approved $26.2 million sale of RadioShack’s assets.

Borders has long collected personal information from customers and promised that such information would not be disclosed without consent. In light of that and Borders' current bankruptcy proceedings, the FTC has sent a letter to the consumer privacy ombudsman overseeing the Borders bankruptcy that seeks the protection of customer personal information.