Donate

Data privacy and security

Negotiating Tech: An Inventory of U.S. Union Contract Provisions for the Digital Age

Other workplace technology provisions

6.1.b Data privacy and security

As digital systems play a growing role in managing personnel information, unions have negotiated contract provisions to protect the privacy, confidentiality, and security of employee data. These provisions address how data is stored, accessed, retained, and shared, and establish standards for employer compliance with applicable privacy laws. Many also limit the use of personal identifiers, restrict access to surveillance and monitoring data, and define procedures for addressing data breaches. Together, they reflect a foundational concern with safeguarding worker information in increasingly digital workplace environments.

The content is organized into the following categories:

Data minimization

Some agreements limit the amount and type of personal data employers can collect, display, or embed in ID systems as a strategy for preserving employee privacy.

Examples:

  • “The Parties agree that SmartCards, Prox Cards, and key fobs are to be used by employees solely as an identification card, as an electronic key for access to buildings and facilities, and as an electronic key for access to computer equipment. The Employer will not require an employee’s SmartCard to include any information beyond that required by the Government-wide Standard.” (NFFE-OPM115)
  • Employee records, including those in the Electronic Official Personnel Folder (eOPF), Employee Performance File (EPF), medical, security, and training folders, must adhere to federal privacy laws and regulations, including the Privacy Act. The only records kept on the employee will be those maintained by the Employer in accordance with the Privacy Act. Where required by law, rule, or regulation, documents in an employee’s records will include the originating person’s signature or e-signature. (NATCA-OPM100)
  • “The following information will NOT be on the PIV or ID badge: 1. Social Security Number 2. Home Address 3. Home Phone number.” (AFGE-OPM117)

Compliance with privacy and security laws

Many agreements highlight or reaffirm employers’ obligations under federal and state privacy laws, grounding contractual provisions in established legal standards for data collection, storage, and protection.

Examples:

  • “The Employer will comply with the Privacy Act and HIPPA in regards to personal employee information.” (NFFE-OPM115)
  • “[The Employer] shall comply with all federal and state laws regarding the storage, use and privacy of such [sensor] data.” (NFLPA-PCBA5)
  • “Time and attendance records along with the supporting documentation will be viewed in a secure location and not shared with unauthorized personnel in accordance with the Privacy Act. The security of employee information in [online time management system] shall be maintained in accordance with the Federal Information Security Management Act (FISMA).” (NFFE-OPM61)
  • “Personnel records shall be collected, maintained, or retained strictly in accordance with law, governmentwide regulations, and this Agreement. Except for such disclosures permitted or required by law, all personnel records are confidential, shall be viewed or disseminated by officials/employees only with a legitimate administrative need to know, and must be retained in a secure location. All policies on the maintenance of personnel record keeping standards and special safeguards for automated and/or electronic records will be followed in accordance with applicable law and regulation.” (AFGE-OPM72)
  • “To the extent that Management maintains systems of records containing personal information about employees, it will do so in accordance with the requirements of the Privacy Act of 1974.” (AFGE-OLMS77)  

Data protection and security guidelines

Some agreements outline internal safeguards for managing digital records and authentication systems, aiming to reduce risks of data misuse or exposure.

Examples:

  • The Employer shall ensure that all computer systems that require bargaining unit employees to use passwords or Personal Identification Numbers (PIN), as authentication tools, will comply with relevant guidelines for data protection. The Employer shall ensure information is made available to all bargaining unit employees to understand and accomplish the requirements for creating, using, transmitting, managing, monitoring and complying with password and PIN orders and regulations. (PASS-OPM36)
  • “No personnel record may be collected, maintained, disclosed, or retained except in accordance with law, government-wide regulations, [Personnel policy handbook], and this agreement. If the [Employer] initiates changes to the [Personnel policy handbook] or other policy that affects official records or files, it will provide appropriate notice to the Union and the opportunity to bargain to the extent required by [regulations]. All personnel records are confidential, shall only be viewed or disseminated by officials/employees with an administrative need to know and must be retained in a secure location. All policies on the maintenance of personnel records, record keeping standards, and special safeguards for automated and/or electronic records will be followed in accordance with applicable law and regulation.” (AFGE-OPM7)
  • “In response to the parties’ shared concerns over safeguarding employees data, the Company instituted a system for assigning random ID numbers to all employees; eliminated the usage of social security numbers as an identifier of an employee’s record; and remains committed to ensuring that proper safeguards are established and maintained. The parties further agreed that upon request from the Local Plant Chairperson, the Local HR department will provide the local Union with an alpha and classification listing of all employees on the active employment roll.” (UAW-PCBA28)
  • “The [Employer] agrees to ensure the security of the information contained on PIV cards from digital theft or through other electronic interception method.” (AFGE-OPM117)

