Pennsylvania Supreme Court Declares Employers Have Affirmative Duty to Protect Employee Personal Information
According to a recent opinion by the Pennsylvania Supreme Court, "an employer has a legal duty to exercise reasonable care to safeguard its employees' sensitive personal information stored by the employer on an internet-accessible computer system." The putative class action stems from a 2014 data breach that exposed personal information of 62,000 employees and former employees of the University of Pittsburgh Medical Center. According to the original complaint, the data, which included names, birth dates, Social Security numbers, addresses, tax forms and bank account information, was used to file fraudulent tax returns on behalf of some of the employees. Illinois Supreme Court Skeptical of Need for Actual Harm in BIPA Cases
In recent oral arguments in Rosenbach v. Six Flags Entertainment Corp. et al., at least three of the seven justices on the Illinois Supreme Court appeared to be skeptical of claims that private actions under the state's Biometric Information Privacy Act (BIPA) require proof of actual harm to establish standing. According to the justices, requiring actual harm would prevent individuals from addressing violations of the statute's provisions that require a business to obtain consent and provide disclosures about its use, storage and destruction of biometric data. A decision by the Court would resolve a split among Illinois lower courts and would set the standard for who can bring lawsuits under BIPA going forward. Federal Trade Commission
FTC Seeks More Clarity on Its Authority to Regulate Data Breaches
In recent comments to the National Telecommunications and Information Administration, the Federal Trade...