Tech Law Journal

Capitol Dome
News, records, and analysis of legislation, litigation, and regulation affecting the computer, internet, communications and information technology sectors

TLJ Links: Home | Calendar | Subscribe | Back Issues | Reference
Other: Thomas | USC | CFR | FR | FCC | USPTO | CO | NTIA | EDGAR


FTC Comments on Privacy in Bankruptcy Proceedings

(October 2, 2000) The FTC submitted comments to a group of federal agencies that are studying how bankruptcy proceedings affect the privacy of individuals involved in, or affected by, those proceedings. The FTC advised that personal information in the public record in bankruptcy proceedings can be used to facilitate identity theft and other illegal activities.

Related Documents
FTC's Comments on Study of Privacy Issues in Bankruptcy Data, 9/22/00 (link to FTC web site).
Federal Register Notice soliciting public comments, 7/31/00. (link to DOJ web site).

The Federal Trade Commission's Bureau of Consumer Protection submitted Comments on Study of Privacy Issues in Bankruptcy Data to the Department of Justice, the Department of the Treasury, and the Office of Management and Budget. These agencies are conducting a study of how the bankruptcy proceedings affect the privacy of individual consumer information that becomes part of a bankruptcy case.

The FTC's comments address three topics: privacy and identity theft issues raised by the collection and handling of sensitive information in bankruptcy; the electronic compiling and commercial sale by trustees and creditors of information contained in bankruptcy records; and, the trustee's or debtor in possession's powers to sell assets, including customer information, in violation of debtor's online privacy policy.

On April 30, 2000, the President Clinton announced the "Clinton-Gore Plan to Enhance Consumers' Financial Privacy: Protecting Core Values in The Information Age." He directed the three agencies to conduct a study on "how best to handle privacy issues for sensitive financial information in bankruptcy records," including "the privacy impact of electronic availability of detailed bankruptcy records, containing financial information of vulnerable debtors." The study is to be completed by December 31, 2000.

The FTC's Privacy Authority
The FTC has civil enforcement authority under the Federal Trade Commission Act (FTCA) to protect consumers from unfair or deceptive acts or practices.

The FTC has taken the position that if a web site operator adopts an online privacy policy, and then violates that policy, this constitutes a violation of the FTCA.

The FTC has also sought broader powers regarding online privacy. Several bills are pending in Congress that would give the FTC further statutory authority. However, none have yet become law.

The FTC also has limited authority in the area of identity theft. In particular, the Identity Theft and Assumption Deterrence Act of 1998 directs the FTC to act as repository for identity theft complaints, and to provide victim assistance. Further identity theft related legislation is pending in the Congress.

On the identity theft issue, the FTC commented that "Personal bankruptcy cases may involve the collection of highly sensitive personal information, such as social security numbers, financial information, credit information, income, and details about routine living expenses." This data "can be used to facilitate identity theft and other illegal activities."

The FTC elaborated that "This concern is heightened by the increasing availability on the Internet of courts' public record data as well as data compiled offline from these same records that is subsequently made available on the Internet."

The FTC's comments next addressed the possible commercial use of electronically compiled information from bankruptcy records. The FTC stated that data gathered by bankruptcy trustees can include tax returns and information regarding assets and liabilities. It argued that "Commercial use of such highly personal and sensitive non-public data raises several problematic issues and should be prohibited." The FTC again cited the risk of identity theft as one of the reasons.

However, the FTC also argued that "the commercial sale of such information by a trustee may implicate concerns under the Fair Credit Reporting Act (FCRA). Generally, the FCRA limits the disclosure by "consumer reporting agencies" of "consumer reports," information that is used or expected to be used as a factor in determining a consumer's eligibility for credit, insurance, or employment."

Finally, the FTC's comments addressed web site privacy policies of debtors in bankruptcy. The FTC asserts that it is a violation of the FTCA to post an online privacy policy, and then violate that policy. The issue arises when a business which operates a retail sales web site that collects personal information from its customers goes into bankruptcy. The FTC recently fought unsuccessfully in the Toysmart bankruptcy proceeding in Massachusetts to stop this type of information from being sold as an asset of the bankrupt Toysmart.

The FTC conceded in its comments that the "Bankruptcy Code ... vests a case trustee or a debtor in possession with sweeping powers to sell assets free and clear of liens and claims." However, the FTC's comments on this topic said little else. The comments concluded:

"The interplay between these various interests is unsettled and involves competing considerations. For example, the more valuable the customer information is perceived to be, the greater the pressure on a bankruptcy estate to sell private information despite explicit pre-petition company promises to the contrary. The Bureau believes that the interplay of the Bankruptcy Code and law enforcement efforts to protect consumer privacy merit further in-depth analysis."

A footnote to the comments stated that the comments were filed by staff of the FTC's Bureau of Competition, and that "They do not necessarily represent the views of the Commission or any individual Commissioner." Jodie Bernstein, the head of the Bureau, signed the comments.

 

Subscriptions | FAQ | Notices & Disclaimers | Privacy Policy
Copyright 1998-2008 David Carney, dba Tech Law Journal. All rights reserved.
Phone: 202-364-8882. P.O. Box 4851, Washington DC, 20008.