Skip to main content
Find a Lawyer
Please enter a legal issue and/or a location
Begin typing to search, use arrow keys to navigate, use enter to select

Find a Lawyer

More Options

Customer ID Theft: Are Businesses Liable?

By Deanne Katz, Esq. | Last updated on
Identity theft is probably a concern for many of your customers. And while in some instances it happens because of careless or foolish Internet usage, for many people the problem starts with a business' security breach. In that case, the problem may lead to business liability. No matter what kind of company you have, if you store client or customer information online then you could be putting people's data at risk. Even worse than customer dissatisfaction, a security breach could leave you legally liable. Here are a few ways that can happen, and what you can do:

The Potential of Customer ID Theft

There's no way around it: You need to collect some sensitive customer information if you're going to do business. Sensitive doesn't just mean credit cards and Social Security numbers. It can also mean names and addresses combined with purchasing history. One problem can be a lack of security on your own servers. Another can be outsourcing data storage to a non-secure third party. Just because another company is holding the data doesn't negate your responsibility if information is stolen or leaked. You can still be beholden to customers if their identities are compromised. Disappointing customers doesn't automatically lead to legal responsibility. But if your customers are victims of identify theft because of your security breach, it might. Government agencies that focus on consumer protection have cracked down in recent years. Now companies have more responsibility for protecting client information. At a minimum, you should have security systems in place to protect clients' personal data. If those fail, it's your responsibility to notify customers of the potential harm and what was stolen in the breach. Legally, you may also need proof that the problem was not the result of negligent security on the part of your business.

Keep Your Business Safe From Liability

Even if you've never had a security breach, keeping information secure is one more service you can offer your customers. Make sure your security system protects private information and don't store more than you need to. It's also a good idea to routinely wipe personal data from computers that you're getting rid of, and shred personal records that you don't need. Outsourcing data storage to other companies may seem like a good way to keep costs down, but it could cost you in the long run. If you're going to hire a third party, make sure their security is as good or better than what you'd want for yourself. Related Resources:
Was this helpful?

You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help

Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.

Or contact an attorney near you:
Copied to clipboard