Site icon Jimerson Birr

Data Sales Under Section 363: Privacy Policies, Consumer Data, and the Role of the Consumer Privacy Ombudsman

Data-Sales-Under-Section-363-Privacy-Policies-Consumer-Data-and-the-Role-of-the-Consumer-Privacy-Ombudsman

Data-Sales-Under-Section-363-Privacy-Policies-Consumer-Data-and-the-Role-of-the-Consumer-Privacy-Ombudsman

Author: Curtis Campbell 

As interest grows in acquiring business data from distressed companies, bankruptcy trustees must evaluate not only whether data has value, but whether it can be transferred through a process that satisfies the Bankruptcy Code and applicable privacy obligations. In many cases, the central issue is not whether the debtor owns data. The more difficult question is whether the debtor’s prior privacy commitments restrict the sale or use of that data.

This issue is especially important in Section 363 sales. Section 363 provides a powerful mechanism for monetizing estate assets, but it also contains specific limitations when the proposed sale involves personally identifiable information. For trustees considering whether business data may be converted into estate value, those limitations should be addressed at the outset. We examined the broader landscape of these questions in Data Assets in Distressed Estates: Opportunity and Constraints for Assignees and Trustees, and this article turns to the statutory framework that governs the sale itself.

Section 363 as a Sale Framework

Section 363(b) authorizes a trustee, after notice and a hearing, to sell estate property outside the ordinary course of business. In the ordinary asset sale, the court focuses on familiar considerations: whether the sale is in the best interests of the estate, whether there is a legitimate business justification, whether the transaction was negotiated in good faith, and whether adequate notice was provided to parties in interest.

Those principles support the sale of business data where the transaction is properly structured. If data has independent value, a trustee may be justified in seeking to monetize it for the benefit of creditors. The presence of privacy issues does not eliminate that opportunity. It simply changes the analysis. For creditors tracking how value moves through a case, our discussion of what creditors should watch for in bankruptcy provides useful context.

The Privacy Policy Constraint

Congress addressed this issue directly in 11 U.S.C. § 363(b)(1). If a debtor disclosed a policy prohibiting the transfer of personally identifiable information to unaffiliated third parties, and that policy was in effect on the petition date, the trustee may not sell or lease that information unless one of two conditions is satisfied.

First, the sale may proceed if it is consistent with the debtor’s privacy policy. Second, if the sale is not consistent with that policy, the court may approve the transaction only after the appointment of a consumer privacy ombudsman and a determination that the sale would not violate applicable nonbankruptcy law.

This framework is important because it does not impose a categorical ban on data sales. Instead, it creates a process for evaluating whether the proposed transfer is consistent with the debtor’s prior representations and applicable law.

The Role of the Consumer Privacy Ombudsman

The consumer privacy ombudsman is a disinterested person appointed through the United States Trustee to assist the bankruptcy court in evaluating the privacy implications of a proposed sale of personally identifiable information. The ombudsman may address the debtor’s privacy policy, the potential losses or gains of privacy to consumers, the costs and benefits of the proposed sale, and alternatives that may mitigate privacy concerns. See 11 U.S.C. § 332.

For trustees, the appointment of an ombudsman should not necessarily be viewed as an obstacle. In appropriate cases, it may provide a path to approval by giving the court an independent record on which to evaluate the transaction. That can be particularly useful where the proposed purchaser is willing to agree to limitations on use, confidentiality obligations, anonymization protocols, or other safeguards.

The key is to avoid treating privacy as an issue to be addressed after the sale process begins. If the debtor’s records contain customer data, employee information, account information, or other personally identifiable information, the trustee should expect the privacy policy and data-use restrictions to become central issues in the transaction.

Recent Guidance From Data Sale Cases

Recent bankruptcy cases involving consumer data illustrate the point. In In re 23andMe Holding Co., 674 B.R. 487 (Bankr. E.D. Mo. 2025), the court examined the scope of the debtor’s privacy policies and the conditions under which sensitive consumer data could be transferred. The case underscores that courts will not treat privacy policies as incidental contract language. They may determine whether a proposed data sale can proceed and under what conditions.

That does not mean data cannot be sold. It means that the trustee must identify the relevant privacy commitments, understand the categories of information being transferred, and structure the transaction accordingly.

Implications for ABCs

Assignments for the benefit of creditors do not have the same statutory ombudsman process as bankruptcy cases. That difference does not make privacy issues less important. In some respects, it makes careful structuring more important because there may be less court supervision and fewer procedural safeguards.

For assignees, the bankruptcy framework remains instructive. The same basic questions should be asked: What privacy commitments did the company make? What categories of information are included? Does the proposed purchaser intend to anonymize the data? What limits will apply to downstream use? Who bears responsibility if the data is misused or later determined to be restricted?

Practical Considerations

A trustee or assignee evaluating a potential data transaction should begin with the debtor’s privacy policies, terms of service, customer agreements, and internal data practices. Those materials help determine whether the proposed transfer is consistent with the debtor’s prior representations.

The transaction documents should then be built around that analysis. Appropriate provisions may include limits on use, confidentiality obligations, anonymization requirements, restrictions on resale or redistribution, and allocation of responsibility for post-closing misuse or re-identification. These are the same kinds of structural protections that determine priority disputes in bankruptcy and other recovery questions once a sale closes.

Conclusion

Section 363 does not prohibit the monetization of business data. It requires trustees to confront privacy issues directly when personally identifiable information is involved.

That distinction matters. Properly structured, a data sale may create additional recovery for the estate while respecting the debtor’s existing privacy obligations. Poorly structured, the same transaction may invite objections, regulatory scrutiny, or post-closing disputes.

For trustees and assignees, the lesson is straightforward. The value of business data should not be ignored, but neither should the privacy commitments attached to it. The path forward is not avoidance. It is structure.

Talk to a Florida Business Bankruptcy Attorney

If your firm is evaluating whether business data can be monetized in a Section 363 sale or an assignment for the benefit of creditors, the time to address privacy obligations is before the sale process begins. The attorneys at Jimerson Birr advise trustees, assignees, creditors, and purchasers on structuring distressed-asset transactions that withstand scrutiny. To speak with an experienced attorney, contact Jimerson Birr.

Exit mobile version