Professional Aviation Safety Specialists (Union) and United States Department of Transportation, Federal Aviation Administration (Agency)

74 FLRA No. 72                                                                                                           

 

PROFESSIONAL AVIATION

SAFETY SPECIALISTS

(Union)

 

and

 

UNITED STATES

DEPARTMENT OF TRANSPORTATION

FEDERAL AVIATION ADMINISTRATION

(Agency)

 

0-AR-5968

 

_____

 

DECISION

 

July 7, 2026

 

_____

 

Before the Authority:  Colleen Duffy Kiko, Chairman,

and Anne Wagner and Charles O. Arrington, Members

(Member Wagner concurring in part

and dissenting in part)

 

I.            Statement of the Case

             

Arbitrator Charles Feigenbaum issued an award finding that the Agency did not violate the parties’ collective-bargaining agreement by failing to give the Union notice and an opportunity to bargain over a change in bargaining-unit employees’ (BUEs’) conditions of employment, because the change was “de minimis.”[1]  In interpreting the parties’ agreement, the Arbitrator used standards that apply to assess whether agencies have a duty to bargain under the Federal Service Labor‑Management Relations Statute (the Statute).[2]  The Union filed an exception to the award, arguing it is contrary to law.  For the reasons explained below, we deny the Union’s exception.

 

II.          Background and Arbitrator’s Award

 

The Agency employs air-traffic controllers (controllers), many of whom are veterans who have enrolled in an on-the-job-training and apprenticeship program (the program) through the U.S. Department of Veterans Affairs (the VA).  The hours controllers spend in the program’s on-the-job training are compensable through the VA.  BUEs provide administrative support to the controllers, including entering into a computer the hours of on-the-job training the controllers have completed.

 

In March 2023, the VA updated its computer system affiliated with the program.  Although both the prior system (the old system) and the updated system (the new system) “share the same core function,” the new system requires its users – including the BUEs – to use a new login process that was not part of the old system.[3]  Specifically, the new login process requires users to set up an account with either “Login.gov” (a General Services Administration (GSA) program) or “ID.me” (a commercially owned service).[4]  Both Login.gov and ID.me are identity-authentication services that require users to enter their Social Security numbers (SSNs) and upload their state-issued driver’s licenses or passports.

 

After the change was implemented, BUEs complained to the Union’s regional vice-president (the regional VP) about being required to use the new login process.  The regional VP emailed Agency management and objected to the new login requirement, contending it violated the parties’ agreement and federal law.  She requested that the new login process “cease and desist immediately until a discussion occurs.”[5]  The Agency responded, stating that the new process “was put in place by the [VA] to gain access to the systems they operate and is completely external to the [A]gency[,] so there was no duty to bargain, [or] violation of the [parties’ agreement] . . . related to this effort.”[6]  The Union then filed a grievance.  The Agency denied the grievance, and the parties proceeded to arbitration.

 

At arbitration, the parties stipulated to the following issues:  “Whether the [Agency] violated the [parties’] . . . [a]greement by not initiating an Article 70[[7]] midterm[‑]bargaining notification when the [VA] updated its system from [the old system] to [the new system], requiring [the] BUEs to use a new log-in process,” and, “[i]f so, what is the appropriate remedy?”[8]

 

Before the Arbitrator, the Union discussed Authority principles regarding the “statutory duty to negotiate.”[9]  The Union cited Authority precedent and argued that, “[c]onsistent with th[at] case law . . . , the Agency violated Article 70 by failing to provide the Union notice and an opportunity to bargain.”[10]  Additionally, the regional VP testified that fifteen to twenty BUEs complained to her about having to use the new login process.[11]  BUEs also testified that they had concerns providing their personal information.  An Agency manager “agreed that having a Login.gov (or ID.me) account was a necessity for [BUEs] to perform their assigned veteran[‑]certification duties,”[12] and the Union entered into the record an Agency policy entitled “Information Security and Privac[y],” as well as two Agency communications concerning the protection of personally identifiable information (PII).[13]

 

