Postal Service simplifying privacy

The U.S. Postal Service has reorganized how it collects and shares information on customers and is working to make its privacy notices more clear.

In keeping with the obligations of the Privacy Act of 1974, USPS has streamlined the collection of customer information by ensuring that each of its programs gathers the appropriate personal information, according to Zoe Strickland, USPS' chief privacy officer.

Previously, there was no consistency as to how USPS collected and used personal data. With improved data collection practices, Strickland said USPS officials have now turned their attention to translating the service's practices to customers in a detailed notice.

Ari Schwartz, associate director at the Center for Democracy and Technology, applauded the reorganization of what he called "haphazard collection." But the Postal Service's move raises a larger concern, he said: The Privacy Act simply needs to be updated.

With little policy guidance, agencies are left to individually interpret the outdated act and decide the best way to collect customer information and relay the privacy safeguards in notices.

"[The Postal Service] is doing the best they can, however there should be a larger discussion," Schwartz said.

USPS took a "big picture approach" in re-examining the collection of private information that is maintained in its records system, Strickland said. After determining what personal data USPS has and where it is maintained, Postal Service officials mapped its collection. From there, they were able to look at each customer practice and bring consistency to the data collection for each program.

For example, a customer may register for several products and services on the Postal Service's Web site. Instead of having to provide personal information for each, USPS' universal registration simplifies the process and ensures information is obtained and used correctly. A pop-up window will appear on the site to notify customers of USPS' data collection process.

"You need to review them to keep them up to date," Strickland said of the data sets. "You've really got to take a look at current trends in privacy and reflect that, and you've got to keep it current."

The Privacy Act requires federal agencies to publish notices describing the safeguards that keep personal information private. While there weren't major problems in the Postal Service's previous notices, Strickland said they needed improvement.

"You have to understand both the facts and the law," she said. "Some [notices] were fragmented and not as clear and standardized as they could be."

USPS is now in the process of clearly defining the Privacy Act and the core requirements around securing information.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.