U.S. Postal Service: Improved Oversight Needed to Protect Privacy of
Address Changes (Letter Report, 08/13/96, GAO/GGD-96-119).
Pursuant to a congressional request, GAO examined the U.S. Postal
Service's oversight of the National Change of Address (NCOA) program,
focusing on: (1) how the Postal Service collects, disseminates, and uses
NCOA data; and (2) whether the Postal Service adequately oversees the
release of NCOA data in accordance with privacy laws.
GAO found that: (1) the Postal Service uses 24 licensees to collect and
disseminate address-correction information; (2) the licensees provide
address services to other private firms and organizations in accordance
with standard licensing agreements; (3) the Postal Service has been
unable to prevent, detect, or correct potential breaches in the
licensing agreement; (4) the Postal Service audits the software that
licensees use to match their mailing lists with NCOA files, reviews NCOA
advertisements that licensees propose to use, and investigates
complaints concerning the NCOA program; (5) Postal Service officials
believe that the NCOA licensing agreement helps to ensure that federal
privacy guarantees are not compromised through the operation of the NCOA
program; (6) the Postal Service has not expressed a clear and consistent
position regarding the use of NCOA data to create new-movers lists; (7)
the Postal Service failed to terminate the license of any licensee that
failed successive process audits in 1992; (8) the NCOA program office is
not terminating licensees that fail to maintain address-matching
software or enforcing the performance standards prescribed in the
license agreements; and (9) the Postal Service needs to enforce these
limitations to ensure that the use of NCOA-derived data is limited to
the purpose for which it was intended.
--------------------------- Indexing Terms -----------------------------
REPORTNUM: GGD-96-119
TITLE: U.S. Postal Service: Improved Oversight Needed to Protect
Privacy of Address Changes
DATE: 08/13/96
SUBJECT: Postal service
Postal law
Privacy law
Proprietary data
Mailing lists
Information disclosure
Data collection operations
Government sponsored enterprises
Mail delivery problems
IDENTIFIER: USPS National Change of Address Program
USPS Computerized Forwarding System
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO report. Delineations within the text indicating chapter **
** titles, headings, and bullets are preserved. Major **
** divisions and subdivisions of the text, such as Chapters, **
** Sections, and Appendixes, are identified by double and **
** single lines. The numbers on the right end of these lines **
** indicate the position of each of the subsections in the **
** document outline. These numbers do NOT correspond with the **
** page numbers of the printed product. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
** A printed copy of this report may be obtained from the GAO **
** Document Distribution Center. For further details, please **
** send an e-mail message to: **
** **
** **
** **
** with the message 'info' in the body. **
******************************************************************
Cover
================================================================ COVER
Report to Congressional Requesters
August 1996
U.S. POSTAL SERVICE - IMPROVED
OVERSIGHT NEEDED TO PROTECT
PRIVACY OF ADDRESS CHANGES
GAO/GGD-96-119
U.S. Postal Service's NCOA Program
(240157)
Abbreviations
=============================================================== ABBREV
GAO - General Accounting Office
NCOA - National Change of Address
Letter
=============================================================== LETTER
B-258950
August 13, 1996
The Honorable John M. McHugh
Chairman, Subcommittee on the Postal Service
Committee on Government Reform and Oversight
House of Representatives
The Honorable Gary A. Condit
House of Representatives
This report responds to your request that we examine the U.S. Postal
Service's oversight of the National Change of Address (NCOA) program.
The Postal Service's ability to quickly and accurately correct
customers' addresses is key to effective mail delivery; however, it
has also raised concerns about potential misuse of NCOA data. Our
report objectives were to determine (1) how the Postal Service
collects, disseminates, and uses NCOA data and (2) whether the Postal
Service adequately oversees the release of NCOA data in accordance
with privacy provisions of relevant federal laws.
RESULTS IN BRIEF
------------------------------------------------------------ Letter :1
Through the NCOA program, the Postal Service collects and widely
disseminates change-of-address information reported by postal
customers. To do this, the Postal Service uses 24 licensees,
primarily mail advertising and credit information firms, to provide
the address-correction service. The licensees pay the Postal Service
to receive and use the electronic master NCOA file and Postal
Service-approved computer software that is used for updating mailing
lists. The licensees are to use NCOA data and provide address
services to other private firms and organizations in accordance with
the standards and procedures specified in the licensing agreement.
