The Pennsylvania Supreme Court has recently held that an employer may be liable to its employees for a data breach involving the employees’ “personal and financial information including names, birth dates, social security numbers, addresses, tax forms and bank account information…”

The case, Dittman v. UPMC d/b/a The University of Pittsburgh Medical Center and UPMC McKeesport (“UPMC”), involved a class action complaint on behalf of 62,000 current and former employees of UPMC.  The employees asserted that their personal and financial information (described above) was stolen from UPMC’s computer systems and “used to file fraudulent tax returns on behalf of the victimized [e]mployees, resulting in actual damages”. Significantly, the employees also asserted that the information accessed and stolen was information they were required to provide their employer as a condition of employment.

The employees’ claims against UPMC were based on their employer’s alleged negligence in failing to properly maintain and protect the employees’ personal and financial information. Two lower courts had ruled against the employees, resulting in a dismissal of their claims.

On appeal, the Pennsylvania Supreme Court reversed the lower courts and concluded that an employer has a legal duty to exercise reasonable care in collecting, storing and safeguarding its employees’ personal and financial information where the employer chooses to store such information on an “internet accessible computer system” and the employees are required to provide such information as a condition of employment.

Based on the Court’s recognition of this duty, the issue in the case then turned on the question as to whether the UPMC could be said to have been negligent in the performance of its duty to its employees. As with any matter, where one party is claiming injury because of another party’s negligence, the ultimate outcome is fact- specific. In this case, the Court held that the employees had stated a potential claim where they asserted that their information was negligently “collected and stored on its [employer’s] internet-accessible computer system without the use of adequate security measures, including proper encryption, adequate firewalls and an adequate authentication protocol.”

The Court did not accept UPMC’s defense that the data breach occurred as result of criminal activity rather that UPMC’s own negligence:  the criminal activity would be   “ ’within the scope of risk created’ “  by UPMC  and thus something  against  which it would have to provide  protection.

Also rejected by the Supreme Court, was the lower courts’ application of the economic loss doctrine. This doctrine, as interpreted by the lower courts, would have barred the employees’ claims because they alleged no physical injury or property damage-only an economic loss. The Supreme Court held that this doctrine was not applicable to the claims in this case because the employees’ claims were not based on a contract claim but based on a tort, namely the alleged negligence of the UPMC in undertaking its duty to protect the employees’ information.

The Supreme Court, having set forth the employer’s duty to its employees, sent the case back to the trial court for new proceedings consistent with the Supreme Court’s ruling.  (The Supreme Court did not actually make a factual determination by this case that the employer was negligent).

The decision in this case should cause an  employer to triple-check the safeguards attached to the data it maintains  and to further consider what personal data and financial data(if any) of its employees   the employer actually  needs to retain. Any data breach may be litigated and analyzed against what protections were in place, what protections could have been in place and whether the employer used reasonable care to protect the information.

Published in AMM Blog

Under the Americans with Disabilities Act (ADA), an employer must provide reasonable accommodations to an employee who is disabled (as defined under the ADA) and who is otherwise qualified for the position.

An issue frequently faced by employers and addressed by the courts is what constitutes a “reasonable accommodation”?

