Protecting personal information in sweepstakes and contests


sweepstakes entrants privacySponsors of sweepstakes and contests need to be especially careful to protect all personal private information they receive from entrants in the promotions they sponsor. This is a lesson a radio station in Oregon learned earlier this year.

According to news reports, in February of this year, the owner of eight radio stations in the Portland area had data containing personal information from listeners stolen from an employee’s car. The information was on back-up cartridges that were in a backpack. The cartridges contained social security numbers, bank account numbers, and other personal information from the station’s clients, vendors, and listeners, including contestants in the station’s sweepstakes and contests.
This breach impacted over 12,000 people. The stations’ owner notified these persons that their personal information may have been disclosed as a result of the robbery. The station also provided those individuals with free ID protection and credit monitoring for one year.

The Portland breach is a good reminder about a sponsor’s responsibility to protect personal information. As we’ve mentioned in previous posts, there are several things to remember about protecting personal private information from this situation. Here are five things you may want to keep in mind:

  1. Limit the amount of personal private information that is required from entrants in order to participate in a sweepstakes or contest. Request only the minimum amount of data that is needed to identify winners of the promotion, determine their eligibility, and collect their contact information.
  2. Establish procedures to make certain that personal private information is protected from disclosure, and limit its use to only the sweepstakes or contest that the person is entering. In no way should this information be shared with third parties without notifying the person submitting the information.
  3. Inform entrants about the Sponsor’s privacy policy and provide the policy’s entire terms and conditions or a link to where the complete policy can be found.
  4. Prepare a plan for dealing with a potential breach. If there is a breach, immediately alert police or other authorities and notify everyone whose information has been compromised.
  5. Provide assistance to the persons whose information has been disclosed. Sponsors should consider offering the victims free ID protection coverage and credit monitoring for at least a year after the information was compromised, and any other help that will assist them – and hopefully maintain them as customers.

Sponsors should also establish a relationship with lawyers who are experienced with privacy policies and handling breaches, so that in the event of a breach, such as the robbery in Portland, corrective actions can begin immediately.


Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thompson Coburn LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.