Mass Address™

Share this post

U.S. Postal Service: Improved Oversight Needed to Protect Privacy of Address Changes GAO/GGD-96-119)

www.massaddress.news

U.S. Postal Service: Improved Oversight Needed to Protect Privacy of Address Changes GAO/GGD-96-119)

Part 2

Edward W. Hood
Nov 19, 2021
1
Share this post

U.S. Postal Service: Improved Oversight Needed to Protect Privacy of Address Changes GAO/GGD-96-119)

www.massaddress.news

---------------------------------------------------------- Letter :5.1

Our review of files and discussion of the seeding process with NCOA

program officials disclosed certain management practices and

inattention to procedure that, we believe, have limited the value of

seeding as a control to ensure against the improper disclosure of

NCOA data. Seeding is commonly used in the mailing industry to

control proprietary records. The Postal Service periodically plants

"seed" records when updating licensees' NCOA files. A seed record is

any nonmatch data placed in the NCOA file by the Postal Service and

so designed that it will be released to mailing list holders only

through improper use of the NCOA file. Licensees are aware that the

NCOA files are seeded by the Postal Service, but according to NCOA

program officials, specific seeding data are guarded against

disclosure to licensees and the public.

Postal Service officials said they believe that, if a licensee

disclosed information from the NCOA file by any means other than

through the approved computer software, fictitious seed address

records would also be disclosed. Mail sent to seed record addresses

would then be retrieved by the NCOA program office, alerting it to a

possible improper disclosure of NCOA information. The NCOA program

office would then trace the seed record back to the licensee who

released it, and the Postal Service would take disciplinary and/or

corrective action. The NCOA program manager reported that he was not

aware that any seed mail had ever been received.

Program officials told us that they had seeded NCOA files since the

program began but had not retained historical records of seeding for

the complete period. Available documentation of seeding activities

began with the NCOA file update in July 1990. Our review of this

documentation and information provided by program officials disclosed

several weaknesses in the seeding process and documentation of the

process as an NCOA program control measure.

-- From July 1993 to April 1994, the NCOA files contained no seed

records because the program office neglected to replace those

records when they became 36 months old and were deleted. Seed

records loaded in July 1990 were deleted in July 1993, some 36

months later. Seed records were not replaced in licensees' NCOA

files until April 1994.

-- Program officials were not aware of this gap in seed coverage

until our review. They said the gap was a "technical" error

that was not particularly serious because the main value of

seeding as a control comes from the licensees' awareness that

the Postal Service seeds the NCOA files. Program officials said

they did not believe that licensees were aware that the gap in

seed coverage had occurred.

-- Program officials told us that before November 1994, the program

office used only seed records unique to each licensee. All name

and address updates to the licensees' NCOA files by the Postal

Service were identical, except for seed record names and

addresses unique to each licensee. Program officials said they

believed that this feature would enable them to trace any mail

received at seed addresses to the licensee who released the

record. However, it is possible that seed records could be

identified and neutralized by two or more licensees who agreed

to compare their NCOA files.

-- After we discussed our concerns with NCOA program officials, in

November 1994, the program office began using some "common" seed

records. Under this new feature, a quantity of identical seed

records are introduced into the NCOA files of all licensees,

along with some seed records that are unique to each licensee.

Although this procedure may help to identify any improper

disclosure of addresses by licensees, it will not allow the

Postal Service to identify which licensee was responsible for

the impropriety if licensees compared their NCOA files to

identify unique seed records because all licensees will have had

access to a common seed record.

-- The Postal Service process for seeding, identifying, and

responding to mail that might be sent to a seed address was

informal. There were no written procedures on the seeding

process, the process for retrieving mail sent to seed addresses,

or the process for investigating mail sent to seed addresses and

then reporting the results of the investigation internally.

-- The National Customer Support Center manager stated that the

informal mail retrieval process was tested in 1990 and again in

1992. He said that the test results showed that this process

worked in that test mail sent to the seed addresses through the

regular mail stream was properly forwarded back to the NCOA

program office. However, the manager told us that there was no

record of these tests and that the results were not reported

within the Postal Service. He said that procedures were revised

in January 1995 to specifically cover what postal field

personnel are required to do when they identify mail to be

delivered to seed addresses.

