On November 21, 2018, the Pennsylvania Supreme Court ruled that the University of Pittsburgh Medical Center (UPMC) had a legal duty to exercise reasonable care to protect sensitive employee information against an unreasonable risk of harm when that information is stored on an internet-accessible computer system. Dittman v. UPMC, No. 43 WAP 2017 (Pa. Nov. 21, 2018). In doing so, the Court made clear that the criminal acts of third parties who may breach a computer system do not alleviate the legal duty on a business to protect such information. The Court further held that the economic loss doctrine (a doctrine that precludes tort cases where the loss is purely monetary) did not apply in this case because the legal duty to protect sensitive employee information exists independently from any contractual obligations between the parties.
The Supreme Court of Pennsylvania recently amended the Pennsylvania Rules of Civil Procedure to officially include the discovery of electronically stored information. The amended rules become effective August 1, 2012.
Changes to Rules
Amended Rule 4009.1 includes “electronically stored information” among the list of items a party may request. The person requesting electronically stored information may specify the format in which it is to be produced and the responding party may thereafter object. If no format has been requested, the responding party may produce electronically stored information in the form in which it is ordinary maintained or in a reasonably usable form.