Dot-Coms, Databases, and Dollars

Bankrupt tried to sell its customer database for much-needed cash, until a court said, "no."
Jennifer CaplanJanuary 23, 2001

Customer databases are becoming hot commodities as the number of dot-coms headed for bankruptcy pile up, but the events surrounding the recent bankruptcy of offers an important lesson for any company looking to buy or sell customer files.

Some businesses are offering cold, hard cash for customer names and records, and for the once high-flying E-commerce firms desperate to pay off creditors, the lure of easy money is hard to resist.

But with customer privacy being such a hot- button issue for New Economy companies, turning customer databases into liquid cash is not as simple as finding a buyer with an open checkbook. In fact, if a company’s intent to sell customer files becomes public knowledge, it may not be possible at all.

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

The events surrounding the death of, an online toy retailer, based in Waltham, Mass., underscore the complexity of selling customer databases.

In May of last year, the firm, which is 60 percent owned by Disney, announced that it was ceasing operations and selling its assets. On June 8, the company ran an ad in the Wall Street Journal publicizing the sale of assets, including databases and customer lists. The following day, Toysmart filed for bankruptcy.

In July, the Federal Trade Commission sued the company in U.S. District Court.

The plaintiffs alleged that Toysmart’s attempted sale of customer credit card numbers, personal information, shopping preferences, and family profiles violated the company’s privacy policy. The policy stated that “personal information, voluntarily submitted by visitors to our site, such as name, address, billing information, and shopping preferences, is never shared with a third party.”

The FTC alleged that bankruptcy was not a viable pretext for bypassing privacy obligations or federal consumer protection laws.

Toysmart soon settled out of court with the FTC, and agreed to conditions on the sale of its customer database. Customer information could be sold to a third party if the buyer took over the Toysmart business, continued to utilize it as part of a similar online toy retailer, or agreed to abide by the Internet retailer’s previous privacy policy.

In August, Judge Carol Kenner of the U.S. Bankruptcy Court of Boston rejected Toysmart’s deal with the FTC, claiming that until a buyer was specified and had declared how the customer information would be used and protected, the terms of the agreement were premature.

The next five months came and went without a satisfactory bid for the 250,000-name database. This month, Toysmart withdrew the information from public sale, and Disney proposed to pay its bankrupt partner $50,000 to destroy the database and put the company out of its misery.

The FTC backed Disney’s offer, and Judge Kenner is expected to rule on it soon. It appears likely that the judge will give the go ahead.

Still, it’s not clear that the Toysmart case has set a precedent for other E-tailers. Several industry experts who follow Internet privacy say there’s no telling what would have happened to the databases had Disney not intervened.

According to Nancy Blueweiss, a bankruptcy and E-commerce lawyer in Boston, the issue will remain unsettled until Congress writes a law or the Supreme Court decides a case involving customer databases and Internet privacy.

At the very least, the Toysmart case is sure to be latched onto by consumer advocates who argue that corporate self-regulation is not enough to protect consumers.

Some members of Congress have responded to consumer advocates’ demands and proposed legislation that would protect consumer privacy when a company files for bankruptcy. Last year, Democratic Senators Patrick Leahy of Vermont and Robert Torricelli of New Jersey submitted a bill that would prevent businesses from selling any personal information if the sale of the data violates a company’s privacy policy that was in effect when the information was first obtained. According to a Leahy aide, the bill will be reintroduced this session of Congress.

In addition Reps. William Delahunt (D-MA) and Spencer Bachus (R-AL), have introduced a similar bill in the House that would give the FTC the authority to investigate and bring actions against Web sites that violate their privacy policies.

Until legislation is passed, creditors are going to be hurt most, says Blueweiss. This is particularly true of large shareholders, including venture capitalists. The outside creditors who typically have to wait for the bankruptcy court to determine what they’ll receive will be less affected.

“I don’t know what is ultimately going to take priority, the company’s contract with the consumer or with the creditor,” she says. “There is certainly going to have to be a balancing of interests.”

Blueweiss says the question cannot be resolved by revamping bankruptcy law itself. “There will have to be some legislation or Supreme Court decision that the bankruptcy judges end up following.”

For Andrew Shen, policy analyst at the Electronic Privacy and Information Center (EPIC), companies must make a clear-cut decision. “I’m not sure there can be a balance,” he says. “The options are very clear. Companies will need to question their commitment to customer protection.”

For New Economy companies, consumer trust is particularly important. Several studies have emphasized that consumers are reluctant to do business with E-tailers that don’t protect their information. If the Toysmart case adds to this wariness, it’s going to be even more difficult for New Economy companies to develop lasting customer relationships.

Shen says if companies want to be known for being sensitive to customer concerns, they’ll have to abide by guarantees that they will not sell their customer information.

But rather than sticking by or strengthening their privacy policies, some companies have responded to the Toysmart case by inserting a few lines into the policies’ fine print. The companies have simply added clauses saying that in the event of a sale or bankruptcy, customer data can be sold or transferred to a third party.

“Privacy policies have essentially become disclaimers,” says Jonathan Gaw, a privacy analyst at the market research firm, International Data Corp. “Amazon has changed its policy and a lot of others have done the same.”

In the short term, more cash-strapped dot-coms may hawk their customer databases to the highest bidder. “E-tailers never took very serious pledges to preserve privacy to begin with,” he says, “so selling a database to somebody else is not necessarily a violation of privacy policy if there wasn’t a very strict one to begin with.”

After Toysmart’s experience, financially strapped companies may be more cautious if they attempt to sell their customer files. They may avoid publicizing the sales, say Shen and Gaw.

Blueweiss predicts that creditors of a struggling dot-com will now be more inclined to help the debtor avoid filing for bankruptcy and court supervision of an asset sale. This would not prevent the FTC from discouraging the sale of information, but it would lessen the likelihood of an asset sale being scrutinized.

EPIC’s Shen tells that although more companies will attempt to sell their customer databases in the future, they will be less inclined to publicize their activities. Since companies are not obligated by law to tell consumers when their information is going to be sold, it will become more difficult for the public to find out when it does occur.

Understanding Which ERP Modules Your Business Needs – And When