Been Hacked? You Might Need to Tell Your Customers

If you are a business and discover that your computers or other records have been compromised with a security breach, you may have some responsibilities under Michigan’s Identity Theft Protection Act. This law requires notices be sent to customers if any of their sensitive data (such as Social Security numbers, bank account information or credit card numbers) have possibly been disclosed.

Even though it can be embarrassing to a business to announce to customers that its computers were hacked, it will be more embarrassing (and very costly) if a hacker uses the information obtained and no notice was ever given.

These notices must be sent without “unreasonable delay” after the breach is discovered. The contents of the notices vary depending on what information was obtained, the type of business and how many customers had data that was compromised. The attorney general or a prosecuting attorney can impose large civil fines for failure to comply with these notice requirements.

In addition, if the data included medical information, HIPAA will require separate compliance requirements, and if the information involved credit card or debit card numbers, your agreement with the card issuer may require additional notices than are required by the Identity Theft Protection Act.

Cunningham Dalman, PC publishes this web site and its component parts to inform users about our firm, our attorneys and general new developments in the law. The web site and blogs are not intended as legal advice on any matter. There are many factors that may affect your situation. You should not act or refrain from acting because of information found here without first seeking appropriate legal or other professional advice from someone who is familiar with your particular circumstances.

In the operation of this web site and our blogs, we do not intend to create an attorney-client relationship with you and no such relationship shall be created by your use of this web site. Such a relationship can only be established to the extent an attorney at Cunningham Dalman, PC expressly agrees to undertake the relationship. Please do not communicate to us any information you regard as confidential unless and until we have established a formal attorney-client relationship with you. Any information you send to us before we establish an attorney client relationship may not be privileged or confidential. Information you send to us over the Internet may not be secure.