• aba
  • aaj
  • superlawyers
  • BBB
  • AVVO
  • icoa

Pennsylvania Supreme Court Rules On Negligence Claim Involving Employer Duty To Exercise Reasonable Care

The Pennsylvania Supreme Court ruled that when an employer’s stored data is breached exposing employee’s personal information, it is a failure in their common law duty to exercise reasonable care. The decision changes the way litigation regarding cybersecurity will be handled. The University of Pittsburgh Medical Center (UPMC) failed to protect sensitive employee information that was accessed by hackers. The employees had brought a class-action case following the breach. The court also found that the economic loss doctrine allows for “purely pecuniary damages” in claims of negligence.

Dittman v. UPMC

Hackers accessed this confidential data on the UPMC network that included social security numbers, bank information and salary details. The claim specified that the employer was negligent and breached a contract. This was based on a duty under common law to demonstrate reasonable care. Some of the plaintiffs incurred significant losses when tax returns were filed in their name and other identity-related fraudulent activity.

Lower Court Ruling

An Alleghany County Court dismissed an earlier claim. They found that Pennsylvania law did not extend to cover such internet-related breaches. They stated that such as ruling could lead to many suits related to data safety. They ruled that the economic loss doctrine did not allow for recovery in these cases when no injuries or property damage was incurred. The claim asserted that UPMC had a duty to “design, maintain and sustain” security to protect such sensitive data.

Pennsylvania Supreme Court

The allegations stated that UPMC should have employed modern security techniques such as authentication and firewalls. The court determined that the employer’s act of collecting such personal data created a duty to secure it. They found that criminal actions conducted by others did not release the employer from their duty to prevent a breach.

Negligence Claims With Purely Economic Damages

The court ruled that negligence claims could move forward seeking “purely economic damages”. The duty to secure critical employee data was applicable in negligence actions. They found the economic loss doctrine would not bar such claims. It is not known for sure if this duty will apply in situations that do not involve employers.

Asserting Negligence

The majority of personal injury cases center on negligence as follows:

  • A failure by a party to demonstrate reasonable care
  • It must be shown that the defendant did have this duty to care
  • It must be shown this duty was breached
  • The plaintiff did incur injuries
  • This breach caused the alleged injuries

Economic Loss Doctrine

The economic loss doctrine allows for parties to a contract to pursue damages that are the result of injuries or property losses that are not associated (“other property”) with the contract. Because a plaintiff may pursue damages to “other property”, the doctrine allows for bringing a suit for only economic losses. In addition, a plaintiff may pursue damages when other property damages caused physical injury. The doctrine prohibits recovery when there is no injury or damage from “other property”. In terms of product liability, a plaintiff may not recover for harm caused by the “product itself”.

Cyber Attacks

Data breaches have continued to occur from illegal access to personal information, financial data, etc. Reports show that it takes an average of 191 days for a breach to be detected. In 2017, there were over 1,500 data breaches that were publicly revealed. Roughly 75% of such breaches the were the result of external unauthorized access.

About the Author

Charles GilmanCharles Gilman
Charles Gilman

As managing partner and co-founder of Gilman & Bedigian, it is my mission to help our clients recover and get their lives back on track. I strongly believe that every person who is injured by a wrongful act deserves compensation, and I will do my utmost to bring recompense to those who need and deserve it.


There are no comments for this post. Be the first and Add your Comment below.


Your email address will not be published. Required fields are marked *

    Contact Us Now

    Call 800-529-6162 or complete the form. Phones answered 24/7. Most form responses within 5 minutes during business hours, and 2 hours during evenings and weekends.

    100% Secure & Confidential


    Generic selectors
    Exact matches only
    Search in title
    Search in content
    Post Type Selectors
    Search in posts
    Search in pages

      100% Secure & Confidential