Gary Lynch sitting at his desk

The Legal Intelligencer spotlights Attorney of the Year Nominee

The Legal Intelligencer spotlights Attorney of the Year Nominee and founding Carlson Lynch LLP partner Gary Lynch, Esq. Gary "is involved in just about every major cyber breach litigation in the U.S., but such cases weren’t always his focus.”

Read article online

Uber Driver

Uber Sued for Discriminating Against Wheelchair-Users

Uber logoCarlson Lynch LLP and Disability Rights Advocates (DRA) filed a class action lawsuit against Uber, challenging the popular ride-sharing service’s failure to make wheelchair-accessible vehicles available in the Pittsburgh area through its rideshare service.

Today, Carlson Lynch LLP and Disability Rights Advocates (DRA) filed a class action lawsuit against Uber, challenging the popular ride-sharing service’s failure to make wheelchair-accessible vehicles available in the Pittsburgh area through its rideshare service. The suit, brought by individuals in and around Pittsburgh, Pennsylvania, challenges Uber’s wheelchair-inaccessibility. The plaintiffs—four individuals who use wheelchairs—brought this action to end Uber’s discriminatory practices and policies.

Since launching its transportation service in San Francisco in July 2010, Uber has experienced explosive growth, has seized an ever-expanding market share from taxi companies, and is now a major provider of individual transportation services in over 450 cities in the United States, including Pittsburgh. However, Uber, a multi-billion-dollar company, does not provide wheelchair-accessible transportation in and around Pittsburgh, in violation of the Americans with Disabilities Act.

Uber has been sued in cities around the United States for its violation of disability laws by failing to provide wheelchair-accessible service, yet it has continued its policy of denying that service.

Uber’s failure to make accessible vehicles available through its service denies people in Pittsburgh who use wheelchairs access to reliable, on-demand transportation that could drastically improve their lives, enabling them to travel to a wider variety of destinations without having to rely on transportation via expensive and unreliable taxis, unreliable paratransit, and limited public transit. It would enable them to travel spontaneously, without having to schedule transportation hours or even days in advance. Unfortunately, Plaintiffs and members of the class are excluded from these benefits, and suffer real harm as a result.

For example, on multiple occasions Plaintiff Paul O’Hanlon has had to travel several miles by wheelchair when he has missed the last city bus. “By reason of my disability I am denied access to Uber’s on-demand transportation that allows others to move around the city on their own schedules,” he said. Similarly, Plaintiff Irma Allen must rely on her son for transportation, which requires him to take time off work and lose a day’s wages. Ms. Allen said, “My family and I are at a distinct disadvantage because Uber doesn’t provide wheelchair-accessible service. It’s not fair that we are being left behind while other folks are enjoying the benefits of Uber’s new technology.”

Michelle Iorio, Staff Attorney at Disability Rights Advocates, said, “Transportation can be a real challenge for people with mobility disabilities, who often don’t have access to their own vehicle and who frequently can’t depend on paratransit because it is unreliable. Accessible ride sharing would facilitate societal integration for persons with disabilities, and Uber’s failure to provide wheelchair-accessible service undermines this potential.”

Echoing this sentiment, Bruce Carlson, a founding partner at national class action firm Carlson Lynch, LLP, noted: “Uber’s express business plan, as detailed in its regulatory filings, is to displace public transportation with its ride sharing services. The problem is that public transportation, where available, is largely accessible, but Uber’s ride sharing services are not. Uber wants to create a paradigm shift with respect to the provision of transportation services. But will the new paradigm realize the potential of exponentially increasing accessibility, or will it leave individuals with mobility disabilities behind?”

The lawsuit seeks modifications to Uber’s policies and practices to ensure that it makes wheelchair accessible vehicles readily available to persons who need them through its on- demand ridesharing services. Plaintiffs do not seek monetary damages.

In addition to the case filed today against Uber in Pittsburgh, DRA has filed cases against Uber in New York and California for their failure to serve riders who use wheelchairs. DRA has also filed a case against Uber’s competitor Lyft in California. These cases are critical to protecting the rights of wheelchair-users throughout the country.

A copy of the Complaint is available here.

Gary Lynch Headshot

Carlson Lynch Partner, Gary Lynch Named the Legal Intelligencer Attorney of the Year Finalist

Today, the Legal Intelligencer announced the 2019 Professional Excellence Award winners, highlighting the great work and achievements across the full breadth of the Pennsylvania legal community and naming Gary Lynch, a partner of Carlson Lynch, Attorney of the Year Finalist.

In the 2018 landmark cybersecurity and data privacy case, Lynch successfully argued before the Pennsylvania Supreme Court that companies have a common-law duty to protect their electronically stored employee data. The high court’s ruling reversed two controversial lower court rulings that had tossed out a lawsuit against UPMC over a data breach that exposed the personal information of tens of thousands of current and former employees.

Earlier in 2018, Lynch was appointed co-lead counsel of national multidistrict litigation brought by over 70 financial institutions against Equifax, related to the company’s 2017 data breach.

