Are Employers Liable When Employees’ Personal Data is Leaked?

Whenever employees’ personal data is leaked, the employer is likely to be held liable. This follows a ruling by the Pennsylvania Supreme Court that allows employees to bring a negligence claim against their company or employer.

In this case, the lawsuit could be against the employers’ unreasonable carelessness regarding a data breach that most likely compromised employees’ personal information.

Problems Associated with Employees’ Data Breach

When your company or business suffers a data breach, many issues arise.

Some of these problems include:

  • How to safeguard your employees’ personal information against another breach
  • Who to inform about the breach and what time to release this sensitive information
  • The type of measures to be undertaken in order to prevent possible further damage to your employees’ already compromised data
  • How you can protect and uphold your business, company, or brand’s reputation
  • How you can avoid possible lawsuits that may involve government investigations

Each of the above-mentioned decisions is made on the sense of urgency. However, you should always have a better plan of action should a data breach occurs in your company. Your plan may include a team of IT support staff, public relations professionals, employment lawyers to handle legal matters should your employees’ data be leaked.

Failure to have a proper strategy that can handle legal matters may affect the operations within your organization. It can even get worse when your employees sue the company after their personal data is breached.

An Example of Employees’ Data Breach Case

Such cases are not a common trend across many states today. A perfect example is a case involving 60,000 employees (both current and former) of the University of Pittsburgh Medical Center(UPMC).In this incident, cybercriminals breached UPMC’s computer system and made away with employees’ personal information that included Social Security numbers, bank details, tax information, and salary records.

The same hackers went ahead to file tax returns using UPMC’s employees’ personal details with the aim of receiving tax refunds. After this data breach, employees filed a lawsuit against UPMC seeking compensation for the damages created from the fraudulent tax returns.

The lawsuit also extended to cover the increased exposure of the employees’ identity theft due to the breach. Had UPMC used data encryption, proper authentication protocols, and proper firewalls, hackers would not have accessed employees’ vital information.

Sadly the case was dismissed because the state law in Pennsylvania doesn’t recognize negligence claims unless negligence caused property damage and physical injury. But the suit was reinstated by the Pennsylvania Supreme Court, citing the employer’s failure to keep the employees’ data safe. Even though this is an isolated case in one state, it could potentially work elsewhere.

How a Lawsuit Filed by Your Employ Would Look Like

In case of a data breach within your company, the affected employee will file a lawsuit making claims that allege:

  • Breach of contract: When you fail to protect your workers’ data as stipulated in the contract.
  • Negligence: Failure to take necessary safety measures to safeguard your employees’ data against a data breach, thus exposing the affected employees to harm after the breach.

Most courts from various jurisdictions have inconsistently treated these claims. But there are several takeaways that your company can apply to handle such cases.

How to Protect Your Business or Company Against Employees’ Lawsuits

Most courts are there to guide companies, organizations, or businesses in matters concerning the workers’ lawsuit. Regardless of this helpful guideline, you should take the initiative to protect private data that belongs to your employees. To achieve this goal, you should consider the following factors:

  • Take standard IT measures in your company seriously. Make sure these measures can protect or prevent data hacks by cybercriminals.
  • Train each employee on the responsible handling of their personal data. Ensure that your employees are always on alert to avoid phishing and other hacker scams that may comprise their data. You can introduce online training on data security to help your staff members learn the best ways to keep their personal details safe at work.
  • If possible circulate a detailed and informative memorandum to your company’s personnel responsible for handling your employees’ data. These professionals will help identify some of the common scams and pitfalls and prevent them before they happen. This piece of information is important especially during the tax season when hackers are on the lookout to breach any vulnerable data.

Additional Measures to Avoid Liability

Here are other things you should take into account to prevent your liability:

  • Go through the employment contracts including your company policies to help you define and limit your employee data collection. This simply means that you need to understand the type of data you should collect, limit data usage, and know how you can protect that data.
  • Update your company’s data retention policies. This is to ensure you and other company personnel need to handle your employees’ data when it is only necessary to do so. Once you are done with that data you should destroy it promptly.

The employee data breach is a serious case that might lead you to numerous legal situations. Make sure to discuss this matter with your employment lawyers to know which action you may take should your employee sue your company after a data breach.

Average rating 5 / 5. Vote count: 1

No votes so far! Be the first to rate this post.