Confidentiality requirements and limits on data access

To prevent unauthorized disclosure, some provisions specify who may access sensitive data and under what conditions, including restrictions on routine access by managers or supervisors.

Examples:

  • “Department authorized employees involved in monitoring and surveillance will ensure the proper handling and release of protected information gathered in any monitoring or surveillance activities.” (NNU-OPM37)
  • “The Employer has determined that supervisors will not have routine access to surveillance footage.” (NTEU-OPM23)
  • “The Parties agree that the intended purpose of the close circuit television (CCTV) cameras and Entry Control Video (ECV) shall be used for the surveillance of the building perimeter to prevent thefts and criminal activity.… Management will not have access to the CCTV and ECV or any other such measures and devices except as in accordance with this Article [in an investigation of misconduct].” (LIUNA-OPM101)
  • “Video, audio, and GPS will be viewed only by supervisory employees.” (IUOE-OLMS50)
  • “The Company further agrees that the information contained in and derived from any GPS reports shall not be disclosed to any third party, except as required by law or contract, provided further that the Company shall provide the Union with GPS reports if relevant to a lawful Union concern.” (SEIU-OLMS83
  • “Any and all Wearable Data shall be treated as highly confidential at all times, including after the expiration, suspension or termination of this Agreement, shall not become a part of the Player’s medical record, and shall not be disclosed by a Club to any party other than those persons listed in this Paragraph without the express written consent of the Player and the Association.… Only the following Club representatives (and individuals working at the direction of such representatives) shall be permitted access to Wearable Data: General Manager, Assistant General Manager, Field Manager, Team Physician, Certified Athletic Trainer, Strength and Conditioning Coach, Rehabilitation Coordinator and an individual hired by a Club to manage the use and administration of wearable technology. A Player may request in writing that the Club further restrict or expand the list of representatives who will have access to such information and data. If the Club does not comply with such a request, the Player may decline to use or discontinue his use of the wearable technology.” (MLBPA-PCBA6)
  • “The IT service provider will not have direct access to any personnel or payroll information through webTA. Management agrees to deny access to the IT service provider when personal identifiers are on the screen.” (NFFE-OPM61)
  • “The only persons authorized to the personal information on the PIV card are personnel security, suitability, and investigations professionals who have the appropriate security clearance and who have a demonstrated need to access the information.” (AFGE-OPM117)

Restrictions on commercial and third-party use of electronic monitoring data 

A number of agreements prohibit employers from sharing or monetizing surveillance data without consent, reflecting concerns about data exploitation and worker control.

Examples:

  • “Pending an agreement between the parties, Wearables may not be used in games, and no player data collected from a Wearable worn at the request of a Team may be made available to the public in any way or used for any commercial purpose.” (NBPA-OLMS1)
  • “The Company further agrees that the information contained in and derived from any GPS reports shall not be disclosed to any third party, except as required by law or contract, provided further that the Company shall provide the Union with GPS reports if relevant to a lawful Union concern.” (SEIU-OLMS83
  • The commercial use or exploitation of such information or data by a Club, the League, any League-affiliated entity, or any third party is strictly prohibited. (MLBPA-PCBA6)

Data retention, storage, and security policies and procedures

Contracts sometimes address how long employee data can be retained and under what conditions it must be deleted or protected from improper use.

