Legal

Cybersecurity and the NLRB

By Jon Hyman

Nov. 18, 2014

A few months ago, I wrote how the National Labor Relations Board was exploring new areas of potential protected concerted activity to regulate. One such area is information and data security.

According to Employment Law 360, the NLRB potentially is looking to expand its reach in the area of cybersecurity, this time investigating whether an employer was required to bargain with its labor union over the impact of a data breach on its employees:

A postal workers union has lodged a charge with the NLRB over the U.S. Postal Service’s handling of a recent data breach, a novel move that adds union negotiations to the already sprawling list of concerns companies must contend with in their race to mitigate cyberattacks.

In a November 10 charge filed with the NLRB, the American Postal Workers Union accused USPS of engaging in unfair labor practices in violation of the National Labor Relations Act, by failing to give the union advance notice “that would enable it to negotiate the impacts and effects” on employees of the cyberattack….

The union specifically took issue with USPS’ offering employees affected by the incident one year of free credit-monitoring, a decision that the postal workers characterized as a unilateral change to wages, hours and working conditions that an employer is generally not permitted to make without first bargaining with the union.

Responding to a cyber-attack is complicated and complex. The Federal Trade Commission, along with a patchwork of divergent state laws, requires quick communication of various levels of detail and complexity to individuals and regulators following a data breach. If employers need to add communications to labor unions to this list of constituents (and this issue remains very much open), it will create additional burdens on employers, which could potentially slow down a company’s other response efforts.

To avoid these issues, employers should consider bargaining these issues into the terms of collective bargaining agreements, so that you have a game plan in place before you have to respond. Otherwise, when faced with a data breach, you could be faced with running your response programs through the filter of your labor unions, which could hamper your other response efforts, and subject your company to potential liability from the cyber breach.

Jon Hyman is a partner in the Employment & Labor practice at Wickens Herzer Panza. Contact Hyman at JHyman@Wickenslaw.com.

What’s New at Workforce.com?

blog workforce

Come see what we’re building in the world of predictive employee scheduling, superior labor insights and next-gen employee apps. We’re on a mission to automate workforce management for hourly employees and bring productivity, optimization and engagement to the frontline.

Book a call
See the software

Related Articles

workforce blog

Compliance

Minimum Wage by State in 2023 – All You Need to Know

Summary Twenty-three states and D.C. raised their minimum wage rates in 2023, effective January 1.  Thr...

federal law, minimum wage, pay rates, state law, wage law compliance

workforce blog

Legal

New Labor Laws Taking Effect in 2023

The new year is fast approaching, and with its arrival comes a host of new labor laws that will impact ...

labor laws, minimum wage, wage and hour law

workforce blog

Legal

Wage and Hour Laws in 2022: What Employers Need to Know

Whether a mom-and-pop shop with a handful of employees or a large corporation staffing thousands, compl...

compliance, wage and hour law