Protecting Employee Data

By April R. Philley, Associate

Eichelbaum Wardell Hansen Powell & Mehl, P.C.

We all know the importance of keeping employee information in a secure location, but did you know that you have the same responsibility to protect employee data electronically?

In a recent case from the Pennsylvania Supreme Court, Dittman v. UPMC, the court found an employer has a legal duty to exercise reasonable care to safeguard its employees' sensitive personal information stored by the employer on an internet-accessible computer system. The employees alleged that a data breach had occurred through which personal and financial information, including names, birth dates, social security numbers, addresses, tax forms, and bank account information of all 62,000 current and former employees was accessed and stolen from company computer systems. The employees further alleged that the stolen data, which consisted of information the company required the employees to provide as a condition of their employment, was used to file fraudulent tax returns on behalf of the victimized employees, resulting in actual damages. The court agreed with the employees and found that the company was negligent in protecting employee data.

But that was in Pennsylvania, you cry! We’re all the way in Texas and besides, school districts have immunity from these types of lawsuits!

That is true; however, a clever plaintiff’s attorney could make good arguments to overcome that immunity. Texas school districts are immune from claims arising out of events that happen in the State of Texas. Yet the employee data at issue may be stored on servers physically located in (for example) Washington and the data thief may be using a computer in Minnesota. A court could easily decide that the proper venue for suit is in Washington, where the stolen data was located, or in Minnesota, where the bad actor was at the time of the crime. The diffuse nature of cyber-crimes makes claiming immunity a much murkier prospect.

This case serves as an important reminder that employers have the same responsibility to protect employee information in physical or electronic formats. Just as you keep sensitive paperwork away from prying eyes, so should you protect electronic data through firewalls, data encryption, and limited access.

P.S. Speaking of protecting employee data, when was the last time you updated your Gov’t Code § 552.024 confidentiality elections form? Contact your school law attorney to ensure that your employees and officials are given the opportunity to fully protect their information.

Upcoming Trainings

Board Meetings: A Crash Course for Newly Elected Board Members

December 11, 2018

For more information and to register online, click here.

Legal Issues for Cheerleaders and Drill Team

February 2019

For more information and to register online, click here.

Materials

Responding to Texas Public Information Act Requests

For more information and to purchase online, click here.

Conducting Effective Investigations Manual

For more information and to purchase online, click here.

Harassment and Discrimination

For more information and to purchase online, click here.

Trustee Manual

For more information and to purchase online, click here.