Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Privacy Pitfalls in Transactions


Published on

A continuing legal education program on the privacy issues in transactions including credit applications and issuance, asset purchases, mergers and acquisitions, marketing and advertising and bankruptcy, given on May 21, 2013 by Jonathan I. Ezor at Olshan Frome Wolosky in New York City.

  • Be the first to comment

  • Be the first to like this

Privacy Pitfalls in Transactions

  1. 1. Privacy Pitfalls inTransactionsJonathan I. Ezorjezor@olshanlaw.comCounsel,Olshan Frome Wolosky LLPCLE Lunch SeminarMay 21, 2013
  2. 2. Privacy and Data Protectionin Business: Laws andPractices (LexisNexis 2012)
  3. 3. Privacy Has Dual MeaningIn Business World• Freedom from having behavior monitored– In person– Over the Internet• Protection of “Personally Identifiable Information”– Any fact(s) that can identify a unique individual– Issues of use, misuse and disclosure• PII more often subject of laws, policies• Digital age added significant weight to
  4. 4. Legal Issues Relating toPrivacy• Constitutional/statutory/regulatory protections• Gov’t practices• Business collection/use of data• Sensitive info (financial, health)• Reputational damage• International concerns•
  5. 5. Consumer Privacy:Value Versus Value• Consumers may benefit from information use– Regular customers’ preferences known– Sales linked to previous purchases• Businesses benefit from collecting, usinginformation– PII– Behavior (purchases, etc.)• Issue is balancing value to consumer againstvalue of
  6. 6. 2012 White House ConsumerPrivacy Bill of Rights• Individual control over what personal data organizations collectfrom them and how they use it• Transparency that allows consumers to easily understandinformation about privacy and security practices• Respect for the context in which consumers provide data• Security and responsibility in the way companies handle personaldata• Access to personal data in usable format and an ability to correcterrors• Reasonable limits on the personal data that companies collect andretain• Accountability as to how companies handle personal
  7. 7. Privacy Policy:Primary Self-RegulatoryMethod• Consumers must be informed to make properdecisions regarding use of their information• As with securities, information provided throughdisclosure, via privacy policy• Accuracy a requirement• FTC, others may penalize inaccurate
  8. 8. Example TransactionsRaising Privacy Concerns• Credit checks and issuance• Asset purchases, mergers andacquisitions• Advertising and marketing deals•
  9. 9. Credit: Privacy ConcernsBefore and After• Lenders & merchants may seek tocheck credit– FCRA applies– Adverse Action notice– Also for employment• Companies maintaining accounts mustcomply with Red Flags
  10. 10. FTC Red Flags Rule• Covers all businesses that maintain ongoingbilling accounts• Requires ongoing audits of potential “redflags”• Enforcement repeatedly delayed, now active•
  11. 11. Asset Purchases &Mergers/Acquisitions:Buying Customer Data• Customer data have significant value• Privacy policy must have disclosed possibilitiy priorto collection• Consequence could be fine, loss of asset value• Must be part of due diligence• In M&A, employee data also a factor• International law
  12. 12.
  13. 13. Advertising & Marketing• Joint ventures, list rentals, other usesof collected personal information• Can be difficult to verify permission forsharing• Good faith reliance on representationsnot
  14. 14.
  15. 15. Bankruptcyand Customer Data• Customer information often part ofbankruptcy– Reorganization– Asset sale• Privacy policy provisions remain binding• Toysmart early FTC case• 11 USC §§ 332 , 363 (b) and
  16. 16. Key Points to Consider• Disclosure (privacy policy) binding andenforceable• Privacy falls under broad consumerprotection jurisdiction• Different laws in different countries• Reputation damage also a
  17. 17. Questions?