Customer Privacy and the National Labor Relations Act
Last month, an Administrative Law Judge for the National Labor Relations Board ruled that Macy’s employee handbook contained overly broad confidential information policies. The decision continues efforts by the NLRB to police employer confidentiality policies, but it also demonstrates how industry efforts to protect privacy can inadvertently run afoul of Section 7 of the NLRA, which gives employees various rights to organize and engage in collective bargaining.
In this instance, Macy’s employee handbook repeatedly emphasized the importance of taking the privacy of fellow employees and customers seriously. It explained that the company holds “personal data of its present and former associates, customers and vendors,” and that the company is committed to using this information in a way that respects privacy. As a result, Macy’s required all employees with access to this personal data to protect it against unauthorized use, disclosure, or access. The ALJ found that the handbook’s repeated invocations about protecting information would make employees reasonably believe the were restricted form discussing certain terms and conditions of their employment, which runs contrary to the NLRA.
Yet whenever personal information is shared, it raises privacy issues. Cases like this pose a clash between competing values, and moving forward, it will be important for the NLRB to recognize that protecting employee organizing rights may come at a cost to their privacy expectations, and vice versa. As this case demonstrates, employee rights can also challenge the privacy rights of customers and vendors.
What makes this decision so problematic from a privacy perspective is that the ALJ also found Macy’s “restrictions on the use of information regarding customers and vendors” violated the NLRA. In certain circumstances, that may be true, but here, the ALJ largely relied on a single NLRB decision, Trinity Protection Services, Inc., 357 NLRB No. 117 (2011), which found that “employees’ concerted communications regarding matters affecting their employment with their employer’s customers or with other third parties, such as governmental agencies, are protected by Section 7 and, with some exceptions not applicable here, cannot lawfully be banned.”
Trinity was a very different case. It involved a dispute between a security contractor and newly hired guards. During their training, the guards believed Trinity Protection Services used inadequate security measures and threatened to notify the Department of Homeland Security, who had contracted Trinity, about the inadequacies. Trinity told the guards any information they received was confidential and any disclosure would violate a non-disclosure agreement. This sort of policy was found unlawful because it “inhibit[ed] employees from bringing work-related complaints to, and seeking redress from, entities other than the Respondent.”
And this case could also be distinguished on the grounds that it extends Trinity‘s protection of communications to a whole host of private customer information. The ALJ does concede that his concerns about Macy’s restrictions on use of customer information should apply “to a lesser extent,” but this case demonstrates how legitimate efforts to protect privacy can push up against labor laws.
As David Katz explains, the decision should “concern employers, as the provisions attacked here are likely quite similar to other employers’ policies. Employers should be mindful of the Board’s recent crusade against overbroad handbook provisions, and should review their policies—including those not typically associated with NLRB scrutiny (such as confidentiality and privacy policies)—with an eye towards the Board’s recent rulings.”
Beyond the burdens this decision could place on companies, it also highlights the need for the NLRB and its ALJs to be aware of the privacy implications of their decisions. Certain types of information sharing may indeed be necessary to protect employee rights, but let’s be clear: companies need to stress to their employees the importance of taking privacy seriously. With new data breaches making headlines daily, it’s important to remember that human error can be the biggest threat to data privacy and security. For that matter, employee snooping can also present serious privacy concerns.
The NLRB’s priorities are no doubt to protect workers, but it is important to consider how privacy of customers, and indeed other employees, can be impacted by the disclosure and sharing of information. We would encourage the NLRB as it attempts to rein in employer policies to consult with privacy experts and understand more deeply the need for clear employee rules and guidelines around personal information.
–Joseph Jerome, Policy Counsel