44:0637(54)NG - - NFFE, Local 1482 and DOD, Defense Mapping Agency, Hydrographic / Topographic Center, Washington, DC - - 1992 FLRAdec NG - - v44 p637
[ v44 p637 ]
44:0637(54)NG
The decision of the Authority follows:
44 FLRA No. 54
FEDERAL LABOR RELATIONS AUTHORITY
WASHINGTON, D.C.
NATIONAL FEDERATION OF FEDERAL EMPLOYEES
LOCAL 1482
(Union)
and
U.S. DEPARTMENT OF DEFENSE
DEFENSE MAPPING AGENCY
HYDROGRAPHIC/TOPOGRAPHIC CENTER
WASHINGTON, D.C.
(Agency)
0-NG-1838
DECISION AND ORDER ON NEGOTIABILITY ISSUES
March 27, 1992
Before Chairman McKee and Members Talkin and Armendariz.
I. Statement of the Case
This case is before the Authority on a negotiability appeal filed under section 7105(a)(2)(E) of the Federal Service Labor-Management Relations Statute (the Statute) and concerns the negotiability of five proposals.
Proposal 1 requires the Agency to take steps to ensure that unauthorized employees do not have access to information in the Agency's Data Integration System (DIS). The proposal also requires the Agency to change the passwords on the system in accordance with applicable laws, rules, and regulations and to establish a time frame for changing the system's password(s). We find that Proposal 1 constitutes a negotiable appropriate arrangement under section 7106(b)(3) of the Statute.
Proposal 2 requires the Agency to establish certain internal security policies and practices to: (1) protect personal information contained in DIS from unauthorized use, modification, destruction or disclosure; and (2) safeguard personal information contained in automated records, including input and output documents, reports, magnetic tapes, disks, and on-line computer storage, in order to prevent such information from being accessed or disclosed improperly. We find that Proposal 2 constitutes a negotiable appropriate arrangement under section 7106(b)(3) of the Statute.
Proposal 3 concerns the Union's access to information contained in DIS. We find that Proposal 3 is negotiable.
Proposal 4 prohibits the Agency from using DIS to electronically monitor employees' work performance. We find that Proposal 4 is nonnegotiable because it directly and excessively interferes with management's rights to direct employees and assign work under section 7106(a)(2)(A) and (B) of the Statute.
Proposal 5 provides for the establishment of a joint labor-management committee to make recommendations concerning matters pertaining to the use of DIS. The proposal also requires: (1) the Union to approve management's choice of bargaining unit members as management representatives to serve on the committee; and (2) the Director of the Office to respond to committee recommendations. We find that Proposal 5 is negotiable.
II. Background
The Union's proposals were submitted in response to the Agency's decision to implement DIS. DIS replaces a variety of the Agency's existing data subsystems with a unified software and hardware system consisting of five mainframe computers. The mainframe computers are accessed by authorized users through remote terminals in five locations, including the Agency's Louisville, Kentucky Office. Eight remote terminals are located at the Louisville Office. DIS is used, among other things, to assist with project planning, resource allocation, source material procurement, production status determination, resource expenditure monitoring, and project documents. The information contained in DIS includes data retrievable by an employee's "personal identifier" that pertains to the employee's potential retirement date, badge number, duty entry date, and amount of time spent working on projects. Statement of Position (Statement) at 7. The DIS also contains "classified national security information" which is used routinely to generate reports and documents, including project assignment letters and product preparation guidelines. Id. at 12. "[S]ource information necessary for the production of Agency charts and maps" is also contained in DIS. Id. at 3.
At the Louisville Office, the Agency employs about 300 employees, 250 of whom are bargaining unit employees.
III. Proposal 1
SECURITY ON INFORMATION ON D.I., CHANGING OF THE PASSWORD & RESTRICTION OF ACCESS TO INFORMATION:
The Employer will make appropriate arrangements to ensure that unauthorized employees do not have access to information in D.I. In addition the Employer will ensure that employees who have access do not have information available to them that is not necessary for the function of their task, i.e. access to files will be restricted to ensure privacy information on employees is not reviewed, copied, or access[i]ble to employees who have no need to know the information.
The password(s) on the D.I. System will be changed in accordance with applicable laws, rules regulations [and] this agreement. The time frame determined by the Employer to change the password will ensure the security of the information on the system.
A. Positions of the Parties
1. Agency
The Agency contends that Proposal 1 directly interferes with its right to determine its internal security practices under section 7106(a)(1) of the Statute. The Agency asserts that the proposal "seeks to establish a security practice under which employees will be given access to information on [DIS] only when the information is needed to perform their specific work task." Id. at 4-5. The Agency claims that the proposal would prevent it from "establishing an internal security practice which would allow an employee access to more [DIS] information tha[n] was actually needed to perform the employee's task." Id. at 5.
The Agency explains that its "current security practice does allow employees access to certain kinds of [DIS] data, such as source information, which is not needed to perform their assigned tasks." Id. However, the Agency claims that its security practice "strictly limits an employee's access to [DIS] information pertaining to other employees." Id. According to the Agency, an employee is not given access to DIS information concerning other employees "unless the employee needs that information to accomplish a task." Id. The Agency argues, notwithstanding this practice, that it has a right under section 7106(a)(1) of the Statute "to determine without bargaining which employees should have access after balancing the security risk against work performance requirements." Id. The Agency claims that "[t]he inclusion of the phrase 'appropriate arrangements to ensure' in Proposal 1 appears to be an attempt to impose substantive criteria upon the Agency's exercise of its right to determine its internal security practices." Id. at 6.
