Dec 18 2018

Important precedent in PA data breach law

Data breach litigation will be forever changed; the Pennsylvania Supreme Court is leading the way.

In a groundbreaking decision this past November, the Pennsylvania Supreme Court altered the data breach litigation landscape. In Dittman vs. UPMC, the court held that all employers have a common law, legal duty to use reasonable care to safeguard employee’s personal information.

For reference, you can view the published opinion here:

The court went on to say that Pennsylvania’s economic loss doctrine permits recovery on a negligence claim basis, making clear that all employers in PA are required to implement a “reasonable” information security and data privacy program.

Can your company respond affirmatively to these questions?

  • Does your company have an information security / data privacy program?
  • Does your company have policies and procedures in place to protect sensitive information?
  • Have these policies and procedures been communicated to your employees, and are they implemented?

These are questions to address before an incident occurs. Under Pennsylvania law, negligence is now a viable cause of action for inadequate data security. Don’t be caught on the wrong side of the law.