In his award, the Arbitrator found that “[t]he . . . Statute[] is clear, the ensuing case law is clear, and Article 70, [Section] 1 is clear:  In general, [f]ederal agencies are required to bargain over the substance of changes to personnel policies, practices[,] and matters affecting working conditions, with certain exceptions.”[14]  The Arbitrator also found that “[a]ll three authorities are equally clear that on matters where there is no [u]nion right to bargain substance, there may very well be an obligation on agencies to bargain the impact and implementation of the change.”[15]

 

As to whether the grievance concerned a substantive bargaining obligation, the Arbitrator found that the change to the VA’s login process “was required by the VA,” and the Agency “had no role in devising or effecting the change.”[16]  The Arbitrator noted that the Agency “cannot tell the VA how the VA will run its programs,” nor can the Agency tell the VA that it “wants its . . . unit employees to continue to use the login process” that existed prior to the VA’s change.[17]  Thus, the Arbitrator found “no basis” for concluding that the Agency was obligated to “bargain[] over the substance of the change.”[18]

 

Next, the Arbitrator considered whether the Agency was required to bargain over the impact and implementation of the new login process.  The Arbitrator found “there was a change in the working conditions of the [BUEs]:  they now had to provide their SSNs and drivers licenses/passports, something not previously required.”[19]  The Arbitrator also determined that, “[w]hile the VA was the initiator of the change, it was the [Agency] that directed the . . . [BUEs] to function under the change.”[20]  As such, the Arbitrator concluded that the dispositive issue before him was whether the change was de minimis.[21]

 

Quoting Authority precedent, the Arbitrator stated:  “It is an unfair labor practice to deny the exclusive representative an opportunity to bargain over the impact and implementation of a change in [BUEs’] conditions of employment, provided that the change has more than a de minimis effect.”[22]  Applying this principle, the Arbitrator noted that the change was effective in March 2023.  He then stated:

 

By that time, and for some time before that, the use of SSNs for identification and verification has been an essentially ubiquitous feature of modern life in the United States.  SSNs are required for opening bank accounts, getting credit cards, obtaining government benefits or private insurance or loans, and for dealing with governmental agencies at the [f]ederal, state, and local levels.[23]

 

The Arbitrator also determined that the use of photo-identification information, such as driver’s licenses and passports, is “less ubiquitous, but . . . nevertheless[] widespread.”[24]  He took “arbitral notice of the . . . well[‑]known facts” that providing driver’s licenses is part of the passport-application process, and that photo identification is often required for voting, to pass through airport security, and to be served liquor.[25]  While the Arbitrator noted “the safeguarding of PII is very important,” he also found that “there are . . . times, places, and functions where PII may be required.”[26]

 

Addressing the security rationale for requiring employees to use Login.gov or ID.me, the Arbitrator noted record evidence indicating that “Login.gov and ID.me meet government security standards,” and that “[u]sing ID.me[ or] Login.gov is government[‑wide] policy.”[27]  Further, the Arbitrator found that Login.gov was developed in accordance with a “[f]ederal [c]ybersecurity [r]equirements mandate” codified in federal law.[28]

 

The Arbitrator concluded that the change from the old system to the new system was de minimis and, thus, that the Agency did not violate Article 70, Section 1 of the parties’ agreement.  Therefore, he denied the grievance.

 

On June 12, 2024, the Union filed an exception to the Arbitrator’s award.

 

III.          Analysis and Conclusion:  The award is not contrary to law.

 

The Union argues the award is contrary to law.[29]  According to the Union, Article 70, Section 1 of the parties’ agreement requires the Agency to negotiate – in accordance with applicable law – any change to BUEs’ conditions of employment that is more than de minimis.[30]  Accordingly, the Union maintains the Agency violates § 7116(a)(5) of the Statute when it fails to abide by Article 70 of the parties’ agreement.[31]  The Union also asserts that, “[b]y finding the handling of PII to be de minimis, the [a]ward is contrary to . . . [§] 7116(a)(5).”[32]  In this regard, the Union argues the Agency made a more than de minimis change to BUEs’ conditions of employment when it required them to use PII to log into the new system.[33]  The Union also argues that the Arbitrator found safeguarding PII important, but then “inexplicably concluded that PII does not rise to the level of significance to create a bargaining obligation.”[34]

 

