Who Do You E-Trust?

Privacy competes with bankruptcy code

Expect more respect for Web site privacy statements. Beyond highlighting public distrust of Internet transactions, privacy statements often pledge that personal consumer information, including transaction details, will remain private and never shared with third parties.

But the Internet is neither doctor nor lawyer, and the law regarding enforcement of such promises is far from settled in the unsettled New Economy.

"The Internet is going through uncharted waters. Many companies have little experience going out of business, let alone being in business," observes Dave Steer, spokesman for privacy advocate TRUSTe, which has awarded "TRUSTe Privacy Seals" to some 2,000 Web sites that meet its criteria for privacy preservation.

TRUSTe sounded early warnings in June 2000 that flailing Toysmart planned to sell its 250,000-name database to raise cash, despite privacy-statement promises to the contrary. TRUSTe joined 42 state attorneys general and the FTC to stop Toysmart. The issue was resolved earlier this month when majority-shareholder Disney paid Toysmart $50,000 to destroy the database.

"We would have been satisfied if Toysmart had gotten each customer's approval," Steer says. "[But]the company said that in bankruptcy, all bets were off. We disagreed."

A basic tenet of bankruptcy law is to maximize recoveries to creditors. For dot-coms with few assets, customer lists might yield considerable cash. Thus, as a matter of law, privacy competes with the Bankruptcy Code.

Business valuation expert Michael O'Brien, vice president, Houlihan Lokey Howard & Zukin, says he believes that "stand-alone customer databases are worthless if privacy statements are attached." For thriving companies, the data has calculated value as future cash flow. For failures, he adds, "anyone buying the database would also have to buy the company."

That's precisely how CraftShop resolved its going-out-of-business dilemma. The Internet company sold its name and its privacy-protected database, eliminating the transfer to a "third party." This solution has yet to be tested in court.

The Toysmart case established a compelling precedent, says TRUSTe's Steer. "It showed that companies will be challenged if they step over the line, and it produced a tremendous chilling effect on the value of customer databases."