Identity theft is probably a concern for many of your customers. And while in some instances it happens because of careless or foolish Internet usage, for many people the problem starts with a business' security breach. In that case, the problem may lead to business liability.
No matter what kind of company you have, if you store client or customer information online then you could be putting people's data at risk.
Even worse than customer dissatisfaction, a security breach could leave you legally liable. Here are a few ways that can happen, and what you can do:
The Potential of Customer ID Theft
There's no way around it: You need to collect some sensitive customer information if you're going to do business. Sensitive doesn't just mean credit cards and Social Security numbers. It can also mean names and addresses combined with purchasing history.
One problem can be a lack of security on your own servers. Another can be outsourcing data storage to a non-secure third party.
Just because another company is holding the data doesn't negate your responsibility if information is stolen or leaked. You can still be beholden to customers if their identities are compromised.
Legal Liability for Identity Theft
Disappointing customers doesn't automatically lead to legal responsibility. But if your customers are victims of identify theft because of your security breach, it might.
Government agencies that focus on consumer protection have cracked down in recent years. Now companies have more responsibility for protecting client information.
At a minimum, you should have security systems in place to protect clients' personal data. If those fail, it's your responsibility to notify customers of the potential harm and what was stolen in the breach. Legally, you may also need proof that the problem was not the result of negligent security on the part of your business.
Keep Your Business Safe From Liability
Even if you've never had a security breach, keeping information secure is one more service you can offer your customers.
Make sure your security system protects private information and don't store more than you need to. It's also a good idea to routinely wipe personal data from computers that you're getting rid of, and shred personal records that you don't need.
Outsourcing data storage to other companies may seem like a good way to keep costs down, but it could cost you in the long run. If you're going to hire a third party, make sure their security is as good or better than what you'd want for yourself.
Follow FindLaw for Consumers on Google+ by clicking here.
- Most Small Biz Still Vulnerable to Cyber Attacks (FindLaw's Free Enterprise)
- Accept Credit Cards? Are You PCI Compliant? (FindLaw's Free Enterprise)
- Sony Data Breach Lawsuits Piling Up (FindLaw's Injured)
- The FindLaw Guide to Online Fraud and Identity Theft (FindLaw - Free Download)