The Authority reviews questions of law raised by exceptions to an arbitrator’s award de novo.[35]  In applying the standard of de novo review, the Authority assesses whether the arbitrator’s legal conclusions are consistent with the applicable standard of law.[36]  In making that determination, we defer to the arbitrator’s underlying findings of fact unless the excepting party establishes they are based on nonfacts.[37]

 

The Authority has applied statutory standards in assessing the application of contract provisions that mirror, or are intended to be interpreted in the same manner as, the Statute.[38]  Here, the Union contends that the bargaining obligation imposed by Article 70 of the parties’ agreement is coextensive with the duty to bargain under the Statute.[39]  As the award reflects, the Arbitrator applied statutory standards to interpret the parties’ agreement, finding that “the issue before [him]” was a claim that implicated the parties’ agreement, the Statute, and Authority precedent.[40]  Further, the Union expressly argues that such standards apply,[41] and the Agency did not file exceptions to the award or an opposition to the Union’s exception.  In these circumstances, we find it appropriate to apply statutory standards to review the award and the Union’s exception.[42]

 

Since the U.S. Court of Appeals for the District of Columbia Circuit issued its decision in AFGE, AFL-CIO v. FLRA (AFGE),[43] the Authority has applied the de minimis standard to determine whether the impact of a change to a condition of employment necessitates bargaining,[44] and we apply the de minimis standard to resolve the Union’s exception here.

 

Under the de minimis standard, agencies are not required to give the exclusive representative notice and an opportunity to bargain unless the change will have more than a de minimis effect on the BUEs’ conditions of employment.[45]  In assessing whether the effect of a change is more than de minimis, the Authority looks to the nature and extent of either the effect, or the reasonably foreseeable effect, of the change on BUEs’ conditions of employment.[46]

 

In considering the effects of the new login process, the Arbitrator recognized that the affected BUEs have a substantial interest in safeguarding their PII.[47]  However, he found that using “SSNs for identification and verification” is an “essentially ubiquitous feature of modern life,”[48] while the requirement to provide photo identification for similar reasons is “less ubiquitous, but . . . nevertheless, widespread.”[49]  Addressing the Union’s privacy concerns, the Arbitrator cited record evidence of “training and other documentation” demonstrating “how important PII security is to the [Agency],”[50] and emphasized that “both Login.gov and ID.me meet government[‑]wide security standards.”[51]  These factual findings, to which we defer because the Union does not challenge them, support the Arbitrator’s conclusion that the new login process was a de minimis change to the BUEs’ conditions of employment.

 

In view of the Arbitrator’s findings regarding the “importan[ce] [of] PII . . . to the [Agency]” and how “the safeguarding of PII is very important,”[52] the Union argues that the Arbitrator’s de minimis determination “cannot be squared with the case law governing the de minimis standard.”[53]  But the Union does not cite the case law upon which it relies, or otherwise provide any specific evidence to support its argument.  Moreover, the Arbitrator’s de minimis determination is consistent with Authority case precedent, including GSA, Region 9, San Francisco, California, in which the Authority held that a temporary office relocation did not have a reasonably foreseeable impact on the employees’ conditions of employment that was more than de minimis.[54]  Specifically, the Authority found that the changes that resulted from the relocation were “both minor and the normal consequences of any office relocation,” noting that most of the “inconveniences” were “typical problems” for office relocations.[55]  In other cases, the Authority has found that a change to an employee’s conditions of employment is de minimis when the change does not significantly affect employees’ workloads or their assigned duties.[56]  Although the Union contends that the Authority has “never found the ubiquity of an issue or action as the basis for finding a change . . . de minimis,”[57] the Union does not provide supporting arguments or legal authority establishing, as a matter of law, that the Arbitrator could not consider the prevalence of identity‑verification requirements in applying the de minimis standard.