The Agency also asserts that the proposal directly interferes with its right to determine its internal security practices under section 7106(a)(1) of the Statute because the proposal would prevent it from establishing a security practice for DIS which does not involve passwords. The Agency argues that "[t]he requirement to change passwords would prevent the Agency from determining whether the changing of passwords is an appropriate security practice" for DIS. Id. at 5.
The Agency further contends that the proposal directly interferes with its right to determine the technology, methods, and means of performing work under section 7106(b)(1) of the Statute because the proposal could require the Agency to "add additional, or maintain existing, restrictions and access codes" in DIS. Id. at 6. The Agency asserts that it has not elected to negotiate the technology, methods, and means of performing work with the Union. The Agency contends that the proposal would limit the Agency's ability to determine the "configuration" of DIS, which is a "technology, method, and means of performing [the Agency's] work." Id. The Agency asserts that the DIS data base is "an essential element in the operation of [DIS]," and that employees access this data base to obtain information necessary to perform their work. Id. at 3.
The Agency argues that Proposal 1 does not constitute a negotiable appropriate arrangement because it excessively interferes with management's rights to determine its internal security practices and the technology, methods and means of performing work. The Agency asserts that, on balance, the Agency's need to exercise its rights outweighs the personal privacy interests of employees in DIS information. The Agency states that DIS "generally contains information about production" and "very little personal information." Id. at 7. The Agency notes, however, that the "[DIS] database does contain data retrievable by an employee's personal identifier concerning the employee's potential retirement date, badge number, duty entry date, and amount of time spent working on projects." Id. The Agency further states that although "raw data on time spent by an employee on projects may be extracted from the [DIS] database for use in evaluating an employee's performance, information about an employee's actual rating is not maintained" in the data base. Id. Further, the Agency contends that "[n]o data on the quality of an employee's work is maintained in [DIS]." Id.
Citing the Authority's decision in Patent Office Professional Association and Department of Commerce, Patent and Trademark Office, 39 FLRA 783, 814-16 (1991) (POPA), the Agency contends that the employees' personal privacy interest in the information contained in DIS "is relatively slight." Id. In POPA, the Authority found that employees' privacy interest in review sheets, that is, management's written technical evaluations of particular recommendations made by employees with respect to patent applications, was "somewhat limited." 39 FLRA at 816. The Authority found that the employees' privacy interest in such information was "somewhat limited" because the review sheets did not constitute the agency's overall evaluation of employee performance, but were limited to technical evaluations of particular recommendations with respect to patent applications. Id. The Agency contends that the information contained in the DIS data base concerning employees' production is "roughly analogous" to the review sheets considered by the Authority in POPA. Statement at 7.
2. Union
According to the Union, before DIS was implemented, employee access to various information was limited "to supervisors, certain management officials and employees who keyed the information into computers." Response at 2. The Union contends that now "all employees who have access to [DIS] could potentially have access to all information." Id. The Union asserts that employees now having access to various information include "all supervisors, management officials, and 25% of the bargaining unit employees." Id. According to the Union, "a password [is necessary in order for an employee] to log on[]," or access, computer data bases in the Louisville Office. Id. The Union states that the use of a password gives employees "access to various programs/databases/etc." Id. The Union asserts that "[t]his significant change is the basis" for bargaining. Id.
The Union argues that Proposal 1 does not directly interfere with the Agency's right to determine its internal security practices and the technology, methods, and means of performing its work under section 7106(a)(1) and (b)(1) of the Statute. The Union asserts that the proposal is a negotiable procedure under section 7106(b)(2) of the Statute or, alternatively, a negotiable appropriate arrangement under section 7106(b)(3).
The Union states that through Proposal 1 it is seeking "to negotiate" concerning the Agency's current practice with respect to how the Agency will prevent or control employees' access to information contained in DIS, and "not [to negotiate concerning] all possibilities that may occur in the future." Id. at 2. The Union disputes the Agency's contention that the proposal would prevent the Agency from establishing a computer system that does not involve passwords. The Union asserts that the Agency is merely speculating over the possible effects of the proposal and that such speculation is not sufficient to render the proposal nonnegotiable. The Union states that Proposal 1 is "not" intended to "absolutely prohibit the Agency from making future changes in [DIS]." Id. at 3. Rather, the Union claims that the proposal is intended to provide "general language[] so a problem with access to [DIS] information could be grieved with relief given to employees." Id. The Union states that the proposal places "no restrictions on the procedures" that management may use as indicated by the first sentence of the proposal. Id.
According to the Union, the intent of the second sentence of Proposal 1 is to safeguard "Privacy Act information that is contained in [DIS] files" and not to require that "[DIS] be reconfigured or render[ed] impossible to use." Id. The Union contends that this sentence places no restrictions on management except to require that management comply with the Privacy Act. The Union asserts that the intent of the second paragraph of the proposal is to ensure that the Agency safeguards access to the system and the information contained therein by periodically changing the password. The Union contends that management routinely changes numbers on locks and safes in the office to protect information. The Union asserts that the second paragraph of the proposal would only require management to follow proper security practices with respect to access to DIS.
The Union contends that its proposal will mitigate the adverse impact that the "release of classified material, corruption, modification or deletion of files, loss of control [and] accountability/reliability of information[]" would have on unit employees. Id. at 4.
B. Analysis and Conclusions
We find that Proposal 1 constitutes a negotiable appropriate arrangement under section 7106(b)(3) of the Statute.
1. Proposal 1 Directly Interferes with Management's Right under Section 7106(a)(1) to Determine its Internal Security Practices
The Agency contends that the proposal directly interferes with management's right to determine its internal security practices. We agree.
