NTEU sued the Office of Personnel Management (OPM) today over the recent cyberattacks, alleging that the agency violated NTEU members’ constitutional rights by failing to protect their private information.
Federal employees, in order to work for the government, must give a great deal of highly intimate and personal information. Federal employees entrust this information to OPM with the expectation that the information, including details about medical conditions and private personal relationships, will be kept confidential and safe from unauthorized access.
However, OPM for years has failed to properly safeguard this sensitive information. In its yearly audits, OPM’s Inspector General criticized OPM for its inability to protect its information systems. This ongoing failure led to the sweeping data breaches that OPM announced in June.
That is why NTEU, after considering all options available to address the OPM data breaches, filed a lawsuit in the U.S. District Court for the Northern District of California alleging that OPM has violated NTEU members’ constitutional right to informational privacy.
“We believe that a lawsuit is the best way to force OPM to take immediate steps to safeguard personnel data, prevent such attacks in the future and help our members protect themselves against the fallout,” NTEU President Colleen M. Kelley said.
NTEU is asking the court to:
• Declare that OPM’s failure to improve cybersecurity was an unconstitutional act;
• Order OPM to pay for lifetime credit-monitoring services and identity-theft protection for NTEU members;
• Order OPM to take all the necessary steps to heighten its IT security program and protect NTEU members’ data from falling into the hands of hackers in the future; and
• Prevent OPM from collecting personal information from NTEU members electronically or requiring them to submit such data in an electronic form until the court is satisfied with the agency’s cybersecurity upgrades.
The union is not pursuing monetary damages. We want to help our members stay safe from these breaches and get the security practices in place so that this never happens again. We are asking the court to order that OPM reform its security practices to the court’s satisfaction and lifetime credit monitoring and identity theft protection be available for members. Also, to get money damages, the suit would have had to be brought under the Privacy Act. While prevailing under the Privacy Act was not impossible, it was not very promising.
This litigation is the latest example of NTEU’s extensive, multi-front effort to advocate for employees who were harmed by this breach. Since the cyberattacks were disclosed, NTEU has met with and written to OPM and sent letters and testimony to Congress and the White House. The union has also been talking to members of Congress about introducing legislation to extend the credit monitoring beyond 18 months and have gotten positive responses from a number of lawmakers. Sen. Ben Cardin (D-Md.) has confirmed that he will be introducing such legislation in the very near future. We have also been working with Del. Eleanor Holmes Norton (D-D.C.) on a similar House bill.
See a list of all actions NTEU has taken.
Be sure to check NTEU's web site (www.NTEU.org) for updates.