 

Further, the Union’s assertions that this case implicates foreseeable and significant harms flowing from the handling of PII reflects a fundamental misunderstanding of the new login process.[58]  While the Union and the dissent maintain that the security risks surrounding PII automatically make the change at issue more than de minimis,[59] the Arbitrator’s findings – which the Union does not challenge – demonstrate that requiring BUEs to input their SSNs into a government-certified verification system aimed at increasing the cybersecurity of the federal government as a whole is a de minimis change.[60]  As the Arbitrator found, supplying SSNs for identity verification is an “essentially ubiquitous feature of modern life.”[61]  The Arbitrator also found:  (1) “both Login.gov and ID.me meet government security standards,” (2) “[u]sing ID.me/Login.gov is government policy,” and (3) Login.gov was created in accordance with the “[f]ederal [c]ybersecurity [r]equirements mandate” found in 6 U.S.C. § 1523.[62]  Therefore, requiring Login.gov or ID.me verification to access VA websites is likely to afford users and federal government information technology systems better protection against the pervasive and innumerable cybersecurity threats facing them.[63]  As identity verification is a common requirement and the verification platforms are secure, the Arbitrator found the change to employees’ conditions of employment was de minimis.[64]

 

Because the Arbitrator’s factual findings are unchallenged and the cited Authority case precedent supports the conclusion that the change was de minimis, we deny the Union’s exception.[65]

 

IV.         Decision

 

              We deny the Union’s exception.


 

 

Member Wagner, concurring in part and dissenting in part:

 

I agree that statutory standards should apply in resolving the Union’s exceptions to the Arbitrator’s award.1  Further, for the reasons stated in my separate opinion in SSA, Baltimore, Maryland,2 I believe that the de minimis standard is the appropriate standard to apply in determining whether an agency has a statutory duty to bargain over a change in bargaining-unit employees (unit employees’) conditions of employment.3

 

In assessing whether the effect of a change is more than de minimis, the Authority looks primarily to the nature and extent of either the effect, or the reasonably foreseeable effect, of the change on unit employees’ conditions of employment.4   

 

The change at issue here required unit employees to begin entering their Social Security numbers (SSNs), and their driver’s license or passport information, into one of two systems that are administered outside the Agency.  There is no dispute that they were required to do so as part of their job duties.  Although the Authority has not previously addressed whether a similar change has effects that are greater than de minimis,5 it is well established that employees have a strong privacy interest in their SSNs.6  It also is well established that disclosure of an individual’s SSN can lead to various, significant harms, including identity theft.7

 

The Arbitrator acknowledged that “[t]here [was] information in the record about how important [personally‑identifiable‑information (PII)] security is to the [Agency] and the [f]ederal government as a whole, and the training and other documentation cautioning and/or requiring the keeping of such information secure.”8  Although he found “no question but that the safeguarding of PII is very important,”9 he essentially found that – because individuals provide their SSNs or other PII in various other contexts – the effects of the change here were insignificant.

 

However, regardless of the other circumstances in which unit employees may provide their SSNs and other PII, voluntarily or involuntarily, the fact remains that the change at issue here required them to provide such information to one of two entities outside the Agency as part of their mandatory job dutiesGiven the significant risks involved in a potential leak or other mishandling of such personal information, I would find that the effects or reasonably foreseeable effects of the change are greater than de minimis.  Accordingly, I would find that the Arbitrator erred as a matter of law in finding to the contrary.

 

At arbitration, the Agency made additional arguments regarding why it had no duty to bargain,10 which the Arbitrator did not address.  Therefore, I would remand this matter to the parties for resubmission to the Arbitrator, absent settlement, so that he could address the parties’ remaining arguments.  In doing so, however, I would note that the Agency is not absolved of a bargaining obligation merely because it was the U.S. Department of Veterans Affairs, not the Agency, that changed the system that Agency employees are using.  In this regard, it is well established that agencies are obligated to bargain over otherwise negotiable matters to the extent they have discretion with respect to those matters, even if that discretion is limited to making requests and recommendations to an outside party that controls the matter.11

 

In short, I would set aside the award and remand this matter to the parties for resubmission to the Arbitrator, absent settlement.  Accordingly, I concur in part and dissent in part.

 

 


 


[1] Award at 20; see SSA, Region VII, Kan. City, Mo., 70 FLRA 106, 109 (2016) (SSA Kansas City) (finding “an agency is not required to provide notice of a change and an opportunity to bargain unless the change will have a greater than de minimis effect on employees’ conditions of employment”).

[2] 5 U.S.C. §§ 7101-7135.

