• Tech
  • Security

What RadioShack’s Bankruptcy Means for Your Credit Card Data

5 minute read
Updated: | Originally published: ;

When RadioShack declared bankruptcy in February, it marked the potential end for one of the country’s most recognizable brands. But it was also the beginning of a process that stripped the once popular electronics chain for parts. Everything from the company’s name to its batteries was offered for sale along the way — including its trove of customer data. And as disappointed as techies were to see their favorite place for wires and cables shuttered, they were aghast to learn their phone number, address, and even credit card numbers could be sold to the highest bidder. While companies share customer data with each other all the time, it rarely happens like this.

Pretty much every organization — including non-profits, universities, and corporations — has customer data, and it’s among their most valuable assets. Letting others use this information is like handing over your smartphone to someone else. If they’re borrowing it to make a call, you’re better off dialing the number for them and passing the handset along, or else they may paw through all your apps and contacts without your permission. Likewise, the use of others’ customer data is similarly guarded. Companies rent out their lists all the time, though under strict terms and conditions.

Shoppers’ data is big business in the U.S. According to the Direct Marketing Association, sharing customer data added $156 billion in revenue to the U.S. economy in 2012, the most recent year the industry was studied. That’s bigger than the dairy industry. And speaking of putting food on the table, customer data sharing also fueled about 675,000 jobs that year, too. And as we’ve become an increasingly data-driven economy, those numbers are certain to grow.

“Any time there is a customer transaction,” says Senny Boone, the DMA’s senior vice president of corporate and social responsibility, “you’re picking up financial information, things like the date and amount of the purchase, that might help a business to stock its warehouse . . . it is vitally important customer data to a particular company that’s holding that data.”

As a result, companies don’t typically hand over their lists willy-nilly. Instead, they rent them out through a third-party company, and usually saddle the data with a lot of restrictions, like one-time-only use. These third-parties include companies like Experian, which is known to most people as a credit-rating service, and Acxiom, which works with data from companies ranging from United Airlines to Macy’s. Typically, these companies stay within the bounds of safe, smart, and considerate data usage, and watchdog agencies like the Federal Trade Commission watch over them to make sure they do.

On the consumer side, the DMA encourages companies (especially its members) to be accessible for fielding complaints and work with people to make sure their data concerns are met. Consumers should be able to communicate with companies two ways, says Boone. One is through DMAChoice, a service that helps consumers manage the ways companies can send them marketing information. Another way is by contacting companies either through email, postal mail, or over the phone, whatever is in the business’s privacy policy — which should be clearly posted on their website.

In the case of RadioShack, the company’s brand and data was eventually bought by hedge fund Standard General, which is partnering with Sprint to keep some locations open as combination RadioShack/Sprint stores. Still, because Standard General didn’t craft the company’s original privacy statement, it caused concern on many fronts, not just with consumers but also with companies like Apple and AT&T, whose phones and services were sold at the store.

“If you are selling an asset, whoever is purchasing that asset will have full control as the owner,” says Boone. In RadioShack’s case, those assets included Social Security numbers, dates of birth, phone numbers and other details for some 117 million customers. Alarm over the future of that personally identifiable information caused the FTC and 40 states’ attorneys general to act to stop the sale. Thankfully for RadioShack customers, the bankruptcy judge involved in the case severely limited the amount and kinds of shoppers’ data Standard General could buy in the deal — it would get no credit card data, Social Security numbers or dates of birth; Standard also promised to abide by RadioShack’s original privacy policy when dealing with the remaining information.

So the next time you get a telemarketing phone call or a catalog from a company you’ve never done business with before, keep in mind that your name probably came from a company you have done business with previously. But don’t blame RadioShack — its not only out of business, but with its list in tatters, it’s now also out of commission.

More Must-Reads From TIME

Contact us at letters@time.com