Information Security

Take Care When Sharing Sensitive Data

Each day, Postal Service™ employees are entrusted with sensitive customer data. To protect this information and our organization’s reputation, Postal Service employees must prioritize the care and handling of sensitive data.

USPS® data can be classified into the following three groups:

n Non-sensitive data,

n Sensitive data, and

n Sensitive-enhanced data.

To learn more about each type, visit the “Secure Sensitive Information” page on Blue at blue.usps.gov/cyber/sensitive-overview.htm.

Postal Service employees must take extra precautions when handling sensitive and sensitive-enhanced information. First, employees must determine that the intended recipient of the information has a need to know. Next, all sensitive and sensitive-enhanced data must be encrypted to prevent unauthorized access. If the information is sent internally, the Postal Service automatically encrypts any emails sent within the USPS network.

An alternative to email when sharing sensitive or sensitive-enhanced data internally is to use a USPS-approved USB device. The Postal Service provides a list of approved devices at blue.usps.gov/cyber/utilize-encryption.htm that may be safely used when sharing sensitive and sensitive-enhanced data. Remember — only transfer USPS data when using USPS equipment.

Emails sent to external recipients require the sender to encrypt the message using the Enterprise Encryption Service (EES). By typing #sensitive# in the subject line of an email, intended recipients receive an email notifying them that their message is accessible in a password-protected inbox. The EES can accommodate attachments up to 10MB; messages in the inbox will have a 30-day retention period.

For more information on data sharing and other cybersecurity best practices, visit the CyberSafe at USPS® websites on Blue (blue.usps.gov/cyber) and LiteBlue (liteblue.usps.gov/cyber), or the external website at uspscybersafe.com.