A Sobering, Scary Question: Who Has Your Data?

online shopping fbn

When Wal-Mart (NYSE:WMT) agreed to purchase online retailer Jet.com for $3.3 billion recently, it marked not only the largest acquisition of an e-commerce company, but also a momentous transfer of consumer data. As companies, like Wal-Mart, take over businesses, and as corporations sell the user databases at dizzying rates, you might ask a very sobering question: "Who has my data?"

"Consumers hardly have any control over sharing, flow and usage of their data," says Paul Kubler, a digital forensics and cyber security examiner at LIFARS, a digital forensics and cybersecurity intelligence firm in New York City.

RATE SEARCH: Get your credit report and score today, free and with no obligation, at myBankrate.

Even though most people safeguard their passports, lock up their Social Security cards and shred old credit cards, their data is out there in the internet world -- and in many cases -- in places they'd never anticipate.

What Happens With Your Data

In acquisitions and mergers, while data is usually integrated into the purchasing company's already existing systems, according to Kubler, what actually happens differs based on what the acquiring company's plans are.

"While sensitive, personally identifiable data is supposed to be protected (like credit card numbers or passport information), often in merger and acquisitions, it takes some time before the data is -- if ever -- truly integrated into the secure infrastructure," Kubler says. "In many cases, data migration happens after a merger or acquisition is completed."

Most of the time, consumers cannot opt out of their data being transferred by the acquiring company, Kubler says, noting most companies put clauses in their terms and conditions of use, which states that they can give your data to an acquiring company.

That fact is displayed in the fine print -- the type often glossed over or skipped completely by consumers.

If you want to opt out of your data being transferred, things can get a bit tricky and, often, are a major headache for consumers.

"If no such legal statement is in place, (a) motion for opt-out from data transfer can be documented as a request to take down the information. Although, this can be a low priority task for an acquiring company," Kubler says.

Protections in Place

It's not all doom and gloom for consumers, though.

There are a few protections put in place to help protect the privacy and security of consumers' data.

For instance, the acquiring company is bound to the existing privacy policy of the acquired company when it comes to consumers' data and what they can do with it, unless they get consent from the consumer.

"We have Unfairness Authority under the FTC Act," says Mark Eichorn, the assistant director in the Division of Privacy and Protection at the Federal Trade Commission, or FTC. "If you make materially different use of information that was collected under a previous set of promises, you need to get consent from the customer to use that information in a different way."

When Facebook acquired WhatsApp in 2014, for example, the FTC's Bureau of Consumer Protection's director Jessica Rich penned a letter to both companies, reminding them that WhatsApp had made specific privacy promises to its customers that were assured to be continued after the completed acquisition.

"WhatsApp has made a number of promises about the limited nature of the data it collects, maintains, and shares with third parties -- promises that exceed the protections currently promised to Facebook users," the letter states. "We want to make clear that, regardless of the acquisition, WhatsApp must continue to honor these promises to consumers."

Wal-Mart did return requests to discuss user data and the agreed purchase of Jet.com.

There are several ways to safeguard your data, mostly by limiting the number of third parties you give your information to, and, when shopping online, make sure payment web pages are encrypted.

Other good habits you should practice -- in order to keep your identity safe:

  • Create strong passwords.
  • Frequently change passwords and pin numbers for personal accounts.
  • Limit the number of websites you allow to keep your credit card information on file.
  • Do not overshare on social media.

Despite privacy protections promised by corporations -- and also by practicing good habits -- data can be vulnerable. Keeping track of your data will remain an ongoing challenge.

"Think Google, Facebook, Twitter, Instagram ... if it's free, you're not the consumer; you're the product," Kubler says.

RATE SEARCH: Shop for the best high-yield CD rates at Bankrate.com.

Copyright 2016, Bankrate Inc.