The Postal Service's oversight of NCOA program licensees and controls
over the release of NCOA data have not been adequate to prevent,
detect, and correct potential breaches of the licensing agreement and
potential violations of federal privacy law in a timely manner.
Specifically, we identified weaknesses in the Postal Service's
licensee oversight activities for (1) "seeding"\1 NCOA files to
detect unauthorized uses of addresses, (2) auditing the performance
of software that licensees use to match their mailing lists with NCOA
files, (3) reviewing NCOA advertisements that licensees propose to
use, and (4) investigating complaints about the NCOA program.
Postal Service officials said they believe that neither the Privacy
Act nor the Postal Reorganization Act of 1970 limit licensees' use of
address data that have been properly updated or corrected through the
NCOA service. In our view, use of NCOA-linked data by a licensee to
create a new-movers list would not be consistent with the limitations
imposed by the Privacy Act. The Postal Service had not explained in
the acknowledgment form--to be signed by customers of licensees--that
NCOA data are not to be used to create or maintain new-movers lists.
Unless the Postal Service implements and attempts to enforce these
limitations, it cannot be assured that the use of NCOA-derived data
is limited to the purpose for which it was gathered.
--------------------
\1 Seeding is a commonly used practice in the mailing industry to
control proprietary information. A "seed" record planted in a file
can be used to detect the inappropriate release of a record or file.
BACKGROUND
------------------------------------------------------------ Letter :2
Automating mail sorting with state-of-the-art technology is at the
core of Postal Service initiatives to provide efficient, economically
priced mail service. Mail addressed accurately and in the Postal
Service's standardized format is more compatible with these automated
processes. However, the Manager of Address Management at Postal
Service headquarters said that the single greatest barrier to the
Postal Service's effort to automate mail processing is "the poor
quality of the address on the mail piece."
Mail addressed incorrectly or inadequately cannot be processed and
delivered as quickly and efficiently as properly addressed mail.
When mail is misaddressed, the Postal Service incurs added costs for
sorting, transporting, delivering, and, in some cases, disposing of
that mail. Of the 177 billion pieces of mail the Postal Service
handled in 1994, nearly 5 billion pieces were addressed incorrectly.
The Postal Service estimated that it incurred a cost of about $1.5
billion a year in compensating for poor address quality. However,
the Postal Service had no information on the portion of this cost
associated with a change of address.
Because accurate addressing is essential for efficient mail service,
the Postal Service and its predecessor, the Post Office Department,
have provided address-correction services since 1924. These
services, among other things, assist mailers in obtaining and using
accurate, properly formatted addresses that are automation
compatible.
NATIONAL CUSTOMER SUPPORT
CENTER ADMINISTERS NCOA
PROGRAM
---------------------------------------------------------- Letter :2.1
In 1986, the Postal Service implemented the NCOA program, which
extends the Postal Service's use of mail forwarding information to
update business mailers' address lists.\2 The NCOA program is
administered by the NCOA program office within the National Customer
Support Center, which is located in Memphis, TN. The Center's
Director reports to the Manager, Address Management, under the Vice
President for Operations Support. Before introducing this program,
the Postal Service notified business mailers of changed addresses
after their mail had been sent out and forwarded, returned, or
discarded. The NCOA program, however, confronts this problem before
the mail piece enters the mail stream by using contractors licensed
by the Postal Service to provide business mailers updated
change-of-address information.
--------------------
\2 The NCOA program is one of several address-correction services
offered by the Postal Service to help ensure that accurate addresses
are available to and used by mailers.
PRIVACY LAWS RESTRICT POSTAL
SERVICE USE OF NAME AND
ADDRESS DATA
---------------------------------------------------------- Letter :2.2
The Postal Service's authority to disclose address information about
its customers is limited by certain privacy guarantees in two federal
laws. Section 412 of the Postal Reorganization Act of 1970 (39
U.S.C. 412) restricts the Service's release of certain names or
addresses as follows:
"Except as specifically provided by law, no officer or employee
of the Postal Service shall make available to the public by any
means or for any purpose any mailing or other list of names or
addresses (past or present) of postal patrons or other persons."
Subsequently, in 1974, Congress passed the Privacy Act (5 U.S.C.
