W-2

Data Breaches: An Employer’s Duty to Protect Employees’ Personal Information

By Aaron Wais

An appellate court in Pennsylvania recently dismissed an employee class action against their employer over a data breach, holding that the employer did not have a duty to protect its employees’ personal information (e.g., names, birth dates, social security numbers, bank information, etc.).  While this was a significant victory for employers, non-Pennsylvania employers should temper their enthusiasm because courts in other states, including California, have made clear that employers do have a legal duty to protect their employees’ personal information. These courts have also made clear that the liability for a data breach differs when an employer has legally compliant, written policies for safeguarding private information and responding to data breaches in a timely manner.

(more…)