What are my responsibilities regarding customer information stored on my Website?

There are conflicting opinions as to the answer of this question. However, in the opinion of myself and several others I have discussed this with, the "dot com" would have an ethical obligation to inform their customers... not unlike a brick-and-mortar store having their receipts stolen.

Apparently, there is a lawsuit pending about such a breach...not only are the individual customers suing, but Visa Card International as well, since they failed to notify them of the theft of 100K + card numbers... have not heard how this will hold up in court yet.

However, you can take steps to avoid the problem. First of all, any databases containing this information should be kept OFFLINE on a local machine, not on your Web server. Even with them offline, encryption is a must.

It should not be necessary to store credit card information on your Web server for any length of time. Once the order has been processed, the sensitive information should be removed from the server to an offline machine. In fact, several credit card agreements (specifically Discover Card) state that you CANNOT store this information on the server.

SO, the best answer in this case is yes - customers and various agencies WILL hold you liable. What you should be more focused on is taking steps to make sure it doesn’t happen.

July 1, 2001

Copyright © 1997-2017 Virtualtech Website Design and Promotion, Inc. All rights reserved.

Add me to your inhuman list!