Employee Prevails In Stolen PII Case

June 29, 2023

Employee Prevails In Stolen PII Case

There have been several important decisions concerning the development of common law in data breach litigation. Most recently, in Ramirez v. Paradies Shops, LLC, the Eleventh Circuit ruled that the employer had a common law duty to protect the personally identifiable information of present and former employees. A 2020 ransomware attack at Paradies resulted in the theft of the social security numbers of its current and former employees. A year later, Ramirez learned that pandemic unemployment assistance claims requiring social security numbers had been filed in his name. It wasn’t until months after that he was notified that his PII had been stolen in the 2020 attack. He filed a putative class action, alleging negligence and breach of implied contract. The defendant argued that it didn’t have a duty to safeguard PII under Georgia law. The district court agreed and granted a motion to dismiss. Relying on earlier Georgia decisions, an 11th Circuit panel reversed, ruling that “Ramirez has sufficiently pled the existence of a special relationship and a foreseeable risk of harm” and that “Georgia’s traditional negligence principles are flexible enough to cover Ramirez’s allegations.”

Critical intelligence for general counsel

Stay on top of the latest news, solutions and best practices by reading Daily Updates from Today's General Counsel.

Daily Updates

Sign up for our free daily newsletter for the latest news and business legal developments.

Scroll to Top