The Sony privacy hack has drawn international attention and calls into question internet security for companies and employees. For employees who were victim to the security breach, legal questions remain. What are their rights? Can employees take legal action against an employer for a security breach? Thousands of employees suffered from the security breach when their social security numbers, birthdays, salaries, and even medical records were leaked online. In addition to the sheer loss of privacy, these employees are left vulnerable to identity theft and extortion. What next?
Employees at Sony are likely to be successful if they file a lawsuit under California law and could even recover millions of dollars for their losses. California has some of the strictest protections regarding employee information disclosure in the country. The workers would have significant rights and opportunities to recover compensation from the company. Under state law, residents are protected against having their information disclosed by any company or other institution. Even though Sony did not intentionally disclose data, it may not have met its burden in protecting the data from exposure and disclosure by third-parties.
According to reports, hundreds of Sony employees had their medical information disseminated, including complaints about unpaid insurance claims and lists of the medical procedures they had performed. Under California’s civil code, individuals have the right to bring an action against any entity that negligently released confidential information. In addition to the immediate $1000 claims, they can also collect on direct damages for the breach of privacy. To defend itself against these allegations, Sony would have to prove that it met its burden in protecting workers’ data, though this has been hotly disputed since the data hack.