A New Hampshire court declined to dismiss a lawsuit brought by the family of a girl killed by a man obsessed with her, who was able to find her by obtaining information from an Internet data broker. Through the broker, the stalker was able to obtain the victim’s home address, work address, and Social Security Number.

You’ll find a lot of these services on the Internet these days — private investigators set up their own website and offer people finder services for minimal fees. What restrictions are placed on these transactions? I use Accurint at work for locating people, which would allow me to find the same information the stalker above bought, at a fraction of the price. However, in order to use the Accurint system I first had to sign an agreement that I would only be using the information for “law-related” purposes, and Accurint reserves the right to audit my records to confirm that I’m not conducting improper searches. In other words, I can’t run a search on my cousin’s fiance for my aunt to see if he’s really worth marrying, nor can I use the service to correct my Christmas card mailing list.

Docusearch, the company involved in the lawsuit, has a client agreement that states, in part:

Client will be required to provide a reason for any search that involves non-public, restricted or sensitive information. Client represents and warrants that it will provide Docusearch with accurate and complete information regarding the searches requested, and that search results will not be used for any purpose other than the purpose stated to Docusearch.

Not much meat here, huh? With Accurint I was required to send them information documenting that I was licensed as an attorney and verifying the firm that employed me. Companies that don’t require this type of authorization are exposing themselves to liability, as the tragic event and lawsuit above demonstrate.