Is the government feeding on itself now? The NLRB on March 31 issued a complaint against the U.S. Postal Service over a cyberbreach of employee records – including names, Social Security Numbers, dates of birth, and addresses – that occurred in 2014. The American Postal Workers Union contended that the USPS failed to promptly inform employees of the breach or to bargain over its response. The breach was the subject of a Congressional hearing in 2014, and at the hearing, a representative of the Postal Service testified that employees were notified of the breach promptly after it was confirmed and that the agency had acted with guidance from the FBI and the U.S. Department of Homeland Security.
In its complaint, the NLRB seeks an order for the Postal Service to post a remedial notice and bargain for at least 15 hours a week over the subject of handling of cyberbreaches until the USPS and the union reach agreement or impasse. According to an article in the Washington Post, the union president said that “[b]y issuing this complaint, the NLRB is recognizing employee rights in the information age.” But many might view it as wasteful, if not ludicrous, for one independent U.S. government agency, the NLRB, to be litigating against another, the Postal Service, before an Administrative Law Judge employed by the NLRB itself. (Under special legislation, the Postal Service is subject to the jurisdiction of the NLRB, unlike other federal, state, and local government agencies.) In any event, private sector employers should be aware that the Board is treating “cyberbreach response” as a mandatory subject of bargaining, like wages, hours, and other terms and conditions of employment.