Legal

Cybersecurity and the NLRB

By Jon Hyman

Nov. 18, 2014

A few months ago, I wrote how the National Labor Relations Board was exploring new areas of potential protected concerted activity to regulate. One such area is information and data security.

According to Employment Law 360, the NLRB potentially is looking to expand its reach in the area of cybersecurity, this time investigating whether an employer was required to bargain with its labor union over the impact of a data breach on its employees:

A postal workers union has lodged a charge with the NLRB over the U.S. Postal Service’s handling of a recent data breach, a novel move that adds union negotiations to the already sprawling list of concerns companies must contend with in their race to mitigate cyberattacks.

In a November 10 charge filed with the NLRB, the American Postal Workers Union accused USPS of engaging in unfair labor practices in violation of the National Labor Relations Act, by failing to give the union advance notice “that would enable it to negotiate the impacts and effects” on employees of the cyberattack….

The union specifically took issue with USPS’ offering employees affected by the incident one year of free credit-monitoring, a decision that the postal workers characterized as a unilateral change to wages, hours and working conditions that an employer is generally not permitted to make without first bargaining with the union.

Responding to a cyber-attack is complicated and complex. The Federal Trade Commission, along with a patchwork of divergent state laws, requires quick communication of various levels of detail and complexity to individuals and regulators following a data breach. If employers need to add communications to labor unions to this list of constituents (and this issue remains very much open), it will create additional burdens on employers, which could potentially slow down a company’s other response efforts.

To avoid these issues, employers should consider bargaining these issues into the terms of collective bargaining agreements, so that you have a game plan in place before you have to respond. Otherwise, when faced with a data breach, you could be faced with running your response programs through the filter of your labor unions, which could hamper your other response efforts, and subject your company to potential liability from the cyber breach.

Jon Hyman is a partner in the Employment & Labor practice at Wickens Herzer Panza. Contact Hyman at JHyman@Wickenslaw.com.

About Workforce.com

blog workforce

We build robust scheduling & attendance software for businesses with 500+ frontline workers. With custom BI reporting and demand-driven scheduling, we help our customers reduce labor spend and increase profitability across their business. It's as simple as that.

Book a call
See the software

Related Articles

workforce blog

Compliance

Minimum Wage by State in 2022 – All You Need to Know

Summary The federal minimum wage rate is $7.25, but the rate is higher in 30 states, along with Washing...

federal law, minimum wage, pay rates, state law, wage law compliance

workforce blog

Legal

California’s push for a 32-hour workweek explained, and how to prepare

Summary: California is considering a 32-hour workweek bill for businesses with over 500 staff 4 day wee...

32 hour workweek, 4 day workweek, california, legislature, overtime

workforce blog

Legal

A business owner’s guide to restaurant tipping law

Business owners in the restaurant industry are in a unique position when it comes to employee tips. As ...

restaurants, tip laws, tipping