Information Technology

Protecting Hardcopy Information

During a recent payment card industry audit, payment card receipts were found in several Post Office™ facilities. The Corporate Information Security Office (CISO) reminds everyone to properly handle and control all Postal Ser­vice™ hardcopy information, as stated below.

Special consideration must be given to sensitive and critical information. The level of protection is based on the information’s sensitivity and criticality.

Hardcopy information must be protected against dam­age, unauthorized access, and theft, both in the Postal Ser­vice environment and when removed from this secure environment.

Postal Service information security policies for protect­ing hardcopy information include the following:

1. Labeling.

2. Controlling access.

3. Retention and storage.

4. Removal from Postal Service premises.

5. Release.

6. Disposal and destruction.

7. Contracts.

1. Labeling

Sensitive-enhanced or sensitive hardcopy information (e.g., credit card receipts, printouts, screen prints, photo­copies, architecture drawings, and engineering layouts) must be legibly and durably labeled as “RESTRICTED INFORMATION.”

2. Controlling Access

Access to hardcopy information must be restricted as follows:

a. Sensitive-enhanced and sensitive information must be protected from unauthorized access and disclo­sure. Access must be restricted to authorized per­sonnel with a need to know.

b. Critical information must be protected from unautho­rized access and destruction.

c. To prevent unauthorized access to hardcopy infor­mation, any of the following controls may be em­ployed:

1. A locked desk or file cabinet.

2. A room with a key, combination, or electronic lock.

3. An approved storage area, or an area behind a guard.

3. Retention and Storage

The retention and storage of information must be con­trolled as follows:

a. All Postal Service hardcopy information must be re­tained in accordance with legal retention require­ments established by law (e.g., legal holds), and also with operational retention requirements established by the Postal Service Records Office (see Handbook AS-353, Guide to Privacy, Freedom of Information Act, and Records Management).

b. When the retention period or legal hold has expired, information must be properly destroyed (see item 6 below). The process of removing expired information can be automated or manual.

c. Sensitive-enhanced, sensitive, and critical informa­tion must be stored in a controlled area or a locked cabinet.

d. Postal Service information not available to the public must be isolated and stored separately from non–Postal Service information (e.g., business partner and vendor information) unless required by law or regulation. Postal Service information not available to the public and non–Postal Service information must be stored separately at Postal Service facilities, non–Postal Service facilities, and at backup sites, unless otherwise required by law or regulation.

4. Removal From Postal Service Premises

The requirements for taking sensitive-enhanced and sensitive Postal Service hardcopy information off-site (i.e., non–Postal Service premises) including Postal Service data processed by business partners are as follows:

a. The removal and storage of sensitive-enhanced and sensitive Postal Service information from Postal Ser­vice premises must be approved in writing by the functional vice president (data steward), chief privacy officer, and the chief information officer (CIO) or their designee. Complete PS Form 1357-D, Data Account­ability, to initiate the process.

b. Only authorized personnel are allowed to pick up, re­ceive, transfer, or deliver Postal Service sensitive-en­hanced and sensitive information.

c. All Postal Service hardcopy information containing sensitive-enhanced and sensitive information must be secured against theft and unauthorized access (e.g., controlled area, safe, and locked cabinet).

d. There must be accountability in the life cycle man­agement of any sensitive-enhanced and sensitive in­formation removed off Postal Service premises. This data must be formally tracked (e.g., logbook) from creation to destruction.

5. Release

The release of information must be accomplished in accordance with Postal Service policies and procedures (see Handbook AS-353).

Sensitive-enhanced and sensitive information must be protected from unauthorized disclosure through observa­tion and conversations. Control must also be exercised over copies and facsimiles.

6. Disposal and Destruction

Hardcopy information designated as sensitive-enhanced or sensitive must be destroyed by shredding, pulping, or burning when no longer needed if the informa­tion is not subject to a legal hold and the retention period has expired.

Disposal contractors must have appropriate personnel clearances, physical security of the facility, and procedures to store and handle the hardcopy information containing sensitive-enhanced or sensitive information before and during disposal.

7. Contracts

Information security requirements must be included in contracts involving services for handling sensitive-enhanced, sensitive, or critical information for the Postal Service.