An agency's right to determine its internal security practices under section 7106(a)(1) of the Statute includes the right to determine the policies and take actions which are part of its plan to secure or safeguard its personnel, its physical property, and its operations. National Federation of Federal Employees, Local 2050 and Environmental Protection Agency, 36 FLRA 618, 625 (1990) (EPA). An agency's right to determine its internal security practices also includes management action to prevent improper or unauthorized disclosure of privileged or confidential information or to prevent disruption of the agency's activities. Id. at 639; National Treasury Employees Union, Chapter 153 and Department of the Treasury, U.S. Customs Service, Region II, 21 FLRA 841 (1986) (U.S. Customs Service, Region II). Where an agency shows a link or reasonable connection between its goal of safeguarding its personnel or property, including information, and its practice or decision designed to implement that goal, a proposal that substantively restricts or precludes the agency's practice or decision directly interferes with management's right under section 7106(a)(1) of the Statute. EPA, 36 FLRA at 639.
Proposal 1 concerns access to information contained in DIS. The Union does not dispute the Agency's claim that: (1) the Agency's work involves producing "special topographic products of terrain data to support special military activities and operations[] and provid[ing data processing] expertise to the [Agency's] cartographic program as related to mapping and weapons systems requirements"; and (2) DIS is used by the Agency to generate reports which "contain[] classified national security information." Statement at 12. The record also indicates that employees' work projects involve classified information and that the Agency uses personal identifiers to determine the time spent by employees on such projects. Because personal information in DIS is connected to the Agency's classified work projects, access to personal information in DIS may also, depending on the data, involve access to classified information. We find that the decision to grant or restrict access to information contained in DIS is linked to the Agency's internal security practice of safeguarding or protecting the Agency's property or personal and classified information. Therefore, we conclude that the Agency's decision as to how it will prevent or control access to information contained in DIS constitutes an integral part of the Agency's determination of the internal security practices it will adopt for that purpose.
We now address the specific paragraphs of Proposal 1.
a. First Paragraph of Proposal 1
The first and second sentences of the first paragraph of Proposal 1 would require management to: (1) "make appropriate arrangements" to ensure that unauthorized employees do not have access to information contained in DIS; and (2) limit employees authorized access to DIS only to information necessary to perform their particular work task. Under this portion of the proposal, management would be required to take action to protect information contained in DIS and would be prevented from establishing a security practice which granted an employee access to information other than that needed to perform a particular work task. This portion of the proposal prescribes specific criteria governing management's determination of the internal security practices that it will employ to safeguard information contained in DIS.
Proposals which establish substantive criteria governing the exercise of a management right directly interfere with that right. See American Federation of Government Employees, Council of Prisons, Leavenworth, Kansas, 42 FLRA 1295, 1303 (1991) (Leavenworth, Kansas); EPA, 36 FLRA at 625-27. It is not necessary that a proposal dictate the specific action that an agency must take in order for that proposal to constitute a substantive limitation on the exercise of a management right. A general criterion that would restrict the range of an agency's discretion pursuant to a management right would similarly constitute a substantive limitation on that right. See id.
The first and second sentences of the first paragraph of Proposal 1 establish substantive criteria that govern the actions the Agency will take to control or restrict access to protect personal and classified information pertaining to unit employees that is contained in DIS. The first sentence establishes a substantive criterion that governs the actions that the Agency is to take in protecting such information. That is, by requiring the Agency to make "appropriate arrangements" to prevent unauthorized access to personal and classified information pertaining to unit employees that is contained in DIS, the first sentence requires the Agency to take steps to prevent access. The second sentence prescribes the criteria governing employee access to that information by limiting employees who are authorized to have access to DIS only to the information that is needed to perform their particular work task. Because the first and second sentences of Proposal 1 establish substantive criteria controlling access to personal and classified information involving unit employees contained in DIS, we conclude that these sentences directly interfere with management's right to determine its internal security practices under section 7106(a)(1) of the Statute. See EPA, 36 FLRA at 625-27 (proposal establishing a substantive criterion governing management's determination of its internal security practices found to directly interfere with management's right to determine its internal security practices); id. at 631-32 (proposal requiring management action to address a specific security problem found to directly interfere with management's right to determine its internal security practices).
We note the Union's statement that the intent of the second sentence of Proposal 1 is to require compliance with the Privacy Act. In American Federation of Government Employees, AFL-CIO, Department of Education Council of AFGE Locals and U.S. Department of Education, 38 FLRA 1068, 1075-76 (1990) (Department of Education), request for reconsideration denied, 39 FLRA 1241 (1991) petition for review filed sub nom. United States Department of Education v. FLRA, No. 91-1219 (D.C. Cir. May 10, 1991), we found that a proposal requiring an agency to exercise its rights under section 7106(a)(1) of the Statute in accordance with "external legal limitations (that is, the United States Constitution, applicable laws, rules and regulations)," directly interfered with management's rights under that section. Id. at 1076. In this case, the proposal does not literally require compliance with the Privacy Act. However, even if we interpreted the second sentence of the proposal as requiring compliance with that law, we would nevertheless conclude, based on our holding in Department of Education, that the second sentence directly interferes with management's right to determine its internal security practices under section 7106(a)(1) of the Statute.
b. Second Paragraph of Proposal 1
The second paragraph of Proposal 1 would require the Agency to change the password(s) used to gain access to information contained in DIS "in accordance with applicable laws, rules[,] regulations [and the] agreement" and in a time frame that will ensure the security of the information. According to the Union, this portion of the proposal would only require the Agency "to follow proper security practices." Response at 3. The Union does not cite to any specific law, rule or regulation that deals with an agency's use of passwords. However, based on the plain wording of the proposal, we interpret the proposal as only requiring the Agency to comply with applicable laws, rules or regulations.
