Sponsors of sweepstakes and contests need to be especially careful to protect all personal private information they receive from entrants in the promotions they sponsor. This is a lesson a radio station in Oregon learned earlier this year.
According to news reports, in February of this year, the owner of eight radio stations in the Portland area had data containing personal information from listeners stolen from an employee’s car. The information was on back-up cartridges that were in a backpack. The cartridges contained social security numbers, bank account numbers, and other personal information from the station’s clients, vendors, and listeners, including contestants in the station’s sweepstakes and contests.
This breach impacted over 12,000 people. The stations’ owner notified these persons that their personal information may have been disclosed as a result of the robbery. The station also provided those individuals with free ID protection and credit monitoring for one year.
The Portland breach is a good reminder about a sponsor’s responsibility to protect personal information. As we’ve mentioned in previous posts, there are several things to remember about protecting personal private information from this situation. Here are five things you may want to keep in mind:
- Limit the amount of personal private information that is required from entrants in order to participate in a sweepstakes or contest. Request only the minimum amount of data that is needed to identify winners of the promotion, determine their eligibility, and collect their contact information.
- Establish procedures to make certain that personal private information is protected from disclosure, and limit its use to only the sweepstakes or contest that the person is entering. In no way should this information be shared with third parties without notifying the person submitting the information.
- Inform entrants about the Sponsor’s privacy policy and provide the policy’s entire terms and conditions or a link to where the complete policy can be found.
- Prepare a plan for dealing with a potential breach. If there is a breach, immediately alert police or other authorities and notify everyone whose information has been compromised.
- Provide assistance to the persons whose information has been disclosed. Sponsors should consider offering the victims free ID protection coverage and credit monitoring for at least a year after the information was compromised, and any other help that will assist them – and hopefully maintain them as customers.
Sponsors should also establish a relationship with lawyers who are experienced with privacy policies and handling breaches, so that in the event of a breach, such as the robbery in Portland, corrective actions can begin immediately.
This post was written by retired Thompson Coburn partner Dale Joerling. If you have any questions about the topics discussed in this post, please contact Thompson Coburn partner Hap Burke.