November 30, 2018
The Pennsylvania Supreme Court ruled that an employer had a common law duty to exercise “reasonable care” to protect employee information, expanding liability for employers in Pennsylvania in cases of security breaches and potentially laying the groundwork for similar rulings in other states.
“There’s going to be an uptick in litigation because of this ruling,” said Joshua Mooney, Partner with White and Williams LLP.
From coast to coast: In addition to encouraging more litigation in Pennsylvania, the decision could be cited in other states as courts consider how to handle data breach litigation.
Need for action? Mooney noted that because of policy measures such as enforcement actions by the Federal Trade Commission and the EU’s General Data Protection Regulation, large employers should already have taken steps to practice the “reasonable care” now required by the Pennsylvania Supreme Court.
Why it matters: Coupled with measures such as California’s Consumer Privacy Act and others that are very likely to follow at the state or federal levels in 2019, the Court’s decision is the latest in an ongoing trend by policymakers and jurists to ramp up data and cybersecurity protections.