Privacy Policies Mean Nothing

You know those privacy statements websites post? Some people actually read them! And they’re sometimes convinced to do business with companies that have decent privacy polices. While this isn’t a bad idea since decent privacy policies are nice they’re also useless when it comes to protecting your privacy. Why that? Because your personal information is a valuable asset so if the company goes out of business they will auction it off to somebody else who isn’t bound by the privacy agreement:

RadioShack is trying to auction off its customer data on some 117 million customers as part of its court-supervised bankruptcy.

The data in question, according to a legal challenge (PDF) launched by Texas regulators on Friday and joined by the state of Tennessee on Monday, includes “consumer names, phone numbers, mailing addresses, e-mail addresses, and, where allowed, activity data.”

The states say the sale breaches the 94-year-old chain’s promises to its in-store and online customers that it would not sell their personal identifying information (PII) data.

“The Debtors have affirmatively stated in multiple privacy policies currently in effect that consumer PII will never be sold. Yet the Debtors come before this Court with a Motion which seeks to do precisely that,” according to the challenge.

It would be nice to see this lawsuit stop the sale of the data but I’m doubting that will be the case as other companies have gotten away with doing this in the past. But the moral of this story is that protecting your privacy cannot be accomplished by a simple privacy agreement. At any point the company can go under and then it is no longer bound to the agreement but it still has your data and creditors will demand it gets sold off.

The key to privacy is only giving out personal information you’re willing to have go public. Otherwise you need to maintain your anonymity. It’s up to you to protect your privacy.