Yottabytes: Storage and Disaster Recovery

Jul 17 2016   10:09AM GMT

Sports Authority Sells User Data

Sharon Fisher Sharon Fisher Profile: Sharon Fisher

Tags:
privacy
Security
Storage

If you’ve ever been a customer of Sports Authority, you may now suddenly be a customer of Dick’s Sporting Goods. And you probably never felt a thing.

Sports Authority, which filed for Chapter 11 bankruptcy protection in March, recently auctioned its intellectual property, including its name, its e-commerce site, and about 114 million customers’ files and 25 million email addresses, writes Alex Schiffer in the Los Angeles Times.

Dick’s Sporting Goods, which also purchased a number of the company’s other assets, won the data with a $15 million bid, a sum that the Jackson, Mississippi Clarion-Ledger‘s Bill Moak thought a steal. “For just $15 million, Sports Authority rival Dick’s Sporting Goods snapped up the files,” he writes. “Many analysts consider that a paltry sum to pay for such potentially-valuable information, and could potentially help Dick’s build its presence in new areas where Sports Authority had previously dominated.”

As you may recall, a year ago the bankruptcy sale of Radio Shack raised the issue of who owns personal data about customers and what rights a company has to sell that data as an asset to another company. While everyone was having kittens about the issue last year, the similar issue this year with the bankruptcy sale of Sports Authority hasn’t drawn nearly the attention. It’s not clear whether everyone’s simply gotten used to the idea, or sporting goods users just aren’t as up on the issue as electronics nerds were.

Part of the difference? In the case of Radio Shack, the company had posted a data privacy policy in its stores promising that it wouldn’t sell its mailing list, even in the case of a bankruptcy auction. Sports Authority – perhaps following the recommendations of a 2010 paper, “Emerging Privacy Issues in Bankruptcy” — had the opposite policy: “We may transfer your personal information in the event of a corporate sale, merger, acquisition, dissolution or similar event,” Schiffer writes.

(Ironically, Fortune even compared Sports Authority’s bankruptcy and potential future business model to that of Radio Shack.)

The uproar over Radio Shack’s proposed sale of customer data – including attention from the Federal Trade Commission (FTC) — eventually led it to cancel the sale as a separate item, and simply included it as part of a package deal with its stores. Instead, the hedge fund Standard General bought RadioShack’s business and customer data for $26.2 million, Schiffer writes. Customers also had the right to remove their information, but had only a week to do so, writes Laura Northrop for The Consumerist. Plus, since Sprint bought some of the assets, information having to do with Verizon and AT&T was also withheld from the sale.

The FTC also intervened in 2014 when ConnectEdu, an education technology company, sold personal information of high school and college students, some of whom were minors, Schiffer adds. The new buyers, Graduation Alliance and Symplicity Corp., instead offered customers the choice of destroying their information, he writes. Similarly, in 2000 the FTC sued Toysmart.com, because it wanted to sell customer details — including children’s names and birth dates — even though the company’s privacy policy had promised not to share that information with third parties.

In addition, the state of Texas intervened when True.com, a dating site based in Plano, Texas, tried to sell its customer database on 43 million members to a dating site based in Canada. That information included consumers’ names, birth dates, sexual orientation, race, religion, criminal convictions, photos, videos, contact information and more. But the site’s privacy policy had promised never to sell or share members’ personal details without their permission.

But such interventions appear to be coming less and less often as companies realize the value of the data and make provisions for being able to exploit it.

It’s not like this is the first time that companies have bought and sold customer data, Moak writes. Anyone who’s ever used an odd middle initial so they can track what happens to their name after they give it to a company knows that. What’s different is companies seeing that data as a separate asset to sell in a bankruptcy sale.

“The sale of customer information is a huge industry, and many consumers are blissfully unaware their information is being bought and sold every day,” he writes. “Email addresses, physical addresses, phone numbers and other information is tremendously valuable to companies looking to build sales, and they collect it in numerous ways — often voluntarily through loyalty and discount programs.”

A New York Times investigation of the top 100 websites in the U.S. found that of the 99 sites with English-language terms of service or privacy policies, 85 said they might transfer users’ information if a merger, acquisition, bankruptcy, asset sale or other transaction occurred. “The sites with these provisions include prominent consumer technology companies like Amazon, Apple, Facebook, Google and LinkedIn, in addition to Hulu,” write Natasha Singer and Jeremy Merrill. Plus, only a few sites included an opt-out policy. Even the Times itself says it could sell customer data and doesn’t include an opt-out provision, they report.

It seems likely that in the future, more stores are going to be following Sports Authority’s lead, Users for whom this is an issue will need to start reading policy documents and plan their shopping accordingly.

The bankruptcy court still has to approve the sale.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: