August 7, 2023
The Postal Service wants employees to remember it collects and maintains a variety of personally identifiable information about customers, employees and outside businesses in order to carry out its mission.
Under the Privacy Act of 1974, a federal law, USPS employees and contractors have a legal and ethical obligation to hold personal information in confidence and protect it from unauthorized disclosure and misuse.
To comply with the law, employees and contractors must follow these rules:
• Don’t disclose information about another individual to any person or organization without proper authorization.
• Managers must provide guidance to all employees who handle such information.
• Don’t reveal personally identifiable information to co-workers who don’t need to know it.
The Privacy Act’s “need to know” exception allows personal information to be given to other employees, including contractors, who need it to do their jobs.
It’s a federal crime to intentionally disclose Privacy Act-protected information to other employees if you know they don’t need that information to do their jobs.
• Don’t maintain an unauthorized system of records — such as a file, database or program — that contains private information about individuals.
All records systems containing personally identifiable information about individuals must be reported to the USPS Privacy and Records Management Office.
• Follow the Postal Service’s established privacy policies and procedures to ensure the confidentiality and integrity of information about individuals that is collected, maintained and used for official purposes.
• Ensure that links and hidden information are removed from PDF files prior to disclosing the files.
Employees must sanitize PDF files to remove attachments, links and metadata prior to releasing such files to the public, including in response to Freedom of Information Act requests.