Just how safe is the personal information you give to retailers? Not very, if the various data breaches consumers have suffered through is any indication.
Target, Home Depot, and most recently health insurer Anthem (NYSE:ANTM), which said up to 80 million Americans had their confidential data compromised by hackers, have all exposed consumers to the risks of identity fraud because of lax security protocols.
The hackers might be sophisticated, as Anthem claimed in its announcement last month. But consumers expect companies to be more prepared, particularly with data such as medical records that we're now required to give over and which companies are mandated by the Affordable Care Act to keep electronically.
Broadcasting our identity
Yet you might not realize that hackers aren't the only threat to your personal information. Through very legal avenues, the information you voluntarily turn over to a company could end up in the hands of others you never anticipated.
The bankruptcy of RadioShack shone a light on what could happen to your data when a company goes under.
Privacy advocates and state attorneys general around the country were alarmed to find out that Hilco Streambank, the firm handling the disposition of the electronics retailer's intangible assets, listed 65 million mailing addresses and 13 million email addresses as part of the inventory being auctioned off when RadioShack declared bankruptcy.
RadioShack was one of the first companies to ask customers for their address, phone number, and email at the time of purchase. And though the sale of its customer database has created something of an imbroglio, such IP portfolios are valuable commodities and selling them off during bankruptcy proceedings is commonplace.
- DVR maker TiVo bought the trademarks and customer lists of Aereo earlier this month after the broadcasting upstart was forced into bankruptcy five months ago.
- Investors have apparently received approval to purchase the intellectual assets and customer lists of bankrupt Delia's.
- Delia's itself bought the trademarks and mailing lists of bankrupt mail order catalog Fulcrum Direct in 1998.
- Softree won Deb Shops' IP, goodwill, and customer lists following the latter's bankruptcy.
While RadioShack has since said the personal data it collected won't be sold off, don't be so sure the personal information you give to a retailer will remain only with that retailer.
Reading the fine print
The RadioShack case raised such a hubbub because its privacy policies specifically said such information would not be sold, ever: "We will not sell or rent your personally identifiable information to anyone at any time."
The only caveat was if you gave consent to RadioShack to share your information, such as by opting in to receive emails. While most people probably didn't realize that's what was happening when they signed up to receive them, RadioShack has fortunately made the matter moot. The consumer privacy ombudsman attached to the bankruptcy case said RadioShack informed her that the personal information the retailer collected is not part of the auction.
Yet the whole episode should have people wondering about all the information they give out, not only to retailers, but on social media as well.
Across all of Google's (NASDAQ:GOOG) (NASDAQ:GOOGL) properties, from YouTube to Google+, how much personal data have you been required to turn over in order to use and access its services without thinking that in the event of "a merger, acquisition, or asset sale" the search giant will transfer the data to a new owner?
Facebook (NASDAQ:FB) also comes right out and tells you "If the ownership or control of all or part of our Services or their assets changes, we may transfer your information to the new owner." The social media giant already shares your information within its "family of companies," but someone buying out the social network would get access, too.
Break the connection
This is a connected world, but that doesn't mean you have to give up your privacy. When you buy groceries at the supermarket you're not required to turn over any information to the cashier, and it shouldn't be necessary to purchase a pair of pants, a hammer, or an electronic doodad.
While our medical records are required to be stored electronically, thus putting our most personal information at risk to hackers, data breaches and retailers' willingness to auction off your information during a sale represent a whole wider area of risk. They strongly argue in favor of never giving up anything more than the absolute barest minimum to complete a transaction. You should act like your privacy depends upon it -- because it does.