In PA Employers Have A Common Law Duty To Protect Employee Data
Pennsylvania has changed the data breach landscape! Please read the article. but they have essentially stated that if an employee is required to share personal information to an employer as a condition of employment, the employer has to use reasonable care to protect that data from possible exposure, including protecting against hackers. This change in PA is something that all employers should have anticipated, basically because breaches have become so commonplace, it is reasonable that an employer should protect against a breach, even from hackers, on internet-facing systems.
I have been waiting for the courts to catch up with technology, companies have gotten away with, for far too long, less than reasonable data security practices. If you are collecting personal information about me, and I have no choice but to share it with you, as with an employer, it is reasonable that you have a duty to protect that data. And NO I do not have to prove I suffered damages if you were not being reasonable in your efforts to protect my data!
This change is significant because there is no requirement that a person prove damages, it is based on the duty of the company. If a company is negligent in protecting data, there should be a cause of action that allows for the victims of a breach to sue, regardless of whether they can prove monetary damages. Based on the breach, my information is now lost and cannot be recovered, I have suffered a violation period.
We will see if more courts catch on and start to put the pressure on the keepers of the data to protect it.