During a recent payment card industry audit, payment card receipts were found in several Post Office™ facilities. The Corporate Information Security Office (CISO) reminds everyone to properly handle and control all Postal Service™ hardcopy information, as stated below.
Special consideration must be given to sensitive and critical information. The level of protection is based on the information’s sensitivity and criticality.
Hardcopy information must be protected against damage, unauthorized access, and theft, both in the Postal Service environment and when removed from this secure environment.
Postal Service information security policies for protecting hardcopy information include the following:
1. Labeling.
2. Controlling access.
3. Retention and storage.
4. Removal from Postal Service premises.
5. Release.
6. Disposal and destruction.
7. Contracts.
1. Labeling
Sensitive-enhanced or sensitive hardcopy information (e.g., credit card receipts, printouts, screen prints, photocopies, architecture drawings, and engineering layouts) must be legibly and durably labeled as “RESTRICTED INFORMATION.”
2. Controlling Access
Access to hardcopy information must be restricted as follows:
a. Sensitive-enhanced and sensitive information must be protected from unauthorized access and disclosure. Access must be restricted to authorized personnel with a need to know.
b. Critical information must be protected from unauthorized access and destruction.
c. To prevent unauthorized access to hardcopy information, any of the following controls may be employed:
1. A locked desk or file cabinet.
2. A room with a key, combination, or electronic lock.
3. An approved storage area, or an area behind a guard.
3. Retention and Storage
The retention and storage of information must be controlled as follows:
a. All Postal Service hardcopy information must be retained in accordance with legal retention requirements established by law (e.g., legal holds), and also with operational retention requirements established by the Postal Service Records Office (see Handbook AS-353, Guide to Privacy, Freedom of Information Act, and Records Management).
b. When the retention period or legal hold has expired, information must be properly destroyed (see item 6 below). The process of removing expired information can be automated or manual.
c. Sensitive-enhanced, sensitive, and critical information must be stored in a controlled area or a locked cabinet.
d. Postal Service information not available to the public must be isolated and stored separately from non–Postal Service information (e.g., business partner and vendor information) unless required by law or regulation. Postal Service information not available to the public and non–Postal Service information must be stored separately at Postal Service facilities, non–Postal Service facilities, and at backup sites, unless otherwise required by law or regulation.
4. Removal From Postal Service Premises
The requirements for taking sensitive-enhanced and sensitive Postal Service hardcopy information off-site (i.e., non–Postal Service premises) including Postal Service data processed by business partners are as follows:
a. The removal and storage of sensitive-enhanced and sensitive Postal Service information from Postal Service premises must be approved in writing by the functional vice president (data steward), chief privacy officer, and the chief information officer (CIO) or their designee. Complete PS Form 1357-D, Data Accountability, to initiate the process.
b. Only authorized personnel are allowed to pick up, receive, transfer, or deliver Postal Service sensitive-enhanced and sensitive information.
c. All Postal Service hardcopy information containing sensitive-enhanced and sensitive information must be secured against theft and unauthorized access (e.g., controlled area, safe, and locked cabinet).
d. There must be accountability in the life cycle management of any sensitive-enhanced and sensitive information removed off Postal Service premises. This data must be formally tracked (e.g., logbook) from creation to destruction.
5. Release
The release of information must be accomplished in accordance with Postal Service policies and procedures (see Handbook AS-353).
Sensitive-enhanced and sensitive information must be protected from unauthorized disclosure through observation and conversations. Control must also be exercised over copies and facsimiles.
6. Disposal and Destruction
Hardcopy information designated as sensitive-enhanced or sensitive must be destroyed by shredding, pulping, or burning when no longer needed if the information is not subject to a legal hold and the retention period has expired.
Disposal contractors must have appropriate personnel clearances, physical security of the facility, and procedures to store and handle the hardcopy information containing sensitive-enhanced or sensitive information before and during disposal.
7. Contracts
Information security requirements must be included in contracts involving services for handling sensitive-enhanced, sensitive, or critical information for the Postal Service.
— Corporate Information Security Office,
Chief Information Officer, 2-25-10