Think employers must protect workers’ personal info? Think again

There’s good news for security pros worried that their organizations may be liable if their employees’ personal information gets hacked: a panel of judges in Pennsylvania says workers can’t collect damages from their employer if things like Social Security numbers, bank account information, birth dates, addresses and salaries are compromised in a data breach.

Even though the stolen data was used to file phony tax returns in order to get the refunds, the workers at University of Pittsburgh Medical Center (UPMC) had no reasonable expectation that the data would be safe, the Superior Court of Pennsylvania ruled recently.

The case, known as in Dittman v. UPMC, pertains solely to employee records, not customer records, and not patient records, which are protected by HIPAA.

To read this article in full or to leave a comment, please click here