Employers Have a Duty to Protect Their Employees From Cybertheft

Everything these days is online, it seems.  So it is not too surprising that a court recently ruled that an employer has a duty to protect its employees from cybertheft.  That is precisely what the U.S. Court of Appeals for the Eleventh Circuit ruled in Ramirez v. The Paradies Shops, LLC.

In that case, a Carlos Ramirez, on behalf of himself and a class of similarly-situated current and former employees, sued his former employer (a large company operating hundreds of retail shops in airports, hotels, and other locations), claiming that the employer was negligent in failing to protect employees’ personally identifiable information (“PII”) from a ransomware attack.  In particular, the former employee argued that the company did not sufficiently protect the PII from cyber-attack and breached its duty to the employees by maintaining employee PII, including Social Security numbers, on an unencrypted, internet-accessible drive.  While the court applied Georgia law, the legal principles applied are similar to other states, including California.

The Eleventh Circuit found that the company required its employees to provide PII as a condition of employment and “employers are typically expected to protect their employees from foreseeable dangers related to their employment.”  Given the company’s size and sophistication as well as the amount of data at risk (“extensive database of prior employees’ PII”), it was foreseeable that it would be the target of a cyber-attack and that it had a duty to take reasonable steps to protect its employees’ PII.

For employers in California (where employment laws are even more stringent), the message is clear: take appropriate measures to protect employees’ PII.  The level of protection and the amount of concomitant investment depends on a number of factors including the size of the company and the nature of the operations.  Still, being proactive is key.  If you are a California employer and have questions, contact the attorneys at Navigato & Battin, LLP for assistance.

Related Posts

NavBat Consolidates Operations

Until recently, NavBat has operated out of two locations, one in downtown San Diego and the other in Carlsbad.  At the end of last month, NavBat sold its downtown office and has consolidated operations in its Carlsbad office.  Since the pandemic, in-office...

read more

NEW DISCLOSURE REQUIREMENTS FOR MOST SMALL COMPANIES

Background and Purpose In 2021, Congress passed the Corporate Transparency Act on a bipartisan basis. This law creates a new beneficial ownership information (BOI) reporting requirement as part of the U.S. government’s efforts to make it harder for bad actors to hide...

read more