Object reference not set to an instance of an object.
Brief Counsel

Can you sell your customer database?

11 March 2016

​After failing to sell Dick Smith as a going concern, receivers Ferrier Hodgson are now trying to sell the company’s New Zealand and Australian assets, including customer databases.  But does the Privacy Act 1993 allow it?

The legal position

A receiver or liquidator is bound by the provisions of the Privacy Act 1993.

Principle 11(g) of the Act enables a vendor to release personal customer information for due diligence purposes and to the eventual purchaser but only when disclosure is necessary on reasonable grounds and only when the business is being sold as a going concern.  That provision is no longer applicable in this case.

The Act enables agencies to disclose details about individuals who may be clients or customers where goodwill forms part of the consideration for the sale or other disposition.  The Act also allows agencies to disclose information about employees, where the person taking over the business proposes to continue or novate some or all of their employment agreements.

Dick Smith’s privacy policy

Dick Smith’s website contains an option for customers to sign up to email alerts for special deals with the promise that “Dick Smith will never sell or share your information”.  The company’s privacy policy, which the customer signs up to, does allow disclosure to certain third parties (such as accountants and suppliers) with whom Dick Smith has commercial relationships for business, marketing and related purposes.

However, the policy does not say anything about disclosure to prospective purchasers of the business.

Chapman Tripp recommends

It’s always best to try structure the sale of a business as a going concern – then the exception to non-disclosure would apply.

If that’s not possible, principle 11(d) of the Act enables disclosure if authorised by the individual concerned. 

So if a receiver intends to include customer databases in any sale, they would have to alert the affected customers first and obtain their permission – as the receivers have indicated that they will do in this case. 

There may be practical implications - like a smaller database if customers chose to unsubscribe, or fail to respond to the request for permission. 

However, getting consent avoids potential issues for the receiver or liquidator. It might also result in a higher return to the extent that potential purchasers may put greater value on the data if they are not concerned that their ability to use it may be compromised because they received it in breach of the Privacy Act. They can also have more confidence that there will be no public backlash from the sale.

Our thanks to Sanja Nenadic for writing this Brief Counsel.  For further information, please contact the lawyers featured.

Contacts

Related services