Proposals requiring management to exercise its rights under section 7106(a)(1) of the Statute in accordance with applicable laws, rules and regulations directly interfere with the exercise of such rights. See Department of Education. As noted above, we found in Department of Education that a proposal requiring the agency to exercise its rights under section 7106(a)(1) of the Statute in accordance with applicable laws, rules, and regulations subjected the exercise of management's rights under that section to the limits of applicable law and regulation. Accordingly, we concluded that because the proposal would impermissibly limit the exercise of management's right to determine its internal security practices under section 7106(a)(1) of the Statute, the proposal directly interfered with that right.
As we found above, management's decision as to how it will restrict or grant access to information contained in DIS is an exercise of the Agency's right under section 7106(a)(1) of the Statute to establish its internal security practices. The use of passwords is one measure by which the Agency controls access to data on the DIS. Consequently, by requiring the Agency to exercise its right under section 7106(a)(1) of the Statute by changing the password(s) in accordance with applicable laws, rules and regulations, the second paragraph of Proposal 1 would subject the exercise of that right to the limits of applicable law and regulation. The second paragraph of Proposal 1, like the proposal in Department of Education, therefore, would directly interfere with the exercise of management's right to determine its internal security practices under section 7106(a)(1) of the Statute. Accordingly, we conclude that the second paragraph of Proposal 1 directly interferes with management's right to determine its internal security practices under section 7106(a)(1) of the Statute.
2. Proposal 1 Does Not Directly Interfere with the Agency's Rights to Determine its Technology, Methods, and Means of Performing Work
We find that the Agency has not established that Proposal 1 directly interferes with its rights under section 7106(b)(1) of the Statute. The Authority employs a two-part test to determine whether a proposal directly interferes with management's right to determine the "technology" used in "performing work." In order to sustain such a claim, an agency must show: (1) the technological relationship of the matter addressed by the proposal to accomplishing or furthering the performance of the agency's work; and (2) how the proposal would interfere with the purpose for which the technology was adopted. See, for example, American Federation of Government Employees, AFL-CIO, National Council of Social Security Field Office Locals and Department of Health and Human Services, Social Security Administration, 24 FLRA 842 (1986) (Proposals 2-12).
As to the methods and means of performing work, the Authority has construed "method" as referring to the way in which an agency performs its work. National Treasury Employees Union, Chapter 83 and Department of the Treasury, Internal Revenue Service, 35 FLRA 398, 406-07 (1990). "Means" refers to any instrumentality, including an agent, tool, device, measure, plan or policy used by an agency for the accomplishment or furtherance of its work. Id. at 407. The term "performing work" is intended to include those matters that directly and integrally relate to the agency's operations as a whole. Id.
The Authority also employs a two-part test to decide whether a proposal directly interferes with management's right to determine the methods and means of performing work. First, an agency must show a direct relationship between the particular method or means the agency has chosen and the accomplishment of the agency's mission. Second, the agency must show that the proposal would directly interfere with the mission-related purpose for which the method or means was adopted. See, for example, id. at 406-09.
In this case, DIS is used by the Agency in the accomplishment of its work pertaining to the preparation of topographic, aeronautical and planimetric products. We find that the Agency has not established how the first paragraph of Proposal 1 would directly interfere with the mission-related purpose for which DIS was adopted. That is, Proposal 1 does not in any manner conflict with the Agency's decision to use DIS in the performance of its work. Nothing in Proposal 1 precludes the Agency from using DIS to prepare topographic, aeronautical and planimetric products. Rather, Proposal 1 only concerns the control and restriction of access by unauthorized employees to personal and classified information contained in DIS involving unit employees.
Consequently, we conclude that Proposal 1 does not directly interfere with management's right to determine the technology, methods and means of performing work within the meaning of section of 7106(b)(1) of the Statute.
3. Proposal 1 Does Not Constitute a Negotiable Procedure under Section 7106(b)(2) of the Statute
We turn next to the Union's contention that Proposal 1 constitutes a negotiable procedure under section 7106(b)(2) of the Statute. Proposals that directly interfere with the substantive exercise of a management right are not negotiable as procedures under section 7106(b)(2) of the Statute. See American Federation of Government Employees, Local 2879 and U.S. Department of Health and Human Services, Social Security Administration, Chula Vista District, San Diego, California, 38 FLRA 244, 248 (1990) (Social Security Administration); Department of Defense v. FLRA, 659 F.2d 1140, 1151-52 (D.C. Cir. 1981), cert. denied sub nom. 455 U.S. 945 (1982). Because we have found that Proposal 1 directly interferes with management's right to determine its internal security practices under section 7106(a)(1) of the Statute, we conclude that it does not constitute a negotiable procedure under section 7106(b)(2).
4. Proposal 1 Constitutes an Appropriate Arrangement under Section 7106(b)(3) of the Statute
Having determined that Proposal 1 directly interferes with management's right to determine its internal security practices under section 7106(a)(1) of the Statute, we next decide whether the proposal nonetheless constitutes an appropriate arrangement under section 7106(b)(3).
To determine whether a proposal constitutes an appropriate arrangement, we must determine whether the proposal is: (1) intended as an arrangement for employees adversely affected by the exercise of a management right; and (2) appropriate because it does not excessively interfere with the exercise of management's right. National Association of Government Employees, Local R14-87 and Kansas Army National Guard, 21 FLRA 24 (1986) (Kansas Army National Guard).
