On November 21, 2018, the Pennsylvania Supreme Court ruled that the University of Pittsburgh Medical Center (UPMC) had a legal duty to exercise reasonable care to protect sensitive employee information against an unreasonable risk of harm when that information is stored on an internet-accessible computer system. Dittman v. UPMC, No. 43 WAP 2017 (Pa. Nov. 21, 2018). In doing so, the Court made clear that the criminal acts of third parties who may breach a computer system do not alleviate the legal duty on a business to protect such information. The Court further held that the economic loss doctrine (a doctrine that precludes tort cases where the loss is purely monetary) did not apply in this case because the legal duty to protect sensitive employee information exists independently from any contractual obligations between the parties.
The Congressional mid-term elections are coming up. There is ample current discussion about whether the Republicans can hold onto majorities in both the Senate and the House of Representatives. Many Democrats believe that they have a strong chance of taking over as the majority party in the House, and some think that they may even take the Senate majority, but that latter potential achievement will be far more difficult, as many more Democrat Senators are up for reelection than Republican Senators.
If the Democrats take over as the majority party in the House, CNET reports that they plan to urge broad internet privacy protections. Representative Ro Khanna from Silicon Valley has drafted an “Internet Bill of Rights.” At this point, this document is not a bill, but instead puts forward ten principles that Khanna reportedly wants to become part of a comprehensive legislative package that could be considered by Congress in 2019. Continue reading Politicians Seek Greater Online Consumer Privacy Protections