Expect a Fight From Federal Employee Groups Over OPM Hack Response

The federal government has said it will offer 4 million of its current and former employees free credit monitoring after their personal data was compromised by hackers, but workers could soon be fighting for more.

The National Labor Relations Board recently ruled in a precedent-setting decision the U.S. Postal Service should have bargained with labor groups representing its employees before offering credit monitoring in response to a data breach at the agency. Postal unions had filed a complaint against USPS for its failure to negotiate, and they eventually reached settlement agreements to spell out how employees must be notified of the hack and set up future bargaining.

The settlement came after NLRB ruled USPS violated labor laws by offering free credit reports without consulting the appropriate unions. Because the monitoring related to “the wages, hours and other terms and conditions of employment,” the board said, it became a “mandatory subject” for collective bargaining.

In the recent hack of data from the Office of Personnel Management, the details of exactly whose information was compromised are still unclear, and the fight for how to respond has yet to play out. With precedent on the unions' side, however, a fight is all but certain.

“We are currently drafting guidance to assist [American Federation of Government Employees] locals in bargaining over the impact of this cyberattack on our members,” AFGE National President J. David Cox told Government Executive.

The National Federation of Federal Employees told Government Executive it too would be drafting such guidance. 

OPM Director Katherine Archuleta has said the government will offer affected past and current employees 18 months of free credit monitoring, as well as $1 million worth of identity theft insurance and recovery services. AFGE Policy Director Jacque Simon, however, made clear in an interview with NPR the government will have to do better.

“What if something happens 24 months from now?” Simon asked. “You know, the government has some liability for this loss, and we're going to try to make sure that it meets all of its obligations.”

The American Postal Workers Union, one of the labor groups to reach a settlement with USPS last month, said some of its retirees may have been affected by the latest breach and it plans to use the recent precedent to its advantage.

“The APWU is committed to protecting the rights of our members, including the right to protect their personal information,” said Mark Dimondstein, the union’s president.

APWU previously called its settlement a “historic” win for unions, saying it guaranteed “management’s responsibilities to protect employees’ personal information in the digital age.” Given the trend of recent breaches at government agencies, APWU said its victory was “significant for workers far beyond those employed by the USPS.”

Lawmakers are also looking to ensure federal employees receive adequate protections in the wake of the hack. In a letter to Archuleta on Monday, Rep. Chris Van Hollen, D-Md., called OPM’s response “disturbing.”

“I am writing to understand what immediate steps you are taking to prevent a recurrence of such an event and what you are doing to ensure that the data that was accessed cannot be used to threaten the financial security of the victims,” Van Hollen wrote.

OPM will notify affected employees their information was compromised by June 19. It has provided a series of tips for those impacted in addition to the monitoring and insurance, but has not indicated any intention of providing additional benefits. 

(Image via YURALAITS ALBERT / Shutterstock.com)