The Union contends that Proposal 1 is intended to protect unit employees from the anticipated adverse effect of unauthorized employees having access to personal information contained in DIS. The Union contends that the proposal is intended to protect employees' privacy interests and to alleviate the adverse impact on unit employees that could result from the improper "release of classified material" or the unauthorized "modification or deletion of files" contained in DIS. Response at 4. We conclude, therefore, that Proposal 1 is intended as an arrangement.
We next determine whether Proposal 1 excessively interferes with management's right to determine its internal security practices so as not to constitute an appropriate arrangement. In determining whether a proposal excessively interferes with a management right, we weigh "the competing practical needs of employees and managers" to determine whether the benefit to employees afforded by the proposal is greater than the burden placed by the proposal on the exercise of the management right or rights involved. Kansas Army National Guard, 21 FLRA at 31-34.
The Agency contends that Proposal 1 excessively interferes with its right to determine its internal security practices. The Agency argues that, on balance, its need to determine its internal security practices outweighs the privacy interests of employees. The Union contends that DIS will increase the number of employees who have access to large amounts of information. The Union asserts that employees need to be protected from the potential improper release of personal and classified information and the unauthorized modification or deletion of files. The Union asserts that Proposal 1 would ensure that measures are taken to assure the reliability of and accountability for personal information.
Proposal 1 affects the Agency's right to determine its internal security practices by requiring management to: (1) make appropriate arrangements to safeguard the information contained in DIS; (2) limit employees authorized to have access only to information necessary to perform their work; and (3) change the password(s) instituted by management in accordance with applicable laws, rules, and regulations. Although the proposal would require management to take these actions in implementing its internal security practices, the proposal allows management the discretion to implement the proposal. Under the proposal, decisions as to what appropriate measures the Agency should take to prevent unauthorized employees from gaining access are left to management. Also, requiring management to limit employees authorized to have access to DIS only to that information that is necessary to perform their work would not impose a significant burden on management. Management acknowledges that it already "strictly limits an employee's access to [DIS] information pertaining to other employees . . . unless the employee needs that information to accomplish a task." Statement at 5.
Further, the portion of the proposal concerning password(s) would only require the Agency to comply with applicable laws, rules, and regulations in its use of the password as a security measure. In particular, we have held that "the existence of applicable laws, rules[,] and regulations already serves to limit agency action and indicates that an agency's interest in being able to act without regard to those provisions and without challenge to the legality of its action, such as in arbitration procedures, is negligible." Department of Education, 38 FLRA at 1078. See also American Federation of Government Employees, AFL-CIO, Local 53 and U.S. Department of the Navy, Navy Material Transportation Office, Norfolk, Virginia, 42 FLRA 938, 956 (1991).
Proposal 1 would benefit employees by ensuring proper access to personal and classified information pertaining to unit employees that is contained in DIS. The proposal would protect employees from unauthorized access to information about them, or work projects for which they are responsible, and would protect against the improper release or modification of such information. The proposal would also reduce the possibility that employees would be held accountable for improper release or modification of information and assure them that personal information in the system is secure.
We note the Agency's statement that DIS contains "very little personal information" and, therefore, that employees' privacy interest in the protection of this information is limited. Statement at 7. However, we also note that the Agency acknowledges that the system contains "data retrievable by an employee's personal identifier concerning the employee's potential retirement date, badge number, duty entry date, and amount of time spent working on projects." Id. We find that employees have more than a limited privacy interest in the protection of this information. Through the use of personal identifiers, an individual having access to the system could gain personal information concerning an employee as well as information that could be used in evaluating an employee's work performance.
Further, we find, contrary to the Agency, that our decision in POPA is inapposite to this case because the issues related to the proposal in POPA are different from the issues concerning Proposal 1. The proposal in POPA concerned the disclosure of information about unit employees to the union to perform its representational responsibilities. Proposal 1 seeks to restrict unauthorized access to information about unit employees. Specifically, in POPA, the proposal, in part, required the agency to disclose to the union review sheets prepared by an employee's reviewer, or some other management official, that summarized the reviewer's conclusions on an examiner's actions or work. After balancing the privacy interests of employees against the interest of the public in assuring that the agency administered its programs in a fair and consistent manner, we concluded that disclosure of the review sheets to the union would not constitute an unwarranted invasion of employees' privacy. Thus, the issue in POPA concerned whether requiring disclosure of specified information about employees to the union would violate the Privacy Act. The issue as to Proposal 1 is whether limiting access to information about employees violates management's right to determine its internal security practices. Because the proposal in POPA and Proposal 1 address different issues, we conclude that POPA is not applicable to this case.
We conclude, therefore, that on balance the benefit to employees of restricting access to personal and classified information in DIS outweighs the burden placed on the Agency by requiring the adoption of certain security measures and by requiring compliance with the limited criteria governing access to information. Further, the proposal also benefits the Agency by ensuring no unauthorized release of personal or classified information. Consequently, we find that Proposal 1 does not excessively interfere with management's right to determine its internal security practices and is a negotiable appropriate arrangement under section 7106(b)(3) of the Statute.
Accordingly, we conclude that Proposal 1 is negotiable.
IV. Proposal 2
THE FOLLOWING SECURITY POLICIES AND PROCEDURES WILL BE USED IN THE D.I. AUTOMATED INFORMATION SYSTEM.
(a) To ensure the security and confidentiality of personnel records, in whatever form, each agency shall establish administrative, technical, and physical controls to protect information in personnel records from unauthorized access, use, modification, destruction, or disclosure. As a minimum, these controls shall require that all persons whose official duties require access to and use of personnel records be responsible and accountable for safeguarding those records and for ensuring that the records are secured whenever they are not in use or under the direct control of authorized persons. Generally, personnel records should be held, processed, or stored only where facilities and conditions are adequate to prevent unauthorized access.
