By Jon Hyman
Nov. 18, 2014
A few months ago, I wrote how the National Labor Relations Board was exploring new areas of potential protected concerted activity to regulate. One such area is information and data security.
According to Employment Law 360, the NLRB potentially is looking to expand its reach in the area of cybersecurity, this time investigating whether an employer was required to bargain with its labor union over the impact of a data breach on its employees:
A postal workers union has lodged a charge with the NLRB over the U.S. Postal Service’s handling of a recent data breach, a novel move that adds union negotiations to the already sprawling list of concerns companies must contend with in their race to mitigate cyberattacks.
In a November 10 charge filed with the NLRB, the American Postal Workers Union accused USPS of engaging in unfair labor practices in violation of the National Labor Relations Act, by failing to give the union advance notice “that would enable it to negotiate the impacts and effects” on employees of the cyberattack….
The union specifically took issue with USPS’ offering employees affected by the incident one year of free credit-monitoring, a decision that the postal workers characterized as a unilateral change to wages, hours and working conditions that an employer is generally not permitted to make without first bargaining with the union.
Responding to a cyber-attack is complicated and complex. The Federal Trade Commission, along with a patchwork of divergent state laws, requires quick communication of various levels of detail and complexity to individuals and regulators following a data breach. If employers need to add communications to labor unions to this list of constituents (and this issue remains very much open), it will create additional burdens on employers, which could potentially slow down a company’s other response efforts.
To avoid these issues, employers should consider bargaining these issues into the terms of collective bargaining agreements, so that you have a game plan in place before you have to respond. Otherwise, when faced with a data breach, you could be faced with running your response programs through the filter of your labor unions, which could hamper your other response efforts, and subject your company to potential liability from the cyber breach.
We build robust scheduling & attendance software for businesses with 500+ frontline workers. With custom BI reporting and demand-driven scheduling, we help our customers reduce labor spend and increase profitability across their business. It's as simple as that.
ComplianceMinimum Wage by State in 2022 – All You Need to Know
Summary The federal minimum wage rate is $7.25, but the rate is higher in 30 states, along with Washing...
federal law, minimum wage, pay rates, state law, wage law compliance
LegalCalifornia’s push for a 32-hour workweek explained, and how to prepare
Summary: California is considering a 32-hour workweek bill for businesses with over 500 staff 4 day wee...
32 hour workweek, 4 day workweek, california, legislature, overtime
LegalA business owner’s guide to restaurant tipping law
Business owners in the restaurant industry are in a unique position when it comes to employee tips. As ...
restaurants, tip laws, tipping