A recent decision in Indiana highlights the data security liability risks facing employers based on the actions of their employees, extending vicarious liability even to cases where the employees were acting wholly for personal purposes. In SoderVick v. Parkview Health Sys., Inc., the Court of Appeals of Indiana reversed summary judgment in favor of the defendant, reviving claims of respondeat superior against Parkview Health Systems, Inc. (“Parkview”) where the hospital’s employee texted personal health information to a third party. No. 19A-CT-2671, 2020 WL 2503923 (Ind. Ct. App. May 15, 2020). We recently noted a decision of the Supreme Court of the United Kingdom in WM Morrison Supermarks plc v. Various Claimants (“Morrison”) where the Court made the contrary determination, ruling that the large supermarket chain Morrison could not be held vicariously liable as a matter of law for the intentional acts of a rogue employee who posted the payroll data of Morrison employees on the Internet. But as we also explained, businesses that collect personal information should be cautious about reading too much into that ruling: while the Court allowed the appeal in favor of Morrison, the decision turned on the particular facts of the case (where the rogue employee actively tried to damage his employer). The Parkview Health decision further underscores this need for caution, especially with increased remote work due to COVID-19 where the risk of employers being sued over security breaches caused by their employees is, unfortunately, ever-increasing. READ MORE
Ted Kang is an Associate in the Orange County office and a member of the Intellectual Property Group. He is an experienced software engineer whose practice focuses on patent law, privacy, and cybersecurity.
Ted's practice focuses on patent litigation, especially in the fields of electronics, circuits, computer and network systems, software, and telecommunications.
Before becoming an attorney, Ted was a software engineer at several technology companies in the Bay Area. Ted has significant experience building complex systems across a wide range of system architectures and technical stacks, allowing him to quickly learn new technologies. With his expertise in software systems, Ted's practice also focuses on privacy and cybersecurity matters.