In 2014, a group of employees from the University of Pittsburgh Medical Center (UMPC) filed a class action lawsuit against the organization, claiming that a breach in data compromised sensitive personal employee information, including social security numbers, tax information, and confidential bank account information. The plaintiffs alleged that UMPC failed to adopt the appropriate security measures, which increased the risk of identity theft and other crimes.
In a landmark decision, the Pennsylvania Supreme Court held that employers have a legal duty to protect employee information that is stored on internet-accessible computer systems. In addition, by limiting the economic loss doctrine, claimants can sue for economic losses resulting from a failure to protect their personal data.
According to the plaintiffs involved in the Dittman v. UPMC case, as a condition of employment, they were required to provide certain personal information, including Social Security numbers and bank account information. As a result, the plaintiffs argued that UPMC had a duty to protect their information against the threat of identity theft crimes.
The plaintiffs alleged that UPMC breached this duty by failing to implement effective security measures, including encryption programs, firewalls, and adequate authentication protocols. The plaintiffs sought economic damages for losses associated with fraudulent tax returns, as well as the potential risk of identity theft crimes.
Significance of the Pennsylvania Supreme Court Ruling
The Court’s decision in the Dittman v. UPMC case made the rule of law in Pennsylvania very clear. Employers who collect personal data must take reasonable measures to protect that information. The Pennsylvania Supreme Court also adopted a wide interpretation of the economic loss doctrine, and found that employees may recover economic losses in a variety of tort actions. By limiting the economic loss doctrine, claimants can now sue for the economic losses resulting from a failure to protect personal data.
The Court’s decision also reflects the rise in cyberattacks, and the growing need for improved cybersecurity frameworks. The lower court found that employers should not be held responsible for security breaches that were not preventable. However, the PA Supreme Court overturned this argument, because companies are now expected to take advantage of the latest cybersecurity systems that protect confidential employee data.
Because of the expansive interpretation of the economic loss doctrine, defendants will not be able to rely on this line of defense to summarily dismiss negligence claims.
Philadelphia Business Lawyers at the Law Office of Sidkoff, Pincus & Green P.C. Represent Employees in Legal Disputes
If your employer failed to take adequate security measures to protect your personal information against the threat of cyberattacks, contact the Philadelphia business lawyers at the Law Office of Sidkoff, Pincus & Green P.C. Protecting your rights is our top priority, and we will work tirelessly to secure the maximum financial compensation you deserve. To schedule a confidential consultation, call us today at 215-574-0600 or contact us online. Our offices are conveniently located in Philadelphia, where we serve clients throughout Southeastern Pennsylvania, South Jersey, and across New Jersey.