[3] Award at 3.

[4] Id. at 4.

[5] Id.

[6] Id.

[7] As relevant here, Article 70, Section 1 provides:  “It is agreed that personnel policies, practices[,] and matters affecting working conditions, not expressly contained in this Agreement, shall not be changed by the Agency without prior notice to, and negotiation with, the Union in accordance with applicable law.”  Id. at 2-3.

[8] Id. at 2 (footnote omitted).

[9] Id. at 10 (quoting U.S. Dep’t of Treasury, Bureau of Alcohol, Tobacco & Firearms, Wash., D.C. & Cent. Region, 16 FLRA 506, 506-07 (1984)).

[10] Id. at 11.

[11] Id. at 4.

[12] Id. at 7.

[13] Id. at 5.

[14] Id. at 18 (internal quotation marks omitted).

[15] Id.

[16] Id.

[17] Id.

[18] Id.

[19] Id. at 19.

[20] Id.

[21] Id.

[22] Id. (quoting U.S. Dep’t of the Treasury, IRS, 56 FLRA 906 (2000)).

[23] Id. at 19-20.

[24] Id. at 20.

[25] Id.

[26] Id.

[27] Id.

[28] Id. (citing 6 U.S.C. § 1523 (directing agency heads to, among other things, “implement a single sign‑on trusted identity platform for individuals accessing each public website of the agency that requires user authentication,” and “implement identity management consistent with [§] 7464 of Title 15, including multi‑factor authentication”)).

[29] Exception at 5.

[30] Id.

[31] Id.

[32] Id.

[33] Id.

[34] Id. at 6.

[35] NTEU, Chapter 172, 74 FLRA 80, 84 (2024).

[36] Id.

[37] Id.

[38] AFGE, Loc. 2338, 73 FLRA 845, 847 (2024) (Local 2338).

[39] Exception at 5.

[40] Award at 18-19.

[41] Exception at 5.

[42] See, e.g., Local 2338, 73 FLRA at 847-48 (applying statutory standards to review arbitrator’s resolution of contractual dispute where the arbitrator applied statutory standards to resolve that dispute, and the parties agreed that the contractual wording mirrored the Statute and that statutory standards applied).

[43] 25 F.4th 1 (D.C. Cir. 2022) (vacating Authority policy statement replacing de minimis standard with substantial impact standard).

[44] SSA, Balt., Md., 74 FLRA 441, 443 (2026) (Member Wagner concurring in part and dissenting in part).

[45] SSA Kansas City, 70 FLRA at 109.

[46] Id.; see also 5 U.S.C. § 7103(a)(14) (defining conditions of employment, with certain exceptions, as “personnel policies, practices, and matters, whether established by rule, regulation, or otherwise, affecting working conditions”). 

[47] Award at 20.

[48] Id. at 19; id. at 19‑20 (“SSNs are required for opening bank accounts, getting credit cards, obtaining government benefits or private insurance or loans, and for dealing with governmental agencies . . . .”).

[49] Id. at 20 (noting that providing photo identification is necessary to apply for a passport, vote “in almost half of the [fifty] states,” “pass through airport security,” and acquire alcohol).

[50] Id.

[51] Id.; see id. (finding that Login.gov was created in accordance with the “[f]ederal [c]ybersecurity [r]equirements mandate” found in 6 U.S.C. § 1523); see also 6 U.S.C. § 1523 (directing agency heads to, among other things, “implement a single sign‑on trusted identity platform for individuals accessing each public website of the agency that requires user authentication, as developed by the Administrator of General Services in collaboration with the Secretary” of the Department of Homeland Security, and “implement identity management consistent with [§] 7464 of Title 15, including multi‑factor authentication”); 44 U.S.C. § 3554(a)(1) (requiring agencies to, among other things, “provid[e] information security protections commensurate with the risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction of . . . information collected or maintained by or on behalf of the agency”); Sherman v. U.S. Dep’t of the Army, 244 F.3d 357, 365-66 (5th Cir. 2001) (“[T]o weigh properly the privacy interest [in a SSN], the dire consequences of identity theft must be discounted by the probability of its occurrence.” (quoting Ferm v. U.S. Tr. (In re Crawford), 194 F.3d 954, 959 (9th Cir. 1999)) (internal quotation marks omitted)).