(b) In addition to following the security requirements of this part, managers of automated personnel records shall establish administrative, technical, physical, and security safeguards for data about individuals in automated records, including input and output documents, reports, punched cards, magnetic tapes, disks, and on-line computer storage. The safeguards must be in writing to comply with the standards on automated data processing physical security issued by the National Bureau of Standards, U.S. Department of Commerce, and, as a minimum, must be sufficient to:
(1) Prevent careless, accidental, or unintentional disclosure, modification, or destruction of identifiable personal data;
(2) Minimize the risk that skilled technicians or knowledgeable persons could improperly obtain access to, modify, or destroy identifiable personnel data;
(3) Prevent casual entry by unskilled persons who have no official reason for access to such data;
(4) Minimize the risk of an unauthorized disclosure where use is made of identifiable personal data in testing of computer programs;
(5) Control the flow of data into, through and from the agency computer operations;
(6) Adequately protect identifiable data from environmental hazards and unnecessary exposure; and;
(7) Assure adequate internal audit procedures to comply with these procedures.
The disposal of identifiable personal data in automated files is to be accomplished in such a manner as to make the data unobtainable to unauthorized personnel. Unneeded personal data stored on reusable media such as magnetic tapes and disks must be erased prior to release of the media for reuse.
A. Positions of the Parties
1. Agency
The Agency contends that Proposal 2 directly interferes with management's right to determine its internal security practices under section 7106(a)(1) of the Statute and, therefore, that the proposal is not a negotiable procedure under section 7106(b)(2). The Agency states that "[t]he [DIS] database is Agency property which the Agency protects from damage or unauthorized disclosure." Statement at 9. The Agency states that the Authority has held that an agency's internal security practices "include those policies and actions which are part of its plan to safeguard its personnel, physical property, and operations from internal and external threats and to prevent the unauthorized disclosure of information." Id. (footnote omitted). The Agency asserts that "Proposal 2 clearly concerns matters which come within the ambit of the internal security practices of the Agency." Id. at 9-10. The Agency further asserts that the inclusion of the phrase "to ensure the security and confidentiality" in the proposal "is intended to impose substantive requirements upon the Agency's internal security practices." Id. at 10.
According to the Agency, the language of Proposal 2 is "taken verbatim" from 5 C.F.R. §§ 293.106(a) and 293.107-- Office of Personnel Management (OPM) regulations pertaining to personnel records. Id. The Agency argues that such regulations are not applicable to DIS because this system "contains no personnel records," but consists of "production records which contain very little personal information." Id.
The Agency states that the "Union has not clearly established" that the proposal is intended as an arrangement. Id. at 11. However, the Agency claims that if the Union intends the proposal as an arrangement for employees adversely affected by the exercise of a management right, it is not an appropriate arrangement because it excessively interferes with its right to determine its internal security practices for the same reasons as stated with respect to Proposal 1.
2. Union
The Union contends that Proposal 2 does not directly interfere with management's right to determine its internal security practices, but rather is a negotiable procedure under section 7106(b)(2) of the Statute. The Union states that if the proposal is found to directly interfere with management's right, then it is intended as an appropriate arrangement for employees adversely affected by the exercise of that right.
The Union states that the intent of Proposal 2 is "to provide protection for the information [in the DI database]," that is, to ensure that the requirements for safeguarding personal information in the system "conform to the Government-wide rules and regulations" as stated in 5 C.F.R. §§ 293.106(a) and 293.107(a) and (b). Response at 5. The Union claims that the regulations address the "safeguarding of personal individual information which is contained in [DIS]" without requiring specific procedures that must be followed by management. Id. The Union argues that requiring management to adhere to laws, rules, and regulations that the Agency is bound to follow is not an infringement on management's rights to determine its internal security practices.
The Union disputes the Agency's contention that DIS contains "no personnel records[,]" and notes that the system will be used to generate performance reports for employees. Id.; Petition, Enclosure 6 (Standard Operating Procedures [SOP] E95-1). According to the Union, the Agency acknowledges that the DIS will include "'quality ratings of map sheets,'" and that "'data [is] retrievable by an employee[']s personal identifier concerning the employee[']s potential retirement date, badge number, duty entry date, and amount of time spent on projects.'" Response at 5.
The Union asserts that if the Agency is not required to follow the Government-wide rules and regulations employees will be adversely affected because the personal information on DIS will be accessible to unauthorized employees. The Union also argues that if the information in the data base is not destroyed properly, confidential information could inadvertently fall into the hands of unauthorized individuals resulting in a violation of employees' rights under the Privacy Act.
B. Analysis and Conclusions
We find, for the reasons discussed below, that Proposal 2 constitutes a negotiable appropriate arrangement under section 7106(b)(3) of the Statute.
1. Proposal 2 Directly Interferes with Management's Right under Section 7106(a)(1) of the Statute to Determine Its ternal Security Practices
Proposal 2 concerns the establishment of certain internal security policies and practices to prevent unauthorized access to and disclosure of bargaining unit employees' personal information contained in DIS.
As noted above, internal security practices include those policies and actions which are part of the Agency's plan to secure or safeguard the Agency's personnel, physical property, and operations. EPA, 36 FLRA at 625. The Agency's right to determine its internal security practices also includes management's action to prevent improper or unauthorized disclosure of privileged or confidential information. See id. at 639. Proposal 2 concerns the establishment of security measures to safeguard personal information in DIS. As with Proposal 1 above, we find that the establishment of policies and practices management will use to protect personal information contained in DIS is an integral part of the Agency's determination of its internal security practices to safeguard its personnel and property.
