Important precedent in PA data breach law
Data breach litigation will be forever changed; the Pennsylvania Supreme Court is leading the way.
In a groundbreaking decision this past November, the Pennsylvania Supreme Court altered the data breach litigation landscape. In Dittman vs. UPMC, the court held that all employers have a common law, legal duty to use reasonable care to safeguard employee’s personal information.
For reference, you can view the published opinion here: http://www.pacourts.us/assets/opinions/Supreme/out/Majority%20Opinion%20%20VacatedRemanded%20%2010378165044604409.pdf?cb=1
The court went on to say that Pennsylvania’s economic loss doctrine permits recovery on a negligence claim basis, making clear that all employers in PA are required to implement a “reasonable” information security and data privacy program.
Can your company respond affirmatively to these questions?
- Does your company have an information security / data privacy program?
- Does your company have policies and procedures in place to protect sensitive information?
- Have these policies and procedures been communicated to your employees, and are they implemented?
These are questions to address before an incident occurs. Under Pennsylvania law, negligence is now a viable cause of action for inadequate data security. Don’t be caught on the wrong side of the law.
BACK TO BLOGS