Privacy & Cybersecurity Law Blog

On May 23, 2014, the Federal Trade Commission announced that the FTC’s Bureau of Consumer Protection sent a letter to the court overseeing the bankruptcy proceedings for ConnectEDU Inc. (“ConnectEDU”), an education technology company, warning that the proposed sale of the company’s assets raises privacy concerns. ConnectEDU’s assets include personal information collected from students, high schools and community colleges in connection with the company’s website and affiliated services.

On its website, the company’s privacy policy states that “In the event of sale or intended sale of the Company, ConnectEDU will give users reasonable notice and an opportunity to remove personally identifiable data from the service.” In her letter to the court, Jessica Rich, Director of the Bureau of Consumer Protection, wrote, “We believe that any sale of the personal information of ConnectEDU’s customers would be inconsistent with ConnectEDU’s privacy policy, unless ConnectEDU provides those customers with notice and an opportunity to delete the information.” The FTC’s Bureau of Consumer Protection believes that a sale without reasonable notice to users and an opportunity to remove personal information would violate “the FTC’s prohibition against ‘deceptive acts or practices in or affecting commerce.’”

The letter states that these privacy concerns “would be greatly diminished” if ConnectEDU gives users “notice of the sale of their personal information and opportunity for its removal” or destroys the personal information. The court also could appoint a “privacy ombudsman to ensure that the privacy interests of ConnectEDU’s customers are protected.”

The FTC voted to approve the issuance of the letter 5-0.

Read the related post on the FTC’s Business Center Blog.