[52] Award at 20.

[53] Exception at 6.

[54] See 52 FLRA 1107, 1111-12 (1997).

[55] Id. at 1111.

[56] See AFGE, Loc. 1164, AFL-CIO, 63 FLRA 292, 292 (2009) (affirming a change to a condition of employment is de minimis when there is a minimal modification to employees’ workload); SSA, Off. of Hr’gs & Appeals, Nash., Tenn., 58 FLRA 363, 364 (2003) (finding a change to employee’s file procedures to be de minimis).

[57] Exception at 6.

[58] Id. at 5-6.

[59] Dissent at 11 (“Given the significant risks involved in a potential leak or other mishandling of such personal information, I would find that the effects or reasonably foreseeable effects of the change are greater than de minimis.”).

[60] The dissent cites federal court cases for the proposition that employees have a strong privacy interest in their SSNs. See Dissent at 10 n.6 (citing Ostergren v. Cuccinelli, 615 F.3d 263, 279 (4th Cir. 2010); Sherman, 244 F.3d at 365; Int’l Bhd. of Elec. Workers Loc. Union No. 5 v. Dep’t of HUD, 852 F.2d 87, 89 (3d Cir. 1988)).  We agree that employees have such a privacy interest, but not that such an interest required the Arbitrator to find the change was more than de minimis.  In fact, the Arbitrator specifically weighed this interest in evaluating the Agency’s bargaining obligation.  Further, we note that, unlike in the cases cited by the dissent, in which courts weighed whether to permit the public disclosure of SSNs, this case involves requiring individuals inputting their SSNs to securely authenticate their identities before accessing government-maintained files.  See Ostergren, 615 F.3d at 278 (detailing public and private sector adoption of SSNs as a “unique permanent identification,” which makes it valuable for “account authentication”).

[61] Award at 19.  Member Arrington notes that many federal employees have Login.gov accounts to access their electronic official personnel folder, timesheets, and other employment documents.  Additionally, private citizens are required to utilize Login.gov, or ID.me, to access Social Security online services and Login.gov to access USAJOBS.gov.  See SSA, My Social Security, Security and Protection, https://www.ssa.gov/myaccount/security.html (on file with the Federal Labor Relations Authority (FLRA)) (last visited July 2, 2026); USAJOBS, Get Started with USAJOBS, USAJOBS:  Help Center, https://help.usajobs.gov/get-started (on file with the FLRA) (last visited July 2, 2026).  And veterans are required to use Login.gov or ID.me to verify their identity for their benefits and healthcare account with the VA.  See U.S. Dep’t of VA, Verifying your Identity on VA.gov, VA:  Resources and Support, https://www.va.gov/resources/verifying-your-identity-on-vagov/ (on file with the FLRA) (last visited July 2, 2026).  This further highlights the “de minimis” nature of the change at issue in this case; that is, the BUEs likely already have Login.gov accounts.  As such, merely requiring them to utilize their existing Login.gov account to access the new system is so trivial it cannot amount to being more than de minimis.

[62] Award at 20.

[63] See Improving the Nation’s Cybersecurity, Exec. Order No. 14028, 86 Fed. Reg. 26633, 26635‑36 (May 17, 2021) (stating that “agencies shall adopt multi‑factor authentication and encryption for data at rest and in transit” as part of a comprehensive effort “[to] keep pace with today’s dynamic and increasingly sophisticated cyber threat environment”); see also Strengthening & Promoting Innovation in the Nation’s Cybersecurity, Exec. Order No. 14144, 90 Fed. Reg. 6755, 6760 (Jan. 17, 2025) (“To improve the security of Federal Government communications against adversarial nations and criminals, the Federal Government must implement . . . strong identity authentication and encryption using modern, standardized, and commercially available algorithms and protocols.”).

[64] See Award at 20.

