On May 28, 2015, in the first known ruling of its kind, a trial court in Allegheny County held that Pennsylvania law does not recognize a civil cause of action against companies for failing to secure its employees’ confidential information.
In Dittman v. UPMC, a class of plaintiffs brought negligence and implied contract claims against the defendant hospital for failing to implement and monitor an adequate security system, and for failing to properly detect a data security breach. The purported class was composed of 62,000 University of Pittsburgh Medical Center current and former employees who had their personal information (Social Security numbers and confidential tax information), stolen from the company’s computer systems. The Plaintiffs alleged that some even suffered actual losses when fraudulent tax returns were filed with the stolen information. (Continue reading).