A federal appeals court recently addressed this matter, where an employee confined to bed because of complications from her pregnancy, requested that she be permitted to work from home or a hospital (telecommuting) for a ten week period. Mosby-Meachem v. Memphis Light, Gas & Water Div. 2018 WL  988895 (6th Cir. February 21, 2018). The employee served as an in-house counsel for a corporation. Her request to telecommute for ten weeks was denied.  The company did not at the time of the request have a formal written telecommuting policy-although it did permit telecommuting and permitted the employee on a prior occasion to telecommute. The employee filed suit under the ADA, and a jury awarded her $92,000 in compensatory damages. In affirming the jury’s award, the court held that a “rational jury [under the specific facts of the case,] could find that the employee was a qualified employee, [covered by the ADA] and that working remotely for ten weeks was a reasonable accommodation.” In reaching its conclusion, the court found that sufficient evidence had been presented to the jury to support the employee’s claim that she “could perform the essential functions of her job remotely for ten weeks…” The court rejected the employer’s claim that the written job description for this employee dictated the opposite result because the job description was outdated and did not reflect the employee’s actual work requirements. The court, in affirming the jury verdict, also relied on the fact that the employer did not engage in an “interactive process” with the employee to understand the limitations the employee faced, and what accommodations might be put in place to allow the employee to continue at her job. Instead the employer pre-determined what it intended to do without conversing with the employee. Several lessons can be drawn from this case: First, even if an employer has no telecommuting policy or a policy which does not permit telecommuting, the employer, under a particular set of facts, may be in violation of the ADA if telecommuting would be found to be a reasonable accommodation. Secondly, an employer must engage in an interactive process with an employee to determine what, if any, accommodation might be reasonable under the particular circumstances. This means direct communication between the employer and the employee. An inflexible policy of the employer may end up causing the employer to be in violation of the ADA. Finally, written job descriptions must be reviewed and updated as needed. An outdated or inaccurate job description cannot help an employer and in many instances will be detrimental to an employer seeking to defend against a claim of job discrimination.  

Published in AMM Blog
Thursday, 12 April 2018 20:48

Spring Cleaning Checklist for Employers

Finally, Spring is here!  It has certainly been a long, cold, snowy, and relentless winter.  I want to take this opportunity to wish all of you a snow-free, warm and sunny Spring.   As an employment lawyer, I'd like to do my part to help all of you employers maintain a care-free Spring mood by offering the following Spring cleaning checklist, which can protect your business from litigation and compliance risks.

Employment Practices Spring Cleaning Checklist 

Published in AMM Blog

Blogger Bios

  • Alan Wandalowski Alan Wandalowski
    Alan concentrates his practice in Estate Planning, Estate Administration, Elder Law, Estate…
  • Bill MacMinn Bill MacMinn
    Bill concentrates his practice in the area of litigation, including Commercial Litigation,…
  • Elaine T. Yandrisevits Elaine T. Yandrisevits
    As an estate planning attorney, Elaine Yandrisevits is committed to guiding individuals…
  • Elizabeth J. Fineman Elizabeth J. Fineman
    Elizabeth Fineman concentrates her practice on domestic relations matters and handles a…
  • Gabriel Montemuro Gabriel Montemuro
    Gabe’s practice focuses on litigation, including commercial litigation, personal injury, estate and…
  • Jamie M. Jamison Jamie M. Jamison
    Jamie Jamison is a supportive, knowledgeable advocate to clients experiencing the challenges…
  • Jessica A. Pritchard Jessica A. Pritchard
    Jessica A. Pritchard, focuses her practice exclusively in the area of family…
  • Joanne Murray Joanne Murray
    Joanne concentrates her practice in the areas of Business Law, Business Transactions,…
  • John Trainer John Trainer
    John’s concentrates his legal practice in estate planning, estate administration and elder…
  • Mariam Ibrahim Mariam Ibrahim
    Mariam Ibrahim is dedicated to helping clients and their families navigate the…
  • Michael Klimpl Michael Klimpl
    Michael’s practice areas include Real Estate, Municipal Law, Zoning and Land Use, Employment…
  • Michael W. Mills Michael W. Mills
    Mike is devoted to helping businesses build value and improve working capital,…
  • Patricia Collins Patricia Collins
    Patty has been practicing law since 1996 in the areas of Employment…
  • Stephanie M. Shortall Stephanie M. Shortall
    Throughout her career, Stephanie has developed a practice focused on advising closely…
  • Susan Maslow Susan Maslow
    Sue concentrates her practice primarily in general corporate transactional work and finance…
  • Thomas P. Donnelly Thomas P. Donnelly
    Tom’s practice focuses on commercial litigation and transactions. In litigation, Tom represents…