7-14 Privacy Considerations

7-14.1 General

Postal Service records release policies are based on legal requirements, best practices, and business needs. When considering whether to release records publicly, it is the policy of the Postal Service to make its records available to the public to the maximum extent consistent with the public interest. This policy is in accordance with the Freedom of Information Act (FOIA) (5 U.S.C. 552), the Privacy Act (5 U.S.C. 552a) and is implemented in Title 39 Code of Federal Regulations (CFR) 265, and Handbook AS-353, Guide to Privacy, the Freedom of Information Act and Records Management.

Protecting Postal Service information and information resources including customer and employee PII, is an essential element of privacy considerations, and can be particularly important when the Postal Service purchases IT or other information processing and information gathering services or when the purchase involves the collection and generation of information pertaining to individuals. In such cases, coordination with the Privacy and Records Office and the Corporate Information Security Office (CISO) is necessary, as discussed in Section 8-4, Information Technology, Handbook AS-805-I, USPS Information Security Requirements for Suppliers, and Clause 4-19: Information Security Requirements.

Suppliers that have access to Postal Service information pertaining to individuals, or operate on the Postal Service’s behalf, a file, database, or program from which information about customers, employees, or individuals is retrieved by name or other identifier, are subject to the Postal Service’s privacy policy (http://usps.com/privacypolicy) and the requirements of Clause 1-1: Privacy Protection. Clause 1-1 contains provisions that are intended to (1) protect Personal Information from misuse or unauthorized access, (2) respond to actual or suspected unauthorized access of such information, and (3) require suppliers to indemnify the Postal Service in the event of a violation. Clause 1-1 is incorporated by reference in Clause 4-2: Contract Terms and Conditions Required to Implement Policies, Statutes or Executive Orders when checked off by the contracting officer. Clause 1-1 must be included in:

In most cases, suppliers must turn over all Personal Information in its possession to the Postal Service upon completion of the contract. Under certain circumstances, suppliers will retain the information, and in these cases the contracting officer must work with the Chief Privacy Officer (CPO) and assigned counsel to ensure that all interests are protected. In all cases, purchase/SCM teams should work with the CPO and assigned counsel to ensure that the Postal Service’s privacy commitments are upheld.