QUESTIONABLE EFFECTIVENESS

OF LICENSEE AUDITS

---------------------------------------------------------- Letter :5.2

On the basis of our examination of poorly maintained audit files and

subsequent discussions with NCOA program officials, we were unable to

(1) confirm that we had identified all Postal Service audits of

licensees or (2) fully assess the Postal Service's management of

audits. However, on the basis of our review of the records available

and on interviews with program officials and staff, we question

whether the licensee audits, as administered by the program office,

provided a meaningful oversight measure of compliance with the

applicable privacy provisions of federal law.

During most of the program's history, unannounced on-site audits were

to be conducted annually at the licensees' facilities. These audits

were to include tests of licensees' NCOA software accuracy and

verification of licensees' compliance with other licensing agreement

provisions, such as the provision to prevent unauthorized access to

the NCOA file. Under the licensing agreement, the Postal Service

allows a licensee that fails an audit 30 days to correct the problem

and be retested. This period is to begin when the Postal Service's

contracting officer notifies the licensee of the audit results.

In 1992, the program office introduced an "automated" audit

administered through a test tape mailed to each licensee. According

to the program manager, the automated audit focused on a more

comprehensive assessment of the accuracy of the licensees' NCOA

software. The audits are designed to detect both the failure of

licensees' NCOA software to make appropriate matches and instances of

incorrect matches. Matching of names and addresses results in the

release of new addresses to the mailing list holders and, eventually,

into the mail stream. Incorrect matches, therefore, are more serious

because they can result in the release of new addresses in violation

of federal privacy laws.

The Postal Service has set a high standard for the performance of

licensees' address-matching software. The licensing agreement

specifies that a licensee's address-matching software must achieve a

99-percent matching accuracy rate. That is, the software may produce

no more than one error per 100 name and address matches as analyzed

and scored by the program office.

In May 1994, the Postal Service significantly modified the licensing

agreement to, among other things, strengthen the Service's oversight

of licensees through audits. Before this modification, NCOA program

officials said that licensees were audited at least once a year and

that the only option available to the Postal Service under the

licensing agreement was to terminate the license of a licensee who

failed successive audits. The modification requires licensees to

pass at least three audits each contract year and provides the option

of either suspending or terminating licensees that fail two

consecutive process audits or that fail to comply with other terms or

conditions of the licensing agreement. Further, the modification

requires the Postal Service to terminate the license of any licensee

that fails three consecutive audits.

Since 1992, the NCOA program office has maintained a separate file on

each licensee containing various items of correspondence, internal

memorandums, notes, and other information relating to process audits

performed. We reviewed the files for details of process audits

conducted during 1992 and 1993. The files we reviewed, however,

generally did not contain complete records of the audits performed,

audit results, or resolution of audit findings.

We were able to ascertain from the files, however, that in 1992 at

least 65 automated audits were made of the 25 firms licensed at that

time to provide NCOA services. All but one licensee failed the

initial audit. Seven licensees passed the first follow-up audit.

Another seven licensees failed the first follow-up audit but passed a

second follow-up audit. However, 10 licensees failed all automated

process audits performed that year.

The Postal Service did not terminate the license of any of the 10

licensees who failed successive process audits during 1992. In fact,

these licensees continued to provide NCOA services with

address-matching software that had failed repeatedly to meet the

performance standards for accuracy required by the licensing

agreement. For example, four licensees failed an initial audit in

May 1992, and then failed two follow-up audits, before finally

passing an audit conducted in March 1993. However, these same

licensees were allowed to continue providing NCOA services during the

10-month period in which their software failed to meet the Service's

minimum standard for accuracy.

The NCOA program manager explained that the pattern of repeated audit

failures resulted from the increased thoroughness, coverage, and

focus on software accuracy of the new automated process audit as

compared with earlier process audits. He acknowledged that program

oversight had not been carried out as strictly as it could have been

because program officials did not want to terminate licensees from

the program, which was the only option available under the licensing

agreement at that time.

The program manager believed that the Postal Service correctly opted

to work with the licensees to resolve the software deficiencies

identified in the 1992 audits. He indicated that, among other

things, most of the software performance errors involved failures to

make any matches rather than making inappropriate matches. He also

said that the program office staff responded promptly to ensure that

licensees corrected software weaknesses identified in the audits,

which may have affected compliance with federal privacy laws.

During 1993, the Postal Service audited the 10 licensees who failed

all audits conducted during 1992. Each of these 10 licensees passed

the 1993 audit. The NCOA program manager explained that other

licensees were not audited during 1993 because, starting in about

March of that year, the entire master NCOA file was redesigned, and

licensees had to change their software to accommodate this redesign.

