3 Information Designation and Control

3-1 Policy

Postal Service information resources must be protected from time of collection to retirement, disposal, and destruction commensurate with their tangible value, legal and regulatory requirements, and their critical role in the Postal Service’s ability to conduct its mission.

All personnel must implement the protection requirements for information resources associated with information designation, categorization, and protection (including labeling, handling, controlling access and retention, protecting in transit and in storage, disposal, and destruction).

The following roles are vital to the protection of Postal Service Information:

  1. The data owner is the executive with statutory and operational authority for specified information and responsibility for overseeing its generation, collection, processing, dissemination, disposal, and for the business results from using the information. The owner is responsible for ensuring that appropriate steps are taken to protect the information and for the implementation of policies, guidelines, and memorandums of understanding that define the appropriate use of the information.
  2. The data steward is the manager with responsibility for providing business users with high-quality data that is easily accessible in a consistent manner. Data stewardship focuses on tactical coordination and implementation. Data stewards are responsible for carrying out data usage and security policies determined by the data owner or through enterprise data governance initiatives. Data stewards provide agreed-upon data definitions and formats and ensure that business users adhere to specified standards. They often collaborate with data architects; business intelligence developers; extraction, transformation, and load (ETL) designers; business data owners; and others to uphold data consistency and data quality metrics.
  3. The data custodian is responsible for administrative and operational control over the information and for granting access to the information based on direction provided by the data steward.

Chapter 3 addresses the following:

  1. Information designation and categorization.
  2. Determination of the categorization of information resources.
  3. Security requirements categories.
  4. Protection of Postal Service information and media.
  5. Protection of non-Postal Service information.