[Congressional Record Volume 146, Number 89 (Wednesday, July 12, 2000)]
[Senate]
[Pages S6575-S6576]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

      By Mr. LEAHY (for himself, Mr. Torricelli, and Mr. Kohl):
  S. 2857. A bill to amend title 11, United States Code, to exclude 
personally identifiable information from the assets of a debtor in 
bankruptcy; to the Committee on the Judiciary.


              privacy policy enforcement in bankruptcy act

  Mr. LEAHY. Mr. President, today I am introducing legislation, with my 
friend from New Jersey, Senator Torricelli, to protect the personal 
privacy of consumers whose information is held by firms filing for 
bankruptcy protection.
  The Privacy Policy Enforcement in Bankruptcy Act would prohibit the 
sale of personally identifiable information held by a failed business 
if the sale or disclosure of the personal information would violate the 
privacy policy of the debtor in effect when the personal information 
was collected. Personally identifiable information, under our 
legislation, includes name, address, e-mail address, telephone number, 
Social Security number, credit card number, date of birth and any other 
identifier that permits the physical or online contacting of a specific 
individual.
  This legislation is needed because the customer databases of failed 
Internet firms now can be sold during bankruptcy, even in violation of 
the firm's stated privacy policy. That is wrong.
  Toysmart.com, for example, an online toy store, recently filed for 
bankruptcy and its databases and customer lists were put up for sale as 
part of the liquidation of the firm's assets. This personal customer 
information was put on the auction block even though Toysmart.com 
promised otherwise on its web page.
  Toysmart.com's web site states that ``personal information 
voluntarily submitted by visitors to our site, such as name, address, 
billing information and shopping preferences, is never shared with a 
third party.'' Toysmart.com's privacy statement continues: ``When you 
register with toysmart.com, you can rest assured that your information 
will never be shared with a third party.''
  But on June 8, 2000, one day before filing for bankruptcy, 
Toysmart.com advertised in the Wall Street Journal

[[Page S6576]]

to sell its customer lists and databases. That was a clear violation of 
Toysmart.com's web site privacy policy. The Federal Trade Commission 
has filed suit against Toysmart.com for this violation and I commend 
the FTC for its action.
  Yesterday, the Walt Disney Company, the parent company of 
Toysmart.com, announced that it would try to purchase Toysmart.com's 
customer information from the bankruptcy court. I applaud Disney for 
taking this step. There is no guarantee, however, that Disney will be 
the top bidder for this information and other corporate parents may not 
be as responsible if one of their subsidiaries fails. Indeed, two other 
failed web businesses, Boo.com and Craftshop.com, have reportedly 
sought buyers for its personal customer data.
  That is why this Congress should pass the Privacy Policy Enforcement 
in Bankruptcy Act this year. Consumers deserve this privacy protection.
  Mr. President, it is wrong to use our nation's bankruptcy laws as an 
excuse to violate a customer's personal privacy. Customers have a right 
to expect an online firm to adhere to its privacy policies whether it 
is making a profit or has filed for bankruptcy.
  I commend Senator Torricelli for joining with me to introduce the 
Privacy Policy Enforcement in Bankruptcy Act. Our legislation will 
close this loophole in the Bankruptcy Code and ensure that online and 
offline firms keep their promises to protect the personal privacy of 
their customers.
  I urge my colleagues to support this basic privacy protection 
legislation.

                          ____________________