“Common Law Duty to Protect Employee Data Undercuts Contractual Liability Exclusion”

Sexy title, I know.  On November 21, 2018, the Pennsylvania Supreme Court held in Dittman v. University of Pittsburgh Medical Center that employers have a duty to use reasonable care to protect employee data.  This ruling dramatically expands the viability of negligence claims in the data breach context.  For our purposes, though, it does something less obvious but equally exciting. You may recall the contractual liability exclusion, and how I got really excited when the Fifth Circuit drew a roadmap around it in the Spec’s case.  While Spec’s opened the door to negligence-based theories as the answer to the contractual liability exclusion,  Dittman demoed the whole wall in the employer/employee context.  That’s because most cyberinsurance policies contain language like this: “This insurance does not apply to…’Loss’ on account of any ‘Claim’ made against any ‘Insured’…

Read more detail on Recent Technology posts –

This entry was posted in Technology & Cyberlaw and tagged , , , , , , , , . Bookmark the permalink.

Leave a Reply