[65] See AFGE, Loc. 2516, 72 FLRA 567, 569 (2021) (deferring to arbitrator’s factual findings absent meritorious nonfact exception and holding that party’s “mere[] disagree[ment] with [arbitrator’s] evaluation of the evidence” did not establish award was deficient on contrary‑to‑law grounds); NTEU, Chapter 26, 66 FLRA 650, 653 (2012) (upholding arbitrator’s de minimis determination where excepting party did not argue that arbitrator’s underlying factual findings were nonfacts “but merely assert[ed] that the evidence show[ed] that the impact of the [change] on bargaining[‑]unit employees was more than de minimis”).

1 As stated in U.S. Department of Transportation, FAA, 74 FLRA 433 (2026), the Authority has applied statutory standards in assessing the application of contract provisions that mirror, or are intended to be interpreted in the same manner as, the Statute.  Id. at 434.  In determining whether to apply statutory standards, the Authority considers several factors, including whether the contractual provision clearly incorporates the Federal Service Labor‑Management Relations Statute (the Statute) either by reference or by use of similar or identical wording; whether the arbitrator interpreted the parties’ agreement as incorporating statutory requirements; and whether the parties agree – or do not dispute – that the wording was intended to have the same meaning.  Id.

2 74 FLRA 441 (2026) (Member Wagner concurring in part and dissenting in part).

3 Id. at 453.

4 U.S. Dep’t of the Air Force, Air Force Materiel Command, Space & Missile Sys. Ctr., Detachment 12, Kirtland Air Force Base, N.M., 64 FLRA 166, 173 (2009).

5 I note that, in AFGE, Local 1547, 63 FLRA 174 (2009), the Authority directed an agency to bargain over a proposal that would limit the agency’s ability to request employees’ SSNs, and another proposal that would require the agency to delete unit employees’ SSNs from the agency’s computer system and from a contractor database.  Id. at 174-76.  The Authority found that the agency failed to establish the proposals affected its right to determine internal-security practices under § 7106(a)(1) of the Statute.  Id. at 176.  However, that decision did not involve the question of whether the agency made a change that was greater than de minimis.

6 See, e.g., Ostergren v. Cuccinelli, 615 F.3d 263, 279 (4th Cir. 2010) (“One . . . has a considerable privacy interest in keeping his SSN confidential.”); Sherman v. U.S. Dep’t of the Army, 244 F.3d 357, 365 (5th Cir. 2001) (“[A]n individual’s informational privacy interest in his or her SSN is substantial.”); Int’l Bhd. of Elec. Workers Loc. Union No. 5 v. Dep’t of HUD, 852 F.2d 87, 89 (3d Cir. 1988) (noting that “employees have a strong privacy interest in their [SSNs],” and that “Congress has recognized this privacy interest by making unlawful any denial of a right, benefit, or privilege by a government agency because of an individual’s refusal to disclose his [SSN]” under the Privacy Act).

7 See, e.g., Clemens v. ExecuPharm Inc., 48 F.4th 146, 154 (3d Cir. 2022) (noting that the “disclosure of [SSNs], birth dates, and names is more likely to create a risk of identity theft or fraud”); Ostergren, 615 F.3d at 279 (“SSNs can easily be used to commit identity theft—that is, tendering another’s identifying information to carry out financial fraud or other criminal activity.”); Sherman, 244 F.3d at 365-66 (noting that individuals have a substantial interest in keeping their SSNs private to avoid identity theft).

8 Award at 20.

9 Id.

10 Id. at 15-17.

11 AFGE, Loc. 2923, 64 FLRA 352, 353 (2009); NFFE, Loc. 1379, 44 FLRA 1246, 1249 (1992); IFPTE, Loc. 28, 38 FLRA 1123, 1134-35 (1990); AFGE, Nat’l GSA Council (No. 236), Loc. 1497, 24 FLRA 928, 933-34 (1986); AFSCME, AFL-CIO, Loc. 2477, 7 FLRA 578, 585 (1982), enforced sub nom. Libr. of Cong. v. FLRA, 699 F.2d 1280, 1286 (D.C. Cir. 1983) (finding the Statute “contains no explicit provision that would preclude bargaining over a condition of employment for the sole reason that the employing agency possesses only the power to recommend, and not to implement, any proposed changes”).  I also note that the Arbitrator found the Agency changed unit employees’ conditions of employment, and there is no exception to that finding.