Much has been written of late about data breaches and the liabilities for the unauthorized acquisition of Personally Identifiable Information (PII) from institutions. But what about when the alleged “breach”--the release of information --is voluntarily and/or legally compelled? What are the risks to businesses when they sell assets that include PII? What liabilities do they face? What are the rights of customers?

Radio Shack – The pioneer of PII data collection