Employees' Personal Data Unleashed Under New Labor Board Rule

Allowing Unions Access to Information Flouts State Laws and Imperils Employers

Support NAM Legal Action

The National Association of Manufactures (NAM) has sued the National Labor Relations Board (NLRB) in U.S. District Court to stop their overreach on this election Rule. The NAM firmly believes that the NLRB should be a fair arbiter of the law, not a supporter of a partisan agenda. We will continue to take legal action when necessary to protect manufacturers and our employees from this extreme agenda. We kindly ask for your support to continue our litigation. Support the NAM’s litigation effort, please contribute to our fund.

Contribute Today

In the face of increased public awareness and justifiable concern about the collection and misuse of personal data, state legislatures have rushed to propose an array of privacy laws aimed at protecting your information. These states understand that technology can bring greater risk if our personal data are compromised.

However, recent action by the National Labor Relations Board shows a shocking disregard for the importance of protecting your personal information. At best, the NLRB is proving itself ignorant of modern privacy threats, and at worst it is complicit in seeking to diminish worker privacy rights.

Starting on April 15, the NLRB's "quickie" election rule, which changes long-standing labor policy by shortening the time frame for businesses to hold union elections to as little as 14 days, will require all employers to turn over their employees' personal e-mail addresses, home and personal cellphone numbers, work locations, shifts and job classifications to union organizers.

First, employees have no say in whether their personal information can be disclosed. Second, under the rule, the union organizer has no substantive legal responsibility to safeguard and protect workers' sensitive information. Third, the rule provides no restriction on how the private information can be used. Finally, employees have no legal recourse to hold accountable an outside group that compromises this important private information.

The NLRB was fully aware of these issues prior to finalizing the rule, stating that many comments argued that "the disclosure of such information could cause harm to the employees, invade their -privacy or conflict with precedent or other laws."

Elevating Priorities

Incredibly, the NLRB decided to elevate the priorities of special-interest groups above real concerns about worker privacy and security. The NLRB concluded that the benefits this personal data would provide to unions, by allowing them to quickly track down and contact employees during an organizing campaign, "outweigh the interests employees and employers have in keeping the information private."

There is a singular motivation behind the NLRB's fight against privacy rights — to promote unionization. This prounion advocacy will come at the expense of worker security and increased employer liability.

The NLRB could have struck a much needed balance between these goals easily enough. For example, the rule could have included an employee opt-out provision, a simple "unsubscribe" link for election-related texts and emails, or other privacy protections regarding disclosure of this personal information. But the NLRB decided that no balance was needed and took the position that the rights of one group (the union) "outweigh" the rights of another.

For a presidentially appointed board charged with protecting worker rights, this action appears to demonstrate a deplorable contempt for this foundational responsibility.

Many states, such as California, have statutes that mandate higher standards of care for employee and customer information. Certain states also impose confidentiality, privacy and security obligation on an employer and provide for a private right of action should some injury occur due to a breach of an employee's or customer's personal data. For example, Sony Corp. was recently sued under California law by former employees after hackers were able to compromise computer systems and released employees' personal data.

Employers are right to be aware of these new state-level trends in employer liability for employee privacy. These statutes create a duty owed to an employee by an employer. If that duty is breached, an employer could be held liable under a general negligence theory.

Recently, an Indiana appellate court upheld a jury award of $1.4 million on these grounds. The court looked primarily to state law for privacy expectations and a duty of confidentiality. That distinction creates broader implications for employer liability beyond the Health Insurance Portability and Accountability Act or health care generally. Is the NLRB now opening employers up to increased liability under state privacy and security laws for breaching this duty by providing employees' personal information to outside entities that have no corresponding responsibility to ensure the security of the information?

The importance of protecting workers' personal data should not be so cavalierly disregarded. Not only is it unjust for the federal government to require employer complicity in eroding privacy rights, but the potential threat of increased employer liability and to an employee's security is significant should this sensitive information fall into the wrong hands.

Knowing a worker's home address and when and where he or she works makes that person an easy target for thieves. This information, when combined with sensitive biographical data, further increases the worker's risk, making him or her easy prey for cybercriminals. This is in part why all federal entities, including the NLRB, have an ongoing legal obligation to protect the personal data of a private citizen it shares with another governmental entity. However, when the NLRB hands this private information over to a third party, it, for some reason, absolves itself and the unions of this same responsibility.

The NLRB's rule falls short of the board's mission to protect workers' rights and undermines its credibility. The negative consequences for privacy and security go against the public interest, the rule must be invalidated before employees and employers are injured due to this shortsighted policy.

Source: http://www.nationallawjournal.com/id=1202715394422/OpEd-Employees-Personal-Data-Unleashed-Under-New-Labor-Board-Rule#ixzz3PHqfp629

Reprinted with permission from the January 19, 2015, issue of the National Law Journal © 2015, ALM Media Properties, LLC. Further duplication without permission is prohibited. All rights reserved.