NRLCA Resolves Massive Cybersecurity Breach Unfair Labor Practice Case Against U.S. Postal Service

On November 19, 2014, the NRLCA filed unfair labor practice charges with the National Labor Relations Board against the Postal Service, alleging that the Postal Service violated federal labor law by failing to bargain over and provide information concerning the September 2014 “cyber intrusion” by hackers into the Postal Service’s computer systems. On May 21, 2015, Region 5 of the National Labor Relations Board (“NLRB”) approved a settlement between the Postal Service and the NRLCA that resolves this unfair labor practice case, as well as related unfair labor practice cases filed by three other Postal Service unions.

Some time in 2014, hackers gained unauthorized access to Postal Service networks containing large amounts of sensitive information about Postal employees. Although the Postal Service knew about the breach since September 2014, former Postmaster General Patrick Donahoe deliberately waited several months before finally notifying its employees, the NRLCA and the public. Long after the November 2014 announcement that there had been a cyber intrusion, the Postal Service continued to refuse to respond to the NRLCA’s information request seeking basic information about the breach and the potential threat to employee information, including sensitive personal, financial and medical data. In April, 2015, likely in response to the increasing NLRB pressure and the fact that the NLRB General Counsel was poised to seek extraordinary relief in the form of federal court injunctions, the Postal Service finally answered the NRLCA’s November 2014 information request with detailed and comprehensive responses.

In this landmark settlement of the unfair labor practice cases, the Postal Service has agreed to provide the NRLCA with virtually all of the remedies that it would have been entitled to had the case gone to trial, including the Postal Service’s agreement to:

  • Conduct bargaining sessions for as long and frequently as desired by the unions, within seven days notice, over the impact and effects of the data breach;
  • Make subject matter experts available, who can address issues about the possible risks to bargaining unit employees and mitigation strategies and options in detail;
  • Respond within seven days to all future information requests concerning the cyber intrusion;
  • Post an official NLRB Notice in all post offices across the country and on the Postal Service’s LiteBlue intranet, stating, among other things, that the Postal Service will not refuse to bargain in good faith with the NRLCA; will not unilaterally change terms and conditions of employment; will respond expeditiously to information request, and will not interfere with employees’ rights under Section 7 of the National Labor Relations Act;
  • Read the Notice to all employees during service “standup” talks.

This settlement sends a loud and clear message that the NRLCA will not permit the Postal Service to continue to put employees’ personal information at risk. Although it took far too long, the Postal Service has finally provided the essential information that the NRLCA requested last November. The Postal Service also has finally acknowledged its legal obligation to bargain in good faith with the NRLCA about the threat to the personal and sensitive information of rural letter carriers caused by the cyber intrusion.

The parties are expected to schedule bargaining sessions very soon to begin working on these critical issues.

Click here to view the official settlement agreement.

Source: https://www.nrlca.org/News/683