Further, the NCOA program office had a contract with one of its NCOA

licensees for computer support to build and maintain the master NCOA

file. The program office brought this function in-house in October

1993. Consequently, according to the program manager, all program

staff who would have done the licensee audits were instead used to

support this transition and maintain the NCOA file.

INADEQUATE INFORMATION TO

DETERMINE THE EFFECTIVENESS

OF ADVERTISING REVIEW

---------------------------------------------------------- Letter :5.3

We were unable to completely evaluate this oversight activity because

the NCOA program office did not have historical records of any

advertisements either submitted or reviewed. However, the

information that we were able to obtain indicated that the program

office was not effectively overseeing licensees' advertising

activities. Specifically, we found that although at least two

licensees had advertised NCOA-linked new-movers lists and had

submitted these advertisements to the Postal Service for review, no

action had been subsequently taken by the Postal Service to

disapprove the advertisements. The May 1994 modification stated that

a licensee's advertising will be disapproved if it includes any

reference to NCOA or the Postal Service.

The licensing agreement requires licensees to submit all proposed

advertising and methods of selling NCOA program-related services to

the NCOA program office for review and approval. The purpose of this

requirement is to ensure that licensees' customers are not misled by

the advertising or sales methods used, as well as to specifically

ensure that the relationship between the Postal Service and the

licensee is correctly represented. The licensing agreement states

that the Postal Service will provide the licensee with a written

response on the acceptability of proposed advertising within 20

working days of receipt of the material. However, if the licensee

does not receive a written response within this time, the agreement

states that the licensee may consider the proposed advertisements or

sales methods approved for use.

The program manager told us that licensees had regularly submitted

their proposed NCOA-related advertisements to the program office for

review. However, our review of licensee contract files and

discussions with a licensee disclosed that at least two licensees had

regularly submitted advertising materials for NCOA-linked new-movers

lists for Postal Service review and approval and that the program

office had not responded. For example, a May 19, 1994, letter from a

licensee stated that it had regularly submitted for review copies of

its advertisements promoting NCOA-linked new-movers lists since

inception of the NCOA program but that the Postal Service had never

responded.

As noted earlier, Postal Service officials said that the change to

the licensing agreement that specifically prohibited the creation of

NCOA-linked new-movers lists was to make more explicit the existing

restrictions on uses of NCOA data. Therefore, even before the

licensing agreement was modified in 1994, the exercise of effective

oversight should have dictated that the Service inform licensees who

proposed advertisements promoting NCOA-linked new-movers lists that

such advertisements were not permitted by the licensing agreement.

However, the Postal Service failed to respond to these proposed

advertisements.

In discussing this issue with the program manager, we were told that,

notwithstanding the advertisements submitted for review, the Postal

Service had not fully understood how licensees were using the NCOA

file--i.e., to create NCOA-linked new-movers lists. When it became

clear that licensees were creating such lists, the licensing

agreement was modified to specifically (1) preclude licensees from

creating and maintaining new-movers lists for either their own use or

the use of their customers and (2) state that a licensee's

advertising will be disapproved if it includes any reference to NCOA

or the Postal Service anywhere in any text or graphics that include a

reference to nonmailing products and services, such as new-movers

lists.

UNCERTAIN EFFECTIVENESS OF

COMPLAINT INVESTIGATIONS

---------------------------------------------------------- Letter :5.4

Another oversight or control mechanism over licensees that the Postal

Service reportedly uses is the investigation of NCOA-related

complaints emanating from the public, the licensees themselves, or

their customers. However, because the program office had no records

of complaints received or related investigations, we could not assess

the effectiveness of the complaint investigation process as a control

mechanism.

The NCOA program office's complaint investigation process was

informal and lacked structure. The office could provide us with no

record of complaints received. Further, we found no evidence of a

formal process for logging complaints, investigating complaints, and

reporting the results of investigations internally or to

complainants. According to the program manager, a few complaints had

been received, which were mainly related to customer

misunderstandings about the NCOA-related services that licensees

provide.

CONCLUSIONS

------------------------------------------------------------ Letter :6

In establishing the NCOA program, the Postal Service took a positive

step toward dealing with the inefficiencies of processing

misaddressed mail. In setting up and using a nationwide database of

postal customer names and addresses to provide this address

correction service, the Postal Service has tried, primarily through

changes to licensing agreements, to create controls that help ensure

that the release and use of NCOA information complies with the

provisions of federal privacy laws. The Postal Service said it

believes that it has met its legal responsibilities through program

design and oversight.

