Five years ago, U.S. officials refused to merge a database containing classified personnel records of intelligence agency employees with another run by the Office of Personnel Management, fearing that if the two systems were linked up, it could expose the personal information of covert operatives to leakers and hackers.
Those concerns look prescient now that the OPM, the government’s human resources department, has been overwhelmed by hackers who exploited the agency’s weak computer security and made off with huge amounts of personal information on millions of government employees and contractors. But that incident has also raised troubling questions about whether U.S. spy agencies actually heeded their own advice and have kept their records physically segregated from the OPM systems that were recently hacked, presumably by spies in China.
That respect could lapse, however, if the company is ever sold or goes bankrupt. At that point, according to a clause several screens deep in the policy, the host of details Hulu can gather about subscribers — names, birth dates, email addresses, videos watched, device locations and more — could be transferred to “one or more third parties as part of the transaction.” The policy does not promise to contact users if their data changes hands.
Provisions like that act as a sort of data fire-sale clause.