2-1 Data Security Postal Service policy provides specific guidelines for handling the various levels of sensitive and critical data. The following guidelines are not an exhaustive set of data security requirements and the Postal Service may require special or additional security measures: Limit hard copy and electronic distribution to persons on a specific, job-related need-to-know basis. Destroy data that is no longer needed or remains past its retention date. Retain sensitive information in accordance with a retention schedule, where applicable. Encrypt Postal Service information in storage (i.e., at rest), in transit, or stored off-site. The Postal Service does not permit the following: Storage of Postal Service information on devices not owned by the Postal Service. Co-mingling of Postal Service information with information from sources other than the Postal Service. Removal of Postal Service information from Postal Service premises without approval in writing from the functional vice president (data steward) and chief information officer or their designees. Printing Postal Service information on printers where unauthorized people may see the output. Using e-mail, IM, chat, etc. or other electronic means to send Postal Service information unless it is encrypted. Discussing Postal Service information in an open area where others might overhear the conversation. Transmitting Postal Service information by facsimile without appropriate approval.