Proposal 2 establishes substantive criteria governing the policies and practices that management will follow in order to safeguard personal information contained in DIS. The proposal would require the Agency to establish internal security policies and practices that, at a minimum, will: (1) control access relating to use, modification, destruction or disclosure of personal information contained in DIS; and (2) safeguard personal information contained in automated records, including input and output documents, reports, magnetic tapes, disks, and on-line computer storage, in order to prevent such information from being accessed or disclosed improperly.
Because Proposal 2 establishes substantive criteria governing the policies and practices that management will follow in order to safeguard personal information involving unit employees contained in DIS, we conclude that the proposal directly interferes with management's right to determine its internal security practices under section 7106(a)(1) of the Statute. See EPA, 36 FLRA at 625-27. We note the Agency's contention that DIS does not contain "personnel records" within the meaning of the OPM regulations cited by the Union. Regardless of whether the personal information contained in DIS constitutes "personnel records" within the meaning of the OPM regulations, the effect of the proposal is to prescribe criteria governing the security of that information. Therefore, based on Department of Education, it is irrelevant for purposes of determining whether the proposal directly interferes with management's right for us to determine whether the proposal in fact requires compliance with OPM regulations.
We next consider the Union's contention that Proposal 2 constitutes a negotiable procedure under section 7106(b)(2). As discussed in Section III.B.3. of this decision, a proposal that directly interferes with a management right does not constitute a negotiable procedure under section 7106(b)(2). Because we have found that Proposal 2 directly interferes with the Agency's right to determine its internal security practices by establishing substantive criteria governing the security measures that management will adopt to safeguard information in DIS, we conclude that Proposal 2 does not constitute a negotiable procedure.
2. Proposal 2 Is an Appropriate Arrangement under Section 7106(b)(3) of the Statute
The Union contends that Proposal 2 constitutes an appropriate arrangement within the meaning of section 7106(b)(3).
The Union asserts that the proposal is intended to protect employees' privacy by ensuring that personal information contained in DIS is protected from access by unauthorized individuals. As we noted previously, this information includes data that is retrievable by an employee's personal identifier and that concerns the employee's retirement date, badge number, duty entry date, and time spent working on projects. Raw data on time spent by an employee on projects may also be extracted from the DIS data base for use in evaluating an employee's performance. The Union asserts that Proposal 2 seeks to assure employees that such private and confidential information will be protected from disclosure to unauthorized individuals who could possibly use such information to an employee's "detriment." Response at 6. We conclude that the proposal is intended to address the adverse effects on employees of disclosure of personal information to unauthorized individuals under the Agency's polices and practices governing access to and protection of information contained in DIS. We find, therefore, that the proposal is an arrangement for employees adversely affected by the exercise of management's right to determine its internal security practices. See Kansas Army National Guard.
We next determine whether Proposal 2 excessively interferes with management's right to determine its internal security practices so as not to constitute an appropriate arrangement. The Agency asserts that its need to determine its internal security practices outweighs the privacy interest of employees. The Agency contends that employees have a limited privacy interest in the information contained in DIS, because this system contains "little personal information," while the Agency has significant interest in determining its internal security practices. Statement at 7.
We find that the proposal does not excessively interfere with the exercise of management's right. Proposal 2 prescribes criteria governing the basic policies and practices that management will establish to control access to personal information in DIS. We note, however, that the proposal does not specify the particular actions that management must take to provide the required safeguards for personal information. In other words, the Agency retains discretion as to the particular measures that it will adopt for that purpose. We also note that the proposed criteria apply only to personal information in DIS. The Agency's policies with respect to other types of information would be unaffected. We conclude, therefore, that the burden imposed by the proposal on management's right to determine its internal security practices is limited.
We find that, on balance, the benefit to employees outweighs the limited burden placed on the Agency by the proposal. We find, for the reasons discussed above in III.B.4. of this decision, that employees have more than a limited privacy interest in the personal information contained in DIS. Further, the proposal would benefit employees by assuring them that safeguards are in place to prevent unauthorized individuals from gaining access to information about them, or for which they are responsible, and improperly releasing or modifying it.
The proposal only requires management to establish a policy and to develop controls that will safeguard the personal information contained in DIS. We note that the Agency asserts that it has a "significant interest" in "preventing unauthorized disclosure[] of information from the [DIS] database, including Privacy Act information." Statement at 3 and 4. The proposal serves to foster the Agency's interest. Also, like Proposal 1, although the proposal would require management to establish controls that will, at a minimum, safeguard the personal information contained in DIS, the proposal allows management discretion as to the particular controls it will prescribe to provide those safeguards.
We conclude, therefore, that Proposal 2 does not excessively interfere with the Agency's right to determine its internal security practices and is a negotiable appropriate arrangement under section 7106(b)(3) of the Statute. See EPA, 36 FLRA at 627-29.
Accordingly, we conclude that Proposal 2 is negotiable.
V. Proposal 3
UNION ACCESS TO INFORMATION ON D.I.:
The Union will have access to all information contained on D.I. This will include graphic reports, printouts, etc. which may be requested by the Union in conjunction with grievances, unfair labor practices, classification appeals, etc. The Employer will provide information requested by the Union within 10 calendar days of the request.
