On November 21, 2018, the Pennsylvania Supreme Court decided Dittman vs. UPMC, holding that an employer can be liable under a negligence theory for failing to adequately safeguard electronically stored employee information.
In Dittman, UMPC suffered a data breach that lead to widespread exfiltration of employee data, including names, addresses, social security numbers, and other information commonly collected during employee onboarding. UPMC is now facing a class action lawsuit because of the data breach.
As Dittman makes clear, the law regarding data breach liability is constantly evolving. Coupled with the fact data breaches are occurring with alarming frequency, businesses are well advised to periodically review their data handling practices and contractual rights and obligations regarding their data and the data of customers and vendors, to ensure compliance with legal requirements. Legal liability and reputational harm arising from a data breach can be ruinous for a business.
Metz Lewis attorneys are experienced in providing compliance guidance and risk reduction strategies designed to limit the expense and exposure of a data breach, and to help businesses address and recover from a data breach if one occurs. Please contact Bryan Seigworth or your Metz Lewis relationship attorney for more information.