Data breach litigation will be forever changed; the Pennsylvania Supreme Court is leading the way.

In a groundbreaking decision this past November, the Pennsylvania Supreme Court altered the data breach litigation landscape. In Dittman vs. UPMC, the court held that all employers have a common law, legal duty to use reasonable care to safeguard employee’s personal information.

For reference, you can view the published opinion here: http://www.pacourts.us/assets/opinions/Supreme/out/Majority%20Opinion%20%20VacatedRemanded%20%2010378165044604409.pdf?cb=1

The court went on to say that Pennsylvania’s economic loss doctrine permits recovery on a negligence claim basis, making clear that all employers in PA are required to implement a “reasonable” information security and data privacy program.

Can your company respond affirmatively to these questions?

• Does your company have an information security / data privacy program?
• Does your company have policies and procedures in place to protect sensitive information?
• Have these policies and procedures been communicated to your employees, and are they implemented?

These are questions to address before an incident occurs. Under Pennsylvania law, negligence is now a viable cause of action for inadequate data security. Don’t be caught on the wrong side of the law.

BACK TO BLOGS