Slashdot Mirror

← Back to Stories (view on slashdot.org)

When a Company Gets Sold, Your Data May Be Sold, Too

Posted by Soulskill on from the what's-yours-is-ours-and-what's-ours-is-somebody-else's dept.

An anonymous reader writes: A new report points out that many of the top internet sites have language in their privacy policies saying that your private data might be transferred in the event of an acquisition, bankruptcy sale, or other transaction. They effectively say, "We won't ever sell your information, unless things go bad for us." 85 of the top 100 websites in the U.S. (ranked by Alexa), had this sort of language, including Amazon, Apple, Facebook, Google, Hulu, and LinkedIn. (RadioShack did this recently.) "The potential ramifications of the fire sale provisions became clear two years ago when True.com, a dating site based in Plano, Tex., that was going through a bankruptcy proceeding, tried to sell its customer database on 43 million members to a dating site based in Canada. The profiles included consumers' names, birth dates, sexual orientation, race, religion, criminal convictions, photos, videos, contact information and more. Because the site's privacy policy had promised never to sell or share members' personal details without their permission, Texas was able to intervene to stop the sale of customer data, including intimate details on about two million Texans." But with this new language, users no longer enjoy that sort of protection. Only 17 of the top 100 sites even say they will notify customers of the data transfer. Only a handful allow users to opt out.

2 of 92 comments (clear)

  1. Re:File this under "no big surprise:" by Shoten · · Score: 3, Interesting

    Reason #43385634 why I try to minimize my exposure by refusing to give as much personal information as I can as often as I can. Paying in cash for day-to-day transactions helps out a lot too.

    No kidding.

    With regard to True, I once used their service, very briefly. And then, a year later, I started getting all kinds of spam to the email address I had created just for that one account. Mind you, I literally had given this email address to only one entity, ever...the True website. I ended up just re-creating the email account and blackholing it.

    So either they had a breach (and didn't report it) or they sold the email address in violation of their own agreement. Since there are criminal legal consequences to not reporting a breach of PII and there have been many studies that indicate that companies (especially ones that are failing) violate their own privacy terms, I think the latter is more likely.

    --

    For your security, this post has been encrypted with ROT-13, twice.
  2. Please don't confuse by NotInHere · · Score: 3, Interesting

    Your data = "data which you fully control", usually a part of the data on your HDD. Its getting less and less year after year.
    Data about you = "data you use as payment for 'free' services"