When it comes to credit card misuse or breach, we refer to PCI compliance standards. When it comes to personal data breach, we go looking for data security and privacy protection laws. Nowadays our personal data has found its way to libraries, online retailers, airlines and every one in between. Of course, we gave it to them and signed their privacy policy trusting it will not be distributed to third parties or misused in any way.
Well, at any point did we ever think of these entities being bought out, merged with other companies or going bankrupt? What will happen to our personal data? Will those signed privacy policies hold true forever? I am not sure what rules or regulations are there for these circumstances to further protect the consumer.
Regardless, personal information should never be misused or distributed without the consent of an individual. Retailers, under no circumstance should be allowed to use customer’s personal data for any purpose, the most popular that I’ve been seeing now is ‘improve customer experience’. If their policies are ambiguous, they should be restated as protection guaranteed forever even after a company is likely to be bought out, merged or goes bankrupt.
