Postal Service simplifying privacy
- By Sara Michael
- Jan 08, 2003
The U.S. Postal Service has reorganized how it collects and shares information on customers and is working to make its privacy notices more clear.
In keeping with the obligations of the Privacy Act of 1974, USPS has streamlined the collection of customer information by ensuring that each of its programs gathers the appropriate personal information, according to Zoe Strickland, USPS' chief privacy officer.
Previously, there was no consistency as to how USPS collected and used personal data. With improved data collection practices, Strickland said USPS officials have now turned their attention to translating the service's practices to customers in a detailed notice.
Ari Schwartz, associate director at the Center for Democracy and Technology, applauded the reorganization of what he called "haphazard collection." But the Postal Service's move raises a larger concern, he said: The Privacy Act simply needs to be updated.
With little policy guidance, agencies are left to individually interpret the outdated act and decide the best way to collect customer information and relay the privacy safeguards in notices.
"[The Postal Service] is doing the best they can, however there should be a larger discussion," Schwartz said.
USPS took a "big picture approach" in re-examining the collection of private information that is maintained in its records system, Strickland said. After determining what personal data USPS has and where it is maintained, Postal Service officials mapped its collection. From there, they were able to look at each customer practice and bring consistency to the data collection for each program.
For example, a customer may register for several products and services on the Postal Service's Web site. Instead of having to provide personal information for each, USPS' universal registration simplifies the process and ensures information is obtained and used correctly. A pop-up window will appear on the site to notify customers of USPS' data collection process.
"You need to review them to keep them up to date," Strickland said of the data sets. "You've really got to take a look at current trends in privacy and reflect that, and you've got to keep it current."
The Privacy Act requires federal agencies to publish notices describing the safeguards that keep personal information private. While there weren't major problems in the Postal Service's previous notices, Strickland said they needed improvement.
"You have to understand both the facts and the law," she said. "Some [notices] were fragmented and not as clear and standardized as they could be."
USPS is now in the process of clearly defining the Privacy Act and the core requirements around securing information.