Lynch is helping to shape the emerging area of data breach and privacy law through his work on several cases over the past few years, including data breach litigation involving Target, Home Depot, UPMC and Wendy’s. He was co-lead counsel for the financial institutions suing Home Depot, following the home improvement retailer’s 2014 data breach and on the five-person executive committee overseeing the prosecution of nationwide litigation against Target for its 2013 breach.

In addition to his work in the cyber security arena, Lynch continued his consumer protection and employee wage and hour practice in 2018, serving as co-lead for plaintiffs in a trial against the Penthouse Club in Philadelphia and securing a verdict of $4.5 Million on behalf of a class of exotic dancers who were misclassified as independent contractors by the night club.

Pa. Supreme Court rules UPMC — and all employers — must protect workers' data. Doing so is harder.


UPMC BuildingGary Lynch, Esq. and Jamisen Etzel argued and won at the Commonwealth of Pennsylvania Supreme Court that UPMC breached common law legal duty.

They said UPMC had to meet a standard of reasonable care in handling employee data, because failure to do so could result in harm and it did - to the tune of several million dollars.

Read article online

Doctor using tablet

Carlson Lynch Wins Major Data Privacy Case in Pennsylvania Supreme Court

On November 21, 2018, the Supreme Court of Pennsylvania issued a landmark ruling in the case of Dittman v. UPMC in favor of employees at the University of Pittsburgh Medical Center (UPMC) represented by Carlson Lynch. In its decision, the Supreme Court of Pennsylvania held that UPMC had a duty to reasonably protect its workers’ personal data from cyber theft. This decision will very likely have a profound impact on future data breach litigation, specifically regarding the degree to which recipients of sensitive, personally identifying information are required to act reasonably in electronically storing and safeguarding such data. Gary Lynch argued the case on behalf of the employees, with Carlson Lynch attorney Jamisen Etzel spearheading the briefing.

How the Case Arose

In February 2014, UPMC first informed the public about its data breach. Initially, UPMC claimed the data leak involved the names, addresses, bank information, birth dates, salaries, and social security numbers of only 22 workers. Two months later, however, in April 2014, UPMC updated this information and stated that 27,000 workers had information stolen. In May 2014, UPMC finally confirmed that all of its current as well as former workers were affected by the breach.

While the extent of the breach was still being investigated, in June 2014, Carlson Lynch filed a class action lawsuit against UPMC in the Court of Common Pleas of Allegheny County, on behalf of all UPMC employees (consisting of approximately 62,000 current workers and an undetermined number of former employees). The lawsuit alleged that UPMC:

  • Failed to adopt, design, and maintain adequate security measures for worker data privacy rights.
  • Failed to implement processes that would detect security breaches in a timely manner
  • Failed to meet current data security industry standards regarding authentication protocols, encryption, and firewalls
  • Breached its duty of reasonable care to secure personal information, and
  • Violated administrative guidelines

The lawsuit sought recovery of economic losses resulting from the filing of fraudulent tax returns in the names of workers whose information was stolen, as well as the increased risk that workers faced in the future of becoming the victims of identity theft, fraud, and abuse.

The Procedural History of the Case

The case took several years before it was heard by the Pennsylvania Supreme Court. The Court of Common Pleas initially dismissed all counts in the complaint, holding that UPMC owed no duty to reasonably protect employee data from cyber theft and, in any event, such a negligence claim based solely on economic damages would be barred by Pennsylvania’s economic loss doctrine. The Superior Court later affirmed the Court of Common Pleas’ dismissal. The Supreme Court of Pennsylvania, however, ultimately reversed this decision.

The Supreme Court of Pennsylvania’s Ruling

 There are two notable components to the Supreme Court of Pennsylvania’s ruling:

  • Duty to protect sensitive data from cyber theft. As part of its decision, the Supreme Court of Pennsylvania rejected the concept that it was creating a “new affirmative duty” for the holders of sensitive information. Instead, the Court found it was merely applying a long-established duty to a novel scenario. As a result, the Court held that where an employer’s collection of personal data belonging to workers creates a foreseeable risk of data breach, an employer has a duty of reasonable care to secure this data. This led the Court to conclude that UPMC should have realized a cybercriminal might take advantage of vulnerabilities in the company’s computer system and steal data belonging to current and past workers.
  • Negligence claims involving “purely” economic loss. In its decision, the Supreme Court of Pennsylvania further held that Pennsylvania’s economic loss doctrine does not prohibit negligence claims seeking “purely” economic damages, so long as the duty sought to be enforced arises independently of any contractual duty. In reaching this holding, the Court clarified its prior decisions enunciating and applying the economic loss doctrine and rejected any and all previous pronouncements of the doctrine by lower Pennsylvania courts which had suggested an oversimplified interpretation of the doctrine which disallowed any tort claim in which only economic damages are sought. This significant holding by the Court makes it clear that if the duty which forms the basis for a tort claim arises independently of any contractual obligation between parties, such claim is viable even if purely economic damages are sought. As a result, the Court found that UPMC had a duty to reasonably secure personal data under general principles of negligence law, and the economic loss doctrine does not prohibit the workers’ claims.

