USPS must bargain with letter carriers over cyber breach, NLRB says

The National Labor Relations Board has accused the Postal Service of failing to communicate with its labor unions about last year\'s cyber attack that affected more...

Score one for postal unions in their fight with the Postal Service over employees’ data that was exposed in a massive cyber breach last fall.

The National Labor Relations Board has formally accused the Postal Service of dodging its labor unions, which have complained that the agency failed to alert them of the cyber attack until it was made public. Since then, they say, the Postal Service has not been willing to discuss with them its attempts to make employees whole.

The Postal Service “has been failing and refusing to bargain collectively and in good faith with the exclusive collective-bargaining representative of its employees,” according to the complaint signed by Charles Posner, director of the region that includes the Washington, D.C. area.

Moreover, the agency has an “extensive history of repeated unfair labor practice violations,” the complaint says.

The NLRB complaint responds to a charge brought in November by the National Rural Letter Carriers’ Association alleging that the Postal Service made unilateral decisions that impacted employees’ wages, hours and working conditions. Two other postal unions have made similar claims.

“This is a major development in the Union’s efforts to protect rural carriers’ personal data by acquiring more information about the breach and requiring the Postal Service to discuss the impact of the breach and what it intends to do to remedy the situation and protect employee data in the future,” said NRLCA President Jeanette Dwyer in a statement. “The NRLCA will continue in its efforts to ensure that the Postal Service takes every conceivable step to protect the personal information of rural letter carriers’ and all Postal employees.”

In the complaint, Posner says the Postal Service should have bargained with the association about the impact of a cyber breach on letter carriers. The Postal Service offered a year of credit monitoring services to all affected employees. That falls within the scope of collective bargaining too, Posner wrote, because it deals with wages, hours and other conditions of employment.

The NLRB general counsel is demanding that the Postal Service post notices of its labor violations on its internal web portal and in facilities where rural letter carriers work. In addition, the complaint says the agency should bargain with the association within 15 days of receiving an order from an administrative law judge. The bargaining should last for at least 15 hours a week until the issues are resolved, it says.

The Postal Service has until April 14 to respond to the complaint. A hearing is scheduled for May 20 in Washington, D.C.

The agency is reviewing the three complaints by the labor unions, said spokesman Dave Partenheimer.

“None of the three complaints, however, allege that the Postal Service unlawfully delayed notifying its employees or the unions of the cyber breach,” he said. “Indeed, relying on advice from both internal and external experts, the Postal Service could not have provided its employees or the unions with earlier notice without compromising the investigation and remediation of the cyber breach. Once employees could be notified of the cyber breach, the Postal Service did offer all impacted employees one year of free credit monitoring services, in order to protect them from potential identity theft.”

The FBI is still investigating the case, he said.

The NRLCA contends that former Postmaster General Pat Donahoe deliberately kept Postal Service employees in the dark about the cyber breach. The delayed notice, it said, made it impossible for employees to immediately safeguard their personal information.

The Postal Service admitted in November that at least two months earlier, hackers had accessed more than 800,000 current and former employees’ sensitive information, including their names, Social Security numbers, and addresses. Once news broke, members of Congress came forward to say Postal officials had told them of the breach on two separate occasions before making it public. They also questioned the agency’s treatment of employees.

Since then, the Postal Service discovered that the hacker may have accessed up to 485,000 people’s medical records.

RELATED STORIES:

Cyber breach at Postal Service leaves employees vulnerable

Unions push back on beleaguered USPS

Hackers may have postal employees’ medical records

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

    Alyson Fligg/Labor DepartmentClare Martorana

    Why OMB’s human-centered policy design effort is paying off

    Read more