|
Supplying Principles and Practices > USPS Supplying Practices General Practices > Privacy Considerations
Privacy Considerations
Postal Service records management is based on best practices, business
needs, and legal requirements. When considering whether to release records
publicly, the Postal Service balances the confidentiality and privacy of the
records with the public's right to access those records to the maximum extent
possible. These considerations are in accordance with Handbook AS-353,
Guide to Privacy, the Freedom of Information Act, and Records Management,
and Title 39 Code of Federal Regulations (CFR) 265, which implements the
Freedom of Information Act (FOIA) (5 U.S.C. 552) and the Privacy Act
(5.U.S.C. 552a).
Protecting Postal Service information resources and sensitive information
(including customer and employee personally-identified information, PII) is an
essential element of privacy considerations, and can be particularly important
when the Postal Service purchases IT or other information processing and
information gathering services or when we make purchases that involve the
collection and generation of PII. In such cases, coordination with the
Corporate Information Security Office (CISO) is necessary, as discussed in
the Information Security section of the Information Technology
Commodity-Specific practices. Additional information on the security aspects
of IT purchases or other information processing and information gathering
services is found in the Information Technology topic of the Commodity
Specific Practices.
Suppliers that have access to customer or employee data, or operate a
customer Web site, may be subject to the Postal Service's privacy
requirements implementing the Privacy Act and its privacy policy posted on
www.usps.com/common/docs/privpol.htm. Clause 1-1: Privacy Protection is
incorporated by reference in Clause 4-2, Terms and Conditions Required to
Implement Policies, Statutes, or Executive Orders when checked off by the
Contracting Officer. The clause must be included in:
1. Contracts in which a supplier or subcontractor operates a Privacy Act
system of records on the Postal Service's behalf;
2. Contracts in which a supplier or subcontractor will have access to any
Postal Service customer or employee information, including address
information;
3. Contracts in which a supplier or subcontractor assists the Postal
Service in establishing or administering a customer Web site or places
links or ad banners on a Postal Service Web site or any Web site on
the Postal Service's behalf; or
4. Contracts in which a supplier or subcontractor assists the Postal
Service to conduct a marketing e-mail campaign.
In most cases, suppliers must turn over all customer or employee information
in its possession to the Postal Service upon completion of the contract.
Under certain circumstances, suppliers will retain the information, and in
these cases the contracting officer must work with the Privacy Office and
legal counsel to ensure that all interests are protected. In all cases,
Purchase/SCM Teams should work with the Chief Privacy Officer and legal
counsel to ensure that the Postal Service's privacy commitments are upheld.
Clause 1-1: Privacy Protection
Clause 4-2: Contract Terms and Conditions Required to Implement Policies,
Statutes, or Executive Orders
Provision 4-10: Application Information Security Requirements
Clause 4-19: Application Information Security Requirements
Privacy Act (5 U.S.C. 552a)
Freedom of Information Act (FOIA) (5 U.S.C. 552)
Title 39 Code of Federal Regulations (CFR)
|
