Written by: Aaron Wais
Recently, there has been considerable discussion regarding the Superior Court of Pennsylvania’s ruling in Dittman v. UPMC, which affirmed a lower court’s order dismissing an employee class action against their employer over a data breach. While this was a significant victory for employers, non-Pennsylvania employers should temper their enthusiasm. As one recent federal court decision in California makes clear, the reasoning of Dittman may not extend far beyond, if at all, the borders of Pennsylvania. Moreover, regardless of their outcomes, both cases also reinforce the need for employers to maintain legally compliant, written policies for safeguarding private information and responding to data breaches.
In Dittman, a data breach resulted in the theft of the names, birth dates, social security numbers, tax information, addresses, salaries and banking information of approximately 62,000 UMPC employees and former employees. The stolen information was used to file fraudulent tax returns and steal tax refunds from certain employees.