Examples:

  • “A Letter of Reprimand will remain in the employee’s electronic Official Personnel Folder (eOPF) for a period of not more than one year unless removed earlier as a result of a grievance or arbitration decision.” (AFGE-OPM123)
  • “The employee files will be screened and purged, normally in February, but in any case no later than March of each year and outdated material shall be removed. Records shall be retained only as long as such administrative need exists, but normally no longer than one (1) year unless otherwise indicated in this article.” (AFGE-OPM72)
  • “Employees shall be advised of the length of time the [Employer] intends to maintain unfavorable material in the Official Personnel Folder. If the [Employer] reduces the time in which it maintains such material in the Official Personnel Folder, the employee shall be so notified.” (AFGE-OPM41)
  • “All eOPFs will be purged and information disposed of in accordance with the appropriate records control schedule. Upon request, the [Employer] will work with a [Employee] and his/her representative to explain the records retention timeframes and, if necessary, assist the [Employee] in reviewing his/her eOPF to ensure any outdated records are purged. If any outdated or unauthorized material is accidentally left in a file, it may not be used to support any personnel action detrimental to the [Employee].” (NNU-OPM37
  • “The [Employer] will make a timely decision regarding the use of employee recordings for the purposes of counseling and or disciplinary actions, normally within thirty (30) days of initial recording and evaluation. This time period may be extended only for extenuating circumstances.” (AFGE-OPM3)
  • “The SEND GPS data will be stored no longer than 30 days, unless they are part of an ongoing administrative inquiry, investigation or subsequent law enforcement investigation.” (NFFE-OPM19)
  • “Review [of electronic monitoring data] initiated by an observation or incident will be for the purpose of determining what actually happened and an Employee may be subject to coaching, counseling or discipline as a result. Any discipline resulting from review of audio or video recording must be related to the initial purpose of the review and any coaching or counseling unrelated to the initial purpose of the review will not be part of the Employees record; however, discipline may also be issued if review of the data reveals commission of an unlawful act or serious infraction (as defined by this Article) unrelated to the original purpose. Any review of a recording (for the purpose of investigating the issue) shall be limited to forty-five (45) minutes before and forty-five (45) minutes after the incident in question. Any additional violation found (within a ten-minute time frame) before and after the event may lead to additional discipline.” (ATU-OLMS34)

Procedures for responding to data security breaches

Provisions in some agreements require employer accountability and timely union involvement in cases of data breaches, along with support for affected employees.

Examples:

  • “Management will take all necessary precautions to prevent a security breach of employees’ personnel data. Where it is found that Management is negligent for a security breach, Management will take all necessary steps to ensure that any situation that results in a breach is resolved. Should an employee’s personal data become compromised, due to Management’s negligence, Management shall take all reasonable steps to assist the employee in the resolution of errors or actions resulting from such a compromise, which will, when appropriate, include but not be limited to reimbursement to the employee of reasonable expenses related to credit record monitoring for a minimum of one (1) year following discovery of the breach.” (AFGE-OLMS77)
  • A privacy breach involves the confirmed theft, loss, or unauthorized disclosure of personal identifying information (PII), and requires disclosure and notification to affected individuals. The Union and Employer will each designate a Point of Contact (POC) for data security and privacy matters. The Employer will promptly notify the Union’s POC of any breach, regardless of the data’s origin, and provide updates as information becomes available. The Union POC will participate in discussions to determine appropriate identity theft protection and join quarterly meetings with the Employer’s POC to review privacy initiatives. Additionally, the Employer will provide a copy of the Information Security and Privacy Awareness Training to the Union POC, and will provide notice and the opportunity to bargain on the impact and implementation of changes to the training as required. If an employee is affected by a privacy breach, they will be permitted work time to address identity theft issues, including limited personal use of Employer computers to access the internet for recovery activities. (NATCA-OPM100)
  • “The Parties recognize the growing threat of identity theft and the importance of protecting Personal Identifable Information (PII) provided by employees. If any record(s) maintained by the [Employer] on any bargaining unit employee(s) become lost, stolen, and/or improperly dispersed, the [Employer] shall immediately notify the Union at the national level and the affected employee(s). The [Employer] shall assist the Union and the employee(s) in resolving the problem.” (PASS-OPM36)
  • “Should an [Employee] have any problems related to identity theft, the Department will cooperate with any related investigation and/or prosecution. Should the Department find that the offender in such a case is a Department [Employee], it will refer the offender for criminal prosecution and/or administrative action as appropriate.” (NNU-OPM37)
  • “If personal information has been compromised the [Employer] agrees to assist the Employee to the maximum extent practicable in correcting the situation.” (AFGE-OPM117)

Next

6.1.c Data rights and access