However, at the time of our review, the NCOA program was operating

without clearly delineated procedures and without sufficient

management attention to ensure that the program was operating in

compliance with the privacy provisions of federal laws.

Specifically, the Postal Service lacked adequate written procedures

and oversight processes regarding

-- seeding the NCOA files with fictitious records to discourage

unauthorized name and address disclosure by licensees;

-- obtaining and reviewing, in a timely manner, licensees' proposed

advertisements that mention the NCOA program, taking prompt

action to disapprove inappropriate advertisements, and

documenting the results; and

-- documenting all NCOA-related complaints received and actions

taken to address the complaints.

The NCOA program office's absence of written procedures and

inattention to processes allowed seeding control features to lapse

for a 9-month period before the condition was discovered and

corrected. Also, several licensees had advertised NCOA-linked

new-movers lists, submitted the advertisements to the Postal Service

for review, and yet the Postal Service had taken no action to

disapprove the advertisements. Further, with regard to complaints,

the NCOA program office had no records of complaints received or

related investigations, although officials said that complaints had

been received.

The NCOA program office had not implemented and enforced some

provisions of the licensing agreement, including those requiring a

minimum number of licensee audits each year and the termination of

licensees that failed to maintain address-matching software that

meets the performance standards prescribed in the license agreements.

Ten licensees failed successive audits of their software and

continued to provide NCOA services in 1992. When licensees' software

does not perform according to the standards, the Postal Service

cannot be sure that the NCOA program is operating in compliance with

federal privacy laws.

Finally, we found that the Postal Service had not clearly

communicated, through licensees, to licensees' customers, the

restrictions on the use of NCOA data to create or maintain new-movers

lists. That is, the Postal Service had not explicitly stated in the

acknowledgment form--to be signed by customers of licensees--that

NCOA data are not to be used to create or maintain new-movers lists,

a restriction that the Service has communicated to licensees.

RECOMMENDATIONS

------------------------------------------------------------ Letter :7

To strengthen oversight of the NCOA program, we recommend that the

Postmaster General require the NCOA program office to

-- develop and implement written oversight procedures, which should

include (1) the responsibilities and timetables for using seed

records to help verify that licensees release new addresses only

as a result of accurate name and address matching; (2)

requirements to obtain and review licensees' NCOA-related

proposed advertisements, document the review, and notify

licensees of the results within the time period prescribed in

the licensing agreement; and (3) requirements for systematically

recording all NCOA-related complaints received, including

actions taken to resolve complaints; and in addition,

-- enforce all provisions of the licensing agreement, including (1)

conducting at least the prescribed minimum number of licensee

audits, currently three per contract year; and (2) suspending or

terminating, as appropriate, licensees that fail two consecutive

audits or that are determined to be in noncompliance with other

terms or conditions of the licensing agreement. (As provided in

the agreement, licensees that fail three consecutive audits

should be terminated.)

We also recommend that the Postmaster General further restrict the

use of NCOA-linked data to create or maintain new-movers lists by

explicitly stating it on the acknowledgment form that is signed by

customers of NCOA licensees.

POSTAL SERVICE COMMENTS AND OUR

EVALUATION

------------------------------------------------------------ Letter :8

In a May 30, 1996, letter (see app. I) the Postmaster General

commented on a draft of this report. He said that the Postal Service

had implemented our recommendations to develop written oversight

procedures for conducting NCOA seeding operations, reviewing and

responding to NCOA-related advertisements, and investigating

complaints about the program. He said also that the Postal Service

was pleased that we did not question the lawfulness of licensing NCOA

data for the purpose of address-list correction. It is important to

note that, while we did not question the legality of the Postal

Service's arrangements with licensees to provide address list

correction services, we disagree with its view that the Privacy Act

allows licensees to use NCOA-linked data to create new-movers lists.

The Postal Service did not adopt our recommendation that restrictions

on the use of NCOA-linked data to create or maintain new-movers lists

be included in the acknowledgment form that is to be signed by NCOA

licensees' customers. The Postal Service primarily provided three

reasons for its decision to not adopt our recommendation, which are

summarized below along with our evaluation.

First, the Postal Service said it does not believe that a restriction

on the creation and maintenance of new-movers lists from NCOA-derived

data is required by privacy law. For the reasons stated earlier in

this report, we continue to believe that use of NCOA-linked data by a

licensee for creating a new-movers list would not be consistent with

the limitations imposed by the Privacy Act. The Postal Service did

not provide any new evidence or rationale for its view that the

Privacy Act permits licensees to use NCOA-derived data for purposes

other than address-list correction, which is the routine use or

purpose for which the Postal Service collected such information.

