In this month's edition, we examine the Court of Justice of the European Union's decision invalidating the EU-U.S. Privacy Shield framework, as well as the U.S. government's response to the decision. We also examine two...more
Dittman v. UPMC, 196 A.3d 1036 (Pa. 2018). The Pennsylvania Supreme Court holds that employers have a legal duty to use reasonable care to safeguard sensitive personal information of their employees when the employer chooses...more
Overview of the Internet of Things & Its Relation of Product Liability Law - The "Internet of Things" (IoT) generally refers to the network of physical devices (or "things") that are connected to the Internet, collecting and...more
Now a business that was hacked may be successfully sued under state common law by data subjects whose information was compromised in the crime. For the first time, a state supreme court has held that a company that was...more
Data breach liability for Pennsylvania employers of all sizes expanded with a recent Pennsylvania Supreme Court decision in Dittman v. UPMC. __ A.3d __, No. 43 WAP 2017, 2018 WL 6072199 (Pa. 2018). The Pennsylvania Supreme...more
The Pennsylvania Supreme Court recently held that employers have “a legal duty to safeguard” the personal data of their employees which is stored on internet-accessible computer systems and that the economic loss doctrine...more
In a landmark decision with far-reaching implication, the Pennsylvania Supreme Court recently held that employers have an affirmative duty to protect their employees’ personal information from criminal hacking. In particular,...more
In a groundbreaking decision published on November 21, 2018, the Pennsylvania Supreme Court held, for the first time, that employers must exercise reasonable care to safeguard employee personal information stored on an...more
The Pennsylvania Supreme Court has drastically changed the data breach litigation landscape by holding that an employer has a common law duty to use reasonable care to safeguard its employees' personal information stored on...more
The U.S. Court of Appeals for the Third Circuit has found that plaintiffs must show a causal connection between the theft of their personal information and the purported harm that they have suffered in order to survive a...more
Wage and Hour - Decision Upholds Class Action Waivers in Arbitration Clauses, Resolves Circuit Split - The U.S. Supreme Court issued a long-awaited decision in Epic Systems Corp. v. Lewis on May 21, 2018, holding that...more
We recently commented on one hotly contested legal issue being addressed by the courts in data breach class action litigation, that of plaintiffs’ standing. Another issue that has been the subject of recent court activity in...more
The U.S. District Court for the District of Colorado recently dismissed a proposed class action lawsuit filed by financial institutions relating to a 2016 data breach that involved hundreds of Noodles & Company (Noodles)...more
In 2014, the University of Pittsburgh Medical Center’s computer system was hacked, resulting in the disclosure of sensitive personal information of current and former employees, including names, addresses, birthdates, social...more
In an important and well-reasoned 12-page decision, Judge Wettick of the Court of Common Pleas of Allegheny County refused to create a common law duty to protect and secure confidential information. The decision was issued in...more