Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Employers Are Liable If They Don't Protect Employees' Sensitive Personal Information from Attack

    legal_Liability

    A recent ruling from the Pennsylvania Supreme Court on an employee lawsuit against the University of Pittsburgh Medical Center stemming from a data breach should put all employers on notice.

    As part of hiring any employee, employers need to collect personal information – date of birth, social security number, address, full name, and more. But when the organization faces a data breach, are they responsible should employee data be stolen?

    In February of 2014, UPMC confirmed a data breach where hackers stole the personal information of about 62,000 current and former employees. Hackers used the data to file fake tax returns to receive tax refund money.

    Employees sued UPMC, in which the case was thrown out by two lower courts. But the Pennsylvania Supreme Court reinstated the lawsuit, stating “An employer has a legal duty to exercise reasonable care to safeguard its employees' sensitive personal information stored by the employer on an internet-accessible computer system."

    This ruling doesn’t mean the UPMC is guilty, but it does mean the case lives on. This should serve as a warning to every organization; the potential exists that, should a data breach occur where employee data is stolen, you may be held responsible.

    With the primary means of attack still revolving around phishing and social engineering, organizations need to find ways to empower employees to identify fake emails and websites that are used as part of an elaborate scam. Security Awareness Training provides employees with the education necessary to empower them to become a part of your security stance. With employees vigilant, keeping a security focus in mind as they interact with email and the web, organizations reduce the attack surface, thereby lowering the likelihood of becoming a victim to a data breach.

    Should the UPMC case find in favor of the employees, organizations everywhere will need to shore up their security efforts around employee data. Stopping an attack before it begins by making the employee part of the security defense through Security Awareness Training is the first step.

    Find out how affordable new-school security awareness training is for your organization. Get a quote now.

     
    Get A Quote
    Request A Demo
     

     

    Return To KnowBe4 Security Blog

    Topics: Security Awareness Training

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews