Online privacy is a fantasy for many people. We voluntarily post information about every aspect of our lives. Information we do not publicize can often be extracted from website data or our personal accounts (email, social media, etc.). Our privacy and sensitive information is often in jeopardy. What happens when our private and sensitive information is disseminated online to millions of people against our will? This is known as doxing.What is doxing?

Doxing is the publishing of private or identifying information about a person or organization without their consent. Doxers often post names, addresses, phone numbers, credit card details, and any other sensitive information that can be used to target their victim. Doxing is often done with malicious intent. The common reasons for doxing an online user are for retribution, coercion, or embarrassment. Doxing can have serious consequences. The extent of the legal ramifications of doxing will likely be case specific.

Legal implications of doxing

Doxing is illegal if the information is obtained through illegal means such as hacking. One of the most common methods that a hacker will use is by obtaining the target’s email. Once obtained, the victim’s email provides the hackers with an avenue to uncover passwords and retrieve more personal information.

Posting publicly available information may also give rise to civil lawsuits and criminal charges such as harassment, intimidation, invasion of privacy, stalking, and even assault. The intent of the doxer may not matter. This means that individuals who share the doxer’s post may also find themselves in serious legal trouble.


Doxing can have serious short- and long-term consequences for both the victim and the doxer. Doxing victims often experience emotional trauma, fear, depression, humiliation, and are at risk of physical violence. Doxers and those who share the victim’s information may risk criminal charges and civil lawsuits.

Doxing could also be initiated by employees during the course of their employment (e.g. an employee who is responsible for the company’s social media account). Companies may wish to educate employees on the issue of doxing, for example by employing written policy standards to safeguard against legal liability.