skip to main content
logo_fullcolour

Will the NLRB Regulate Your Cyber Breach?

If your company suffered a cyber breach, would you bargain with your employees' union over a response?
 
Depending on a pending National Labor Relations Board (“NLRB”) case, you may be required to bargain.
 
The NLRB recently filed a formal complaint against the U.S. Postal Service, alleging a failure to bargain over the impact and response to a 2014 cyber breach.  The breach compromised the personally identifiable information, including Social Security numbers and addresses, of approximately 800,000 Postal Service employees.  The Postal Service became aware of the breach as early as September 11th, but did not notify its employees until November 10th.  As part of its response, the Postal Service provided its employees with one year of credit monitoring services and fraud insurance.
 
The NLRB’s complaint states that the Postal Service had an obligation to bargain with the employees’ respective unions, the American Postal Workers Union, the National Letter Carriers Association, and the National Rural Letter Carriers Association.  The NLRB argues that the effects of and response to a cyber breach relate to the wages, hours, and other terms and conditions of employment.  Since the unions are the exclusive bargaining representatives of the Postal Service employees, the NLRB claims that the Postal Service should have: (1) provided the unions with information about the extent and impact of the breach; and, (2) bargained with the unions over an appropriate response.
 
An NLRB-administrative judge is scheduled to hear the dispute in May.  We will keep you posted on the final decision.  However, if this case is decided in the NLRB’s favor, employers will now have an obligation to bargain over the impact of and response to a cyber breach.
 
Regardless of the ultimate outcome, this case is a good reminder for employers to:
1.    Develop a cyber breach response plan.
2.    Contact your attorney as soon as you discover a breach.
 
If you have questions about responding to a cyber breach or about cyber liability issues in general, contact a member of MacDonald Illig’s Emerging Technologies Practice Group
 
Also, if you know of someone who may be interested in receiving these weekly updates, have that person contact vmadden@mijb.com to be added to the distribution list.