We are always told, “Be careful who you give your data to.” But what do we do when we give our personal data to large companies that end up filing for bankruptcy? These can be formerly trusted companies that have stored millions of consumers' data points who may no longer be able to safeguard your data. So, when the people that managed the data leave a business that’s just filed for bankruptcy, what are we supposed to do? When it’s a turbulent time for a company, security measures can go out the window - creating targets now susceptible to their private information being sold or divulged.

The thing is, even if you try to stay on top by deleting whatever accounts you have, it’s highly likely that your data has already been spread. Furthermore, your data is no longer protected under the original company you originally gave your info to – after it’s bought, the succeeding company now owns it. And, with court rulings in bankruptcy courts, your data is treated as just another financial asset and no longer your own.

With the recent bankruptcy filing of 23andMe, trusting a company with things like your genetic data presents enormous risks - but not just you. Not only could your own DNA be compromised, but family members’ DNA data, too (immediate, extended family - those who never consented to your decision are also at risk). This can then make you a victim of unwarranted targeting.  

It’s of course, not the consumer’s fault - but with 23andMe, it’s a critical reminder that we need to be extra careful. By taking these steps, right when you find out a company has decided to declare bankruptcy: 

1. Request a copy of your own information 

2. Don’t just request account deactivation – go the extra mile and submit account deletion requests 

3. Review privacy policies specifically for language about company transitions or bankruptcy and ask specific questions about data retention practices 

During Bankruptcy  

1. Submit formal objections to the bankruptcy court if your data is listed as an asset.  

2. Contact your state’s attorney general’s offices regarding privacy concerns.  

3. File consumer complaints with the FTC about improper data transfers.  

4. Monitor for notification of asset transfers that may include your data.  

After Company Dissolution  

1. Monitor your accounts for unusual activity that might indicate data misuse.  

2. Consider using credit monitoring services, if sensitive financial information was involved.  

3. Be vigilant about related phishing attempts using company information.  

4. Exercise opt-out rights with any successor companies that may have acquired your data. 

And, consumers aren’t the only ones who should take these steps. Businesses should also monitor who they have given their data to. Plus, they need to back up their customers’ data. An important part of that is using a business transfer clause. According to Monica Talley in a 2017 article, Business Transfer Clauses are essential to helping companies keep their promises in not letting their customers’ rights or privacies be violated, ensuring their private data protected at all costs.

As always, be vigilant - stay on stop of the news and take any necessary steps that we have mentioned in today’s post.

Sources:

3 Reasons Every Company Should Have a Business Transfer Clause in its Privacy Policy | Sterne Kessler 

What Happens to Your Data When Companies Go Bankrupt? | Built In 

Regeneron to buy 23andMe out of bankruptcy for $256 million - CBS News