Protecting the Privacy Rights of Workers

Data breaches are occurring in our society at an alarming rate. If you are a victim of a data breach, it is important to remember that the holder of your data is obligated to act reasonably to store and protect it from cyber theft. If you believe the holder of your data has failed to uphold this duty, please contact Gary Lynch at Carlson Lynch today by calling 1-(800)-467-5241 or contact us here.

Sexual Harassment

What It Is

Sexual harassment is a form of sex discrimination. It includes quid pro quo (something for something) harassment, which occurs when an authority figure, such as a manager, suggests that he or she will provide something to a person in exchange for sexual favors. It includes offering to promote an employee, threatening to fire or reprimand the employee for not complying, or hiring or not hiring an applicant based on acceptance or rejection of sexual advances. Sexual harassment is not limited to quid pro quo harassment. It also includes the creation of a hostile work environment. This occurs when there is physical or verbal conduct that is so severe and pervasive that it creates an intimidating, offensive, or hostile work environment. This usually does not include one-off remarks or simple teasing. It can include:

Offensive remarks about a person’s gender
Sexual remarks – Comments made in a joking manner
Unwanted touching of any part of a person’s body

What You Should Know

Sexual harassment of any kind is illegal. You have the right to work in an environment that is not hostile. Your employer is required to ensure that you are not being harassed at work.

The harasser can be a manager, coworker, subordinate or even a customer. The victim and the harasser do not have to be opposite genders or sex. You may be a victim of sexual harassment even if the harassment was not directed towards you but you witnessed it occurring.

What You Should Do

What You Should Do First, you should keep a journal. Every time you are harassed, write down who said what, where you were, what time it was, who else was there, what you did in response, and anything else that you think is important about the harassment. In most situations, you should talk to your employer. Most employers have a system in place to report sexual harassment. If you do not speak to your employer about the harassment, you could be prevented from bringing a lawsuit in the future.

You should talk to a lawyer as soon as possible. A lawyer can help you decide what you need to tell your employer and how you should do it. If you have been terminated or fired because of sexual harassment, a lawyer can explain what options are available to you. Also keep in mind that there are statutes of limitations and administrative filing requirements that can be as short as 180 days. If you do not take action before the appropriate filing deadlines, you may not be able to take any action at all.

Signing mortgage documents

Carlson Lynch Wins $24 Million Dollar Award On Behalf Of Certified Class Of Mortgage Borrowers Following 13 Day Federal Court Arbitration

On March 24, 2017, a three judge panel awarded $24 million dollars to a certified class of mortgage borrowers represented by Carlson Lynch.The award followed a 13 day arbitration trial conducted in the federal courthouse in Pittsburgh. The panel of arbitrators included a former judge from the United States District Court for the Western District of Pennsylvania and two former litigation department heads at AmLaw 100 law firms.Bruce Carlson was co-lead counsel for the class and Carlson along with his partner Gary Lynch led the Carlson Lynch trial team that tried the case. This arbitration award represented the culmination of more than ten years of litigation, including three trips to the United States Court of Appeals for the Third Circuit and the certification of a RICO class which was affirmed by the Third Circuit. Judge Arthur Schwab was the presiding judge in the District Court.

Gary Lynch Headshot

Gary Lynch Appointed As Co-Lead Counsel For Financial Institution Plaintiffs In Home Depot Data Breach Litigation

On February 2, 2015, a federal district judge issued an order appointing Gary Lynch to serve as Co-Lead counsel responsible for managing nationwide litigation against Home Depot. All cases stemming from the data breach at Home Depot have been consolidated before U.S. District Judge Thomas W. Thrash in the Northern District of Georgia. Carlson Lynch was initially retained by numerous financial institutions which have suffered readily quantifiable damages as a result of the data breach. Co-Lead Counsel will direct and manage proceedings on behalf of all financial institution plaintiffs.

Credit card POS machine

Court Denies Targets Motion To Dismiss Financial Institution Cases In Data Breach MDL

As reported previously, Gary Lynch was elected to the Executive Committee managing litigation on behalf of a putative class of financial institutions that is pending before Judge Magnuson in the United States District Court for the District of Minnesota. On December 2, 2014, the Court issued a decision denying almost all of the arguments advanced in Target’s Motion to Dismiss the case. Developments in this case should be instrumental in shaping the body of law that is evolving in the wake of recent data breach incidents in this country.

Credit card POS machine

Gary Lynch Appointed To Executive Committee In Target Data Breach MDL

On May 22, 2014, a federal district judge issued an order appointing Gary Lynch to serve on the five-person Executive Committee responsible for overseeing the prosecution of nationwide litigation against Target Corporation.  All cases stemming from the data breach which the retailer experienced in late 2013 have been consolidated before U.S. District Judge Paul A. Magnuson in the District of Minnesota.  Carlson Lynch was initially retained by numerous financial institutions which suffered damages as a result of measures the institutions were forced to take to protect their account holders from suffering identity theft and financial loss. The Executive Committee will work in conjunction with lead and liaison counsel to coordinate the litigation on behalf of both consumers and financial institutions.

The case is In re: Target Corporation Customer Data Security Breach Litigation, MDL No. 2522 in the U.S. District Court for the District of Minnesota.