An employee improperly accesses his employer’s computer network and steals the names, birthdates, and social security numbers of his fellow employees to use for illegal financial gain. A criminal hacks into that same network for similar illegal purposes. Because employers regularly obtain, store, and use confidential employee personally identifiable information (“PII”) as part of their business operations, they are targets for this kind of activity. But what legal responsibility do employers have to their employees when PII is misappropriated by an employee, or stolen by hackers in a data breach? Two Pennsylvania courts have recently shined some light on this issue. In both cases, which involved large-scale data breaches affecting thousands of employees, the courts absolved the employers of any potential liability because either (1) they owed no duty in tort to their employees to protect PII against data breaches or (2) the employer had no express or implied contractual obligation to protect the PII. Read more
Tucker Ellis LLP provides this blog for general informational purposes only. The content of this blog is not intended as legal advice for any purpose, and should not be considered as such advice or as a legal opinion on any matters. The blog does not create, and is not intended to create, any attorney-client relationship between you and Tucker Ellis LLP or any individual lawyer in the firm. The information in this blog should should not be used as a substitute for competent legal advice from a licensed attorney in your state.