Second, the Postal Service said that effective enforcement of such a

restriction on customers of licensees would be impracticable. The

Postal Service said that the Privacy Act does not govern the private

sector and provides no basis for requiring the Service to control

what the private sector does with address corrections legitimately

obtained from the Postal Service. The Postal Service said it

believes that it would be inappropriate to place limitations on

licensees' customers, with whom the Service has no formal

relationship.

Regarding this second point, we recognize that enforcement of the

restrictions on third parties, i.e, licensees' customers, might be

difficult because the Postal Service has no contractual relationship

with licensees' customers. However, we do not believe that a

potential difficulty of enforcing such restrictions under

arrangements made with licensees means that the Postal Service should

not clearly communicate what those restrictions are. NCOA licensees

operate on behalf of the Postal Service and are subject to the same

provisions of the Privacy Act as the Service, which allows an agency

record to be disclosed provided the record is used for a purpose

compatible with that for which it was collected. These records were

collected by the Postal Service for address-list corrections, not to

create new-movers lists.

As a practical matter, it appears that the Postal Service could, at a

minimum, communicate through licensees to the licensees' customers

any restrictions on the use of NCOA data to create or maintain

new-movers lists. Acting on behalf of the Postal Service, licensees

could help ensure compliance with the restrictions by explaining to

their customers the limitations on the release and use of NCOA data

under the Privacy Act. Unless the Postal Service implements and

attempts to enforce these limitations, it cannot ensure that use of

NCOA-derived data is limited to the purpose for which it was

gathered.

Third, the Service said that we misinterpreted the purpose of the

acknowledgment form when we said that it was "to limit the use of

NCOA-linked data by the customers of licensees." The Service said

that the purpose of the form is to ensure that lists presented to

licensees for correction are really mailing lists. The

acknowledgment form states that the sole purpose of the NCOA service

is to provide a mailing-list correction service for lists that will

be used to prepare mailings. We believe that this language does

limit the use of NCOA-linked data. However, the Postal Service had

not explicitly stated in the acknowledgment form the specific

restriction that it communicated to licensees, namely, that NCOA data

are not to be used to create or maintain new-movers lists. We are

recommending that the Postmaster General explicitly state this

restriction on the acknowledgment form. Also, the Postal Service

said that it has never acknowledged that the creation of new-movers

lists by customers is prohibited. We clarified in our report that

the Postal Service had communicated the prohibition on the creation

of new-movers list to licensees--but not to their customers.

---------------------------------------------------------- Letter :8.1

We are sending copies of this report to the Ranking Minority Member

of this Subcommittee, the Postmaster General, and other interested

parties. Copies will also be made available to others upon request.

The major contributors to this report are listed in appendix III. If

you have any questions about the report, please call me on (202)

512-8387.

J. William Gadsby

Director, Government Business

Operations Issues

U.S. POSTAL SERVICE CHANGE OF

ADDRESS ORDER (POSTAL SERVICE FORM

3575, JULY 1995)

=========================================================== Appendix I

(See figure in printed

edition.)

(Front of form)

(See figure in printed

edition.)

(See figure in printed

edition.)

(Back of form)

(See figure in printed

edition.)

(See figure in printed edition.)Appendix II

COMMENTS FROM THE U.S. POSTAL

SERVICE

=========================================================== Appendix I

(See figure in printed edition.)

MAJOR CONTRIBUTORS TO THIS REPORT

========================================================= Appendix III

GENERAL GOVERNMENT DIVISION,

WASHINGTON, D.C.

Michael E. Motley, Associate Director, Government Business

Operations Issues

James T. Campbell, Assistant Director

OFFICE OF GENERAL COUNSEL,

WASHINGTON, D.C.

Alan N. Belkin, Assistant General Counsel

Robert J. Heitzman, Senior Attorney

DALLAS REGIONAL OFFICE

Sherrill H. Johnson, Core Group Leader

Robert T. Griffis, Evaluator-in-Charge

*** End of document. ***

Share this post

U.S. Postal Service: Improved Oversight Needed to Protect Privacy of Address Changes GAO/GGD-96-119)

www.massaddress.news
Comments
TopNewCommunity

No posts

Ready for more?

© 2023 Mass Address
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing