shaw bransford & roth case law update

Arbitrator: VA Adverse Action Report Violates Privacy Act

Written by FEDmanager on .

A union grievance protesting the publication of “Adverse Action Reports” (AAR) by the Department of Veterans Affairs (VA) resulted in an arbitration decision directing VA to remove AARs from its website and to cease and desist the publication of AARs.

Since July 10, 2017, the VA has published AARs on its website that provide visitors to the website with information regarding disciplinary actions taken against VA employees. At first, these AARs were published weekly, but later became bi-weekly, and eventually monthly. The American Federation of Government Employees (AFGE) filed a grievance, alleging that the compilation and publication of the information contained in the AARs violated the Privacy Act, the Agency’s Handbook, the bargaining agreement, and constituted unfair labor practices.

The arbitrator’s decision follows the evolution of the VA’s disciplinary tracking system used to share information internally about employee discipline, which was initially created as an ad hoc “computerized information sharing site” that received inputs from all VA offices on every instance of employee discipline. Offices were expected to report extensive information about the nature and timing of the disciplinary action, as well as the grade, level, position, and category of the employee. When the decision was made to publish AARs, the now-defunct Office of Accountability Review (OAR) “scrubbed” the tracker of some information, and limited tracked data to “Organization, Position, Action Taken, and Effective Date.”

When OAR was replaced by the Office of Accountability and Whistleblower Protection (OAWP), OAWP used the same tracker for a time. In early 2018, however, the tracker was replaced with a new database called “HRSmart.” HRSmart’s database also tracked Employee Identification Numbers (EIN), in addition to the previously tracked information, though those EINs were not published in the AAR. Concerns regarding the ease with which employees could be identified proliferated despite purported efforts by OAWP to sanitize the disciplinary records, and testimony by OAWP officials at the arbitration revealed that the AAR gave rise to employee privacy complaints and had a negative effect on employee morale. 

VA argued that publication of the AAR could not violate the Privacy Act because the information contained within the AAR did not constitute “records” within the meaning of the Privacy Act. VA cited Tobey v. NLRB, 40 F.3d 469, 471 (D.C. Cir. 1994), as did AFGE, “in support of their respective, conflicting” positions. The arbitrator concluded that Tobey suggested that the disputed information was appropriately viewed as a Privacy Act “record” because it was information about “not just the issuance of discipline, but about specific instances of discipline issued to particular individuals who, as discussed below, in some instances can be particularly identified by the published information notwithstanding the Agency’s effort to scrub or sanitize the data set.”

The arbitrator therefore found that VA’s publication of the AAR was a disclosure of Privacy Act “records” that were “about” particular employees, and that his finding was consistent with a previous VA General Counsel Advisory Opinion from March 14, 2000. That Advisory Opinion held that “Under the Privacy Act, the Department may not, on its own initiative and without prior written consent, disclose information about disciplinary actions against identified management officials…Information about disciplinary actions cannot contain details which would allow employees, including employees at the involved facility, to identify the disciplined employee.” The arbitrator noted that the VA “flagrantly disregarded the Agency’s own General Counsel’s advisory opinion and the rights of those employees whose particular work circumstances allowed them particularly to be identified.”

Although the VA’s “purpose” in publication of the AARs was to “rehabilitate its public image” rather than to disclose the identity of any particular employee, the arbitrator found that this goal “in no way detracts from the fact that the disclosures themselves were willful and intentional, taken with a known risk that publication of such information could lead to privacy violations as recognized by the Agency’s witness and its own General Counsel’s advisory opinion.”

In addition to finding that publication of the AARs violated the Privacy Act, the arbitrator also found that the VA violated two separate articles of its collective bargaining agreement with the union, and its own VA Handbook 6300.5. The arbitrator also found that unilateral publication of the AARs constituted an unfair labor practice because the VA had a statutory duty under 5 U.S.C. § 7116(a)(1) and (5) to “bargain with the Union over changes in the terms and conditions of employment that are more than de minimis.”

For the above stated reasons, the arbitrator directed the VA to “remove the AARs from its website and cease and desist publishing the AARs in that or like manner until such time as it achieves compliance with the Privacy Act, Agreement, Handbook, and Statute.”

Read the full opinion: FMCS Case No. 17-54365.

This case law update was written by Conor D. Dirks, Associate Attorney, Shaw Bransford & Roth, PC.

For thirty years, Shaw Bransford & Roth P.C. has provided superior representation on a wide range of federal employment law issues, from representing federal employees nationwide in administrative investigations, disciplinary and performance actions, and Bivens lawsuits, to handling security clearance adjudications and employment discrimination cases.

Posted in Case Law Update