NLRB Charge Expands Data Breach Duties for Unionized Cos.

November 14, 2014 – In The News

Scott L. Vernick was quoted in the Law360 article, “NLRB Charge Expands Data Breach Duties for Unionized Cos.” Full text can be found in the November 14, 2014, issue, but a synopsis is below.

A postal workers’ union has accused the U.S. Postal Service (USPS) of engaging in unfair labor practices in violation of the National Labor Relations Act in a charge recently lodged with the National Labor Relations Board over the handling of a USPS data breach.

The union took issue with the USPS’ offer of one year of free credit monitoring to employees affected by the breach, a decision the union characterized as a unilateral change to wages, hours and working conditions that employers are generally prohibited from making without first bargaining with the union.

“It's certainly a distinct possibility that for unionized workforces, assuming this claim gets any traction, bargaining with the union over the effects of a data breach is going to be another issue that companies will have to deal with in responding to a breach,” said Scott Vernick, a noted privacy attorney.

According to attorneys, employers would be wise to reconsider how they communicate with their unions following a data breach, and should consider including terms into their collective bargaining agreement or incident response plans addressing their negotiation obligations.

“A way to potentially avoid charges like this is to be more forthcoming with the union,” Vernick said.