These days most employers manage a vast amount of electronic information about their employees, including the employees’ personal identifying information. But, what obligations do employers have to unionized employees with respect to managing that information and bargaining with them in the event of a breach of their private information?
This is one of the latest questions before the NLRB after the American Postal Workers Union (APWU), which represents employees of the United States Postal Service, filed a charge with the NLRB alleging that the USPS breached its obligations under the National Labor Relations Act during its response to a data breach of employees’ personal information.
Last fall, the USPS announced that it had experienced a major breach of its electronic data, which may have comprised employees’ human resources files containing names, addresses, dates of birth, Social Security numbers and dates of birth. The APWU’s charge alleges that months after discovering the breach, the USPS notified the APWU the day before it notified employees of the breach and unilaterally offered the employees free credit monitoring for one year. The APWU alleges that the USPS breached its obligation under the NLRA to bargain in good faith with its employees by not providing its employees with advance notice of the breach and that it unlawfully changed the employees’ terms and conditions of employment by offering them the credit monitoring without negotiating first with the Union.
The USPS charge is the NLRB’s first opportunity to weigh in on the duties an employer owes unionized employees with respect to notification of and bargaining regarding data breaches. The NLRB has yet to act on the charge, but we expect that its response will focus on whether the USPS undermined the union’s collective bargaining powers by not speaking with the union before offering a benefit (the credit monitoring). Regardless of the outcome, this subject matter is likely to become a key issue for employers in the coming years as more personnel information becomes stored electronically. The NLRB’s position could influence whether employers offer any benefits to employees whose information may have been compromised in a breach.