A federal correctional employee is going to potentially be given another opportunity to recover damages from the U.S. Justice Department. Randall L. Spade is a correctional officer at the Lewisburg Federal Penitentiary, which according to the Bureau of Prisons (BOP) is home to 1,200 “high security” inmates. A U.S. Circuit Court of Appeals reinstated the lawsuit that was brought after an inmate obtained information related to his personal identity. U.S. District Judge Matthew W. Brann had previously dismissed the case because he found no grounds for such recovery under Pennsylvania law relating to liability for negligent disclosure of personal data.
Federal Employees Compensation Act (FECA)
Since the ruling by the appellate panel, the Justice Department is trying to have the matter dismissed based on the FECA. These laws prevent federal employees from bringing personal injury lawsuits stemming from incidents occurring during the performance of their work duties. The lawsuit was originally filed in 2015 after Spade became aware that the Justice Department has disclosed his Social Security number, home address, and date of birth after receiving a Freedom of Information Act (FOIA) request.
The inmate who had obtained the personal information is currently serving a life sentence for a murder conviction. In addition, it was reported that the inmate had written down all the information on paper that was found in his cell. This inmate also apparently shared the information with other inmates. Spade claims that he fears for the well-being of his family and now faces a difficult work environment. The Justice Department somehow had released this data that was supposed to be sent to the BOP. The claim accuses the Department of negligence and seeks damages of more than $50,000.
Freedom of Information Act (FOIA)
The FOIA allows individuals to obtain access to records compiled by federal agencies upon request. There are nine types of data that are exempt from being disclosed including:
- Information relating to the defense of the nation or foreign policy
- Internal data related to rules and operating procedure
- Business information that is confidential or relates to trade secrets
- Memorandums between internal agencies
- Medical records
- Information containing records pertaining to law enforcement
- Banking information
- “Geological or geophysical” information
Similar Pennsylvania Case of Negligence
There was a data breach at the University of Pittsburgh Medical Center that is believed to have led to 817 cases of tax fraud. The healthcare facility was named as the defendant in a class-action suit Dittman v. UPMC. The data obtained was all employee data rather than patient data. An estimated 62,000 employees were impacted. Some of the confidential information included Social Security numbers, salary information, home addresses, and more.
Dittman v. UPMC
The medical facility's network was infiltrated by hackers. Under common law, employers did have a duty to demonstrate reasonable care. The Pennsylvania Supreme Court ultimately heard the case. The plaintiffs claimed that the defendant has insufficient security technology in place. The court found that the negligence claims could proceed; however, they were exclusively to pursue “purely economic damages.” It has yet to be determined if this duty to protect confidential data applies in cases that do not involve employees.