The Legal Intelligencer Attorney of the Year nominee, Gary F. Lynch, of Carlson Lynch, poses for a picture in his office in Pittsburgh. (Photo by Laura Mares)Gary Lynch: Blazing a Trail by Going Back to Basics
Last year, Pittsburgh-based plaintiffs attorney Gary Lynch successfully argued to the Pennsylvania Supreme Court in Dittman v. UPMC that companies have a common-law duty to protect their electronically stored employee data.
June 14, 2019 at 09:41 AM
5 minute read
Last year, Pittsburgh-based plaintiffs attorney Gary Lynch successfully argued to the Pennsylvania Supreme Court in Dittman v. UPMC that companies have a common-law duty to protect their electronically stored employee data.
The high court's decision reversed two controversial lower court rulings that had tossed out a putative class action against the University of Pittsburgh Medical Center over a data breach that exposed the personal information of tens of thousands of current and former employees.
But while Dittman was hailed as a major win for Pennsylvania plaintiffs in the burgeoning arena of cybersecurity tort actions, Lynch himself was most proud of another, broader aspect of the ruling: the Supreme Court's holding that its 2005 decision in Bilt-Rite Contractors v. The Architectural Studio did not stand for the proposition that the economic loss doctrine precludes all negligence claims seeking solely economic damages.
Instead, the court in Dittman said, the applicability of the economic loss doctrine turns on the source of the duty plaintiffs claim they're owed.
“Specifically, if the duty arises under a contract between the parties, a tort action will not lie from a breach of that duty,” Justice Max Baer wrote for the court. ”However, if the duty arises independently of any contractual duties between the parties, then a breach of that duty may support a tort action.”
Lynch said that part of the ruling was a “huge vindication” for the months and months he had spent trying to convince anyone who would listen that Bilt-Rite was being chronically misinterpreted as a blanket ban on purely economic damages in tort.
To Lynch, this was made plain by the Bilt-Rite opinion, in which the court specifically noted that “'Pennsylvania has long recognized that purely economic losses are recoverable in a variety of tort actions'” and that “'a plaintiff is not barred from recovering economic losses simply because the action sounds in tort rather than contract law.'”
As he prepared and honed his arguments in Dittman, Lynch made it a habit to press his fellow practitioners for their own interpretation of the Bilt-Rite opinion.
“I started to annoy my colleagues that do this across the country,” he said. “Any time I'd talk to one of them, I'd say, 'Do me a favor, you're a lawyer, read this page and tell me what the holding is.'”
When the Dittman ruling came down, siding with him on the economic loss doctrine issue, Lynch said, “I got at least a couple of calls from personal injury lawyers who said, 'That's going to be huge.'”
Lynch, a name partner at Carlson Lynch in Pittsburgh, is involved in just about every major cyber breach litigation in the U.S., but such cases weren't always his focus.
His practice primarily centered on wage-and-hour and consumer protection litigation until he was hired to represent a class of financial institutions suing Target over its 2013 data breach, which compromised millions of customers' payment card information.
Since then, data breach litigation has become the bulk of his practice. He was appointed last year as co-lead counsel in a national multidistrict litigation brought by over 70 financial institutions against Equifax, related to the company's 2017 data breach. He was also appointed co-lead counsel in litigation brought by financial institutions against the Wendy's fast food chain over a 2015 data breach that exposed customers' credit card information. More recently, he was appointed to the steering committee leading class actions brought by consumers over Marriott Inc.'s 2018 data breach.
But the Dittman case afforded Lynch, who spends most of his time in federal court, the rare opportunity to litigate in Pennsylvania state court.
Ultimately, the issue of whether Pennsylvania companies could be held liable for failing to protect employee data from cyber breaches came down to the question of whether they have a duty rooted in common law.
The Allegheny County Court of Common Pleas rejected that notion and declined to impose what it characterized as a “new affirmative duty” on employers to safeguard electronic data. The Superior Court affirmed that ruling.
But Lynch persisted in his argument that there was nothing new about expecting an employer to protect sensitive employee information, regardless of whether those records were kept in a filing cabinet or stored on a network.
Oral arguments before the Supreme Court in the case, held in Pittsburgh in April 2018, centered on that debate, with UPMC's counsel framing the issue as one of first impression by emphasizing the unique technical complexities of cybersecurity and Lynch urging the justices to focus on “one of the most fundamental tenets of our common law … that one who does an affirmative act is under a duty to exercise reasonable care so as to protect against foreseeable harm.”
Ultimately, the justices saw it his way. But as soon as one battle ended in Dittman, a new one began.
The parties are back before the Allegheny Court of Common Pleas and, according to Lynch, UPMC is now arguing that the case should be tossed out because the plaintiffs lack standing.
But after one hard-fought battle up to the state's highest court, Lynch is eager to proceed beyond the preliminary objections stage.
“We've made the argument to [the judge] that that ship has sailed,” he said.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
'Let the Judge Be the Judge, And Let the Lawyers Be the Lawyers': The 'Masterful' MDL Work of Judge Eduardo Robreno
5 minute read
Overseeing Philadelphia's Mass Torts Program: Judge Roberts Talks Transparency, Certainty and Efficiency
5 minute read
This Big Law Partner Guided Her 14-Year-Old Son to an Unprecedented Pro Soccer Deal
4 minute read
With a 7-Figure Book Deal and TV Adaptation on the Way, This Dechert Associate Remains Committed to Her Day Job
Trending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