A. Positions of the Parties
1. Agency
The Agency contends that Proposal 3 is inconsistent with section 4.1(a) of Executive Order 12356, 47 Fed. Reg. 14874, 15557 (1982), 50 U.S.C. § 401 notes.(1) The Agency states that Executive Order 12356 is a Government-wide regulation that addresses the safeguarding of classified information. The Agency states that the DIS data base contains classified national security information and generates reports containing classified information, including project assignment letters, and product guidelines. The Agency asserts that Proposal 3 is inconsistent with this Executive Order "because it requires the release of classified information to the Union without compliance with the access procedures of [s]ection 4.1(a)." Statement at 11-12. The Agency contends that the proposal requires that the Union "be given access to all information contained on [DIS] irrespective of whether the Union recipients have been granted access to classified information by the Agency head in accordance with [s]ection 4.1(a)." Id. at 12.
Further, the Agency contends that Proposal 3 directly interferes with the Agency's right to determine its internal security practices under section 7106(a)(1) of the Statute. The Agency asserts that it has the right to determine internal security procedures for the protection of classified information. The Agency claims that the proposal "totally abrogates [this] right by requiring the Agency to give the Union access to classified information." Id. at 13. Finally, the Agency contends that the proposal is outside the duty to bargain because "it covers information that does not pertain to conditions of employment of unit employees." Id.
2. Union
The Union asserts that Proposal 3 pertains to conditions of employment of unit employees and is within the duty to bargain. The Union contends that the proposal constitutes a negotiable procedure under section 7106(b)(2) of the Statute or, in the alternative, is a negotiable appropriate arrangement under section 7106(b)(3) of the Statute.
The Union claims that the proposal is intended to provide the Union with a means to obtain information necessary to administer the parties' contract. Noting section 7114(b)(4) of the Statute, the Union contends that relevant and necessary information is needed to investigate grievances, unfair labor practices, and to aid in negotiations. The Union states that it has had "a significant problem with the Agency providing relevant and necessary information [concerning] a large number of [representation] issues." Response at 6. The Union states that the proposal would "ensure[] that the Union will have access to the electronic information contained in [DIS and will] also provide[] a standard [time frame] for management to provide requested information which may be a printout or merely a portion of a program graphic." Petition at 3.
The Union asserts that the proposal is "not" intended to require the release of classified information to "uncleared employees," or to require the Agency to provide the Union with "copies of classified information." Response at 7. The Union notes that "the highest level of information the Union has ever asked for has been [for] official use only." Id. The Union states that, in the event that classified material is "necessary" and "relevant" to an issue before it, "the Union does have employees who have clearances and the review of (not copies of) the material [by those employees] should be sufficient." Id. The Union states that "[a]ll employees at [the] office have the same levels of security as a condition of employment." Id. Accordingly, the Union argues that because the proposal does not require the release of classified information to "uncleared" employees, the proposal does not conflict with Executive Order 12356. Id. Further, for these same reasons, the Union claims that the proposal does not infringe on management's right to determine its internal security practices.
The Union disputes the Agency's contention that the proposal does not concern a condition of employment of unit employees. The Union states that because of its need to "represent employees in grievances that relate to disparate or unfair treatment related to performance appraisals, career progression, retention points in a [reduction-in-force] (related to performance appraisal ratings), performance awards [and] adverse actions[,]" the proposal either directly of indirectly relates to unit employees' conditions of employment. Id. at 8. The Union notes that it has handled employee complaints and grievances that required the Union to obtain copies of production data. According to the Union, this data "normally includes the number of hours on a set of map sheets, the quality ratings and the estimates." Id. at 7.
Finally, the Union asserts that Proposal 3 is an appropriate arrangement for employees adversely affected by the exercise of a management right. The Union asserts that Proposal 3 seeks to prevent the Agency from barring the Union from access to information on DIS. The Union contends that, by precluding the Union from having access to information in DIS, the Agency would "prevent[ ] employees from exercising their rights to file a grievance" because the Union would be unable to "get the information to overturn unjustified management actions." Id. at 8. The Union also claims that it "could not intelligently participate in collective bargaining" without having access to information contained in individual personnel records. Id.
B. Analysis and Conclusions
We find that Proposal 3 is negotiable.
1. Proposal 3 Concerns the Conditions of Employment of Unit Employees
We reject at the outset the Agency's argument that the proposal is nonnegotiable because it covers information that does not pertain to unit employees' conditions of employment. In deciding whether a matter involves a condition of employment of bargaining unit employees, the Authority considers whether: (1) the matters pertain to bargaining unit employees; and (2) the record establishes that there is a direct connection between the matter and the work situation or employment relationship of bargaining unit employees. Antilles Consolidated Education Association and Antilles Consolidated School System, 22 FLRA 235, 236-37 (1986) (Antilles).
As there is no allegation that the proposal does not pertain to unit employees, we will consider only the second part of the Antilles test. As worded, the first and second sentences of Proposal 3 concern the Union's access to all information contained in DIS, including, specifically, information that is requested for use in grievances, unfair labor practices, and classification appeals. The Union explains that the intent of the proposal is to provide a means for the Union to obtain information necessary to administer the parties' contract and to represent unit employees in grievances, unfair labor practices, and classification appeals. The Union also explains that it represents employees in matters concerning disparate treatment related to performance appraisals, career progression, and performance awards. According to the Union, the handling of such matters requires it to obtain copies of production data which normally include the number of hours on a set of map sheets, quality ratings, and estimates.
Therefore, we conclude that the Union intends that the proposal will provide it with access to all information in DIS that pertains to its representational activities. Reading the first and second sentences of the proposal together, we find that the Union's interpretation of the proposal is consistent with the wording of the proposal. Consequently, we will adopt that interpretation for purposes of this decision.
Interpreted in this manner, we reject the Agency's claim that the proposal would require it to provide the Union with information contained in DIS without regard to whether that information pertains to the conditions of employment of unit employees. As worded and explained by the Union, the proposal is confined to information that has a direct bearing on matters affecting unit employees' employment relationship. C