By Devin Chwastyk and Thomas Markey, McNees Wallace & Nurick LLC
PBA Cybersecurity & Data Privacy Committee members Devin Chwastyk and Thomas Markey recently moderated a roundtable discussion on the Pennsylvania Supreme Court data breach case Dittman v. UPMC. In Dittman, Pennsylvania’s highest court held that employers owe their employees a duty to exercise reasonable care when collecting and storing personal and financial information and called into question the viability of the economic loss doctrine, which bars tort claims involving only pecuniary loss.
Following a summary of the Dittman case, attendees engaged in a roundtable discussion of the decision’s implications for attorneys in in-house, private practice and government positions, as well as for their clients and other stakeholders. Key takeaways include the current lack of guidance from Pennsylvania courts regarding what “reasonable care” means in the context of collecting and storing employees’ personal information, and the possibility that future court decisions will extend Dittman to customer, student and other personal information.
The roundtable discussion was sponsored by the Law Offices of Peter J. Russo, P.C. in Camp Hill, the PBA In-House Counsel and Cybersecurity & Data Privacy Committees, the Central Pennsylvania Chapter of the Association of Corporate Counsel, and the Dauphin and Cumberland County Bar associations.
Devin Chwastyk chairs the McNees Privacy & Data Security Practice Group, of which Thomas Markey is a member. Devin and Tom advise clients on how to get ahead of data exposure by developing data security policies, privacy disclosures, breach response plans and associated training programs, and they help clients remedy and report security breach events in the U.S. and abroad.