Pennsylvania Supreme Court Rules Employers Liable for Employee Data
Employers, take notice: the Supreme Court of Pennsylvania has ruled that businesses are responsible for protecting their employees’ sensitive data. A class action suit was filed against the University of Pittsburgh Medical Center on behalf of employees whose social security numbers and bank accounts were exposed in a security breach. The plaintiffs suffered not only increased risk, but demonstrable harm in the form of victimization by fraudsters. Specifically, false tax returns were made in the names of 935 employees, falsely claiming benefits totaling $2 million dollars.
The Medical Center’s case was no doubt made worse by its long-standing failures to take adequate measures regarding network security. A 2015 article by Jeff Goldman in eSecurityPlanet noted that they had suffered FOUR security breaches in only three years. According to the filings, basic measures like firewalls, two-factor authentication and encryption of data at rest were not in place. Justice Baer held that employers are obligated to take “reasonable care” of network security.
Not taking the right precautions to secure employee and customer data isn’t just grossly irresponsible, it may also lead to stiff legal penalties. Learn how CyberSana can help.