The United States Postal Service suffered a data security breach at the end of 2014. Electronic files including information such as employee names, dates of birth, social security numbers, addresses, beginning and end dates of employment, and emergency contact information was compromised in the breach. The Postal Service offered affected employees a free year of credit monitoring services to help protect them from any potential identify theft, but the unions representing the employees wanted more.
The unions demanded that they should be involved in at-the-table discussions of how to respond to data security breaches. After being refused a seat at the table, the unions requested copious amounts of information. Unsatisfied with that they received, the unions filed unfair labor practice charges against the Postal Service for failing to furnish requested information about the breach. From management’s perspective, a union’s involvement in reacting to a data security breach will restrict a company’s flexibility and slow down the response time. Further, the Postal Service claims it could not have given employees or the union notice of the breach without compromising the investigation and remediation of the breach.
This Postal Service case will be interesting to monitor. Headlines are rife with data security breaches from nationwide companies down to local mom and pop shops. The outcome of this case will likely govern whether companies can respond to future security breaches with agility and temporary confidentiality, or if they need to bargain with their unions about how to best protect sensitive corporate data.