552a) to more broadly protect individuals from the unauthorized use
of records that federal agencies maintain about them and to give them
right of access to those records. Subsection (n) of this act also
applies to address correction but, in contrast to related provisions
of the 1970 Act, restricts certain uses of a name and address as
follows: "An individual's name and address may not be sold or rented
by an agency unless such action is specifically authorized by law."
In 1991 and again in 1992, Congress held hearings addressing the
privacy implications of the Postal Service's address-correction
services.\3 These hearings focused on public concerns about the
increasing volume of mail generated through the use of mailing lists,
and raised questions about (1) the legality of certain Postal Service
address-correction processes and (2) the adequacy of Postal Service
oversight of the NCOA program to ensure compliance with the privacy
provisions in federal law. A bill (H.R. 434) introduced in January
1995 would, among other provisions, allow any person notifying the
Postal Service of a change of address to deny it permission to
disclose such information.
--------------------
\3 Hearings before the Subcommittee on Postal Operations and
Services, House Committee on Post Office and Civil Service (October
10, 1991), and before the Subcommittee on Government Information,
Justice, and Agriculture, House Committee on Government Operations
(May 14, 1992).
OBJECTIVES, SCOPE, AND
METHODOLOGY
------------------------------------------------------------ Letter :3
The objectives of our review were to determine (1) how the Postal
Service collects, disseminates, and uses NCOA program data to provide
mailers with accurate change-of-address information and (2) whether
the Postal Service adequately oversees the release of NCOA data in
accordance with privacy provisions of relevant federal laws. Because
we were asked to review only the NCOA program, we did not review
other Postal Service address-correction programs.
To meet our first objective, we interviewed Postal Service
headquarters officials in the Office of Address Management Systems,
Operations Support Division, and officials and technical support
staff at the National Customer Support Center and the NCOA program
office in Memphis, TN. We also reviewed relevant records provided by
these officials on the NCOA data gathering and dissemination process,
including some correspondence from licensees on how they used NCOA
data.
To meet our second objective, we obtained and reviewed federal laws,
legislative histories, congressional hearings, and other pertinent
literature on privacy issues to better understand Congress' concerns
about U.S. citizens' privacy rights and their relation to the name
and address records the Postal Service uses to provide
address-correction services. As we did in responding to objective
one, we met with Postal Service representatives in Memphis to discuss
and document how NCOA program oversight is maintained and what
controls the Postal Service uses to ensure that the release of NCOA
address information complies with applicable statutory constraints.
Additionally, we reviewed files and other records of Postal Service
NCOA program oversight activities; however, finding them to be
incomplete, we relied more on information obtained from our
interviews of Postal Service officials. Finally, we obtained written
explanations from the Postal Service's Chief Counsel for Ethics and
Information Law regarding privacy issues pertinent to our second
objective.
To meet both objectives, we met with representatives of TRW Target
Marketing Services, located in Allen, TX--which in 1994 was one of
the NCOA program's largest licensees in terms of volume of client
address records processed. In this meeting, we obtained information
and company views on how the NCOA program works, as well as on the
Postal Service's oversight of the program.
On May 30, 1996, the Postmaster General provided written comments on
a draft of this report, which are discussed beginning at page 20 and
reprinted as appendix II. Our review was conducted from August 1994
through October 1995 in accordance with generally accepted government
auditing standards.
HOW THE NCOA PROGRAM IS USED TO
COLLECT AND DISSEMINATE NEW
ADDRESS DATA
------------------------------------------------------------ Letter :4
Since its implementation, the NCOA program has effectively reduced
the volume of misaddressed mail processed through the Postal
Service's Computerized Forwarding System,\4 according to the program
manager. Before 1986, the volume of such mail was increasing
annually, along with the overall volume of all mail. However, during
the period in which the NCOA program has been operational, the volume
of mail processed through the forwarding system has remained
relatively constant, averaging about 2.4 billion pieces annually,
while the total mail volume has continued to increase--by about 27
percent from late 1985 to 1995.
The address-correction process begins when a postal customer submits
a signed Change of Address Order (Postal Service Form 3575) to a
local post office to have mail forwarded. (See app. I for a copy of
the July 1995 form). Post office employees are to verify that the
form is complete and then pass it on to one of 212 Computerized
Forwarding System units located in the United States and Puerto Rico.
These units are to convert the data to electronic form for use in the
mail forwarding process and in the NCOA program. Using the completed
change-of-address form, the Postal Service follows a policy of
forwarding first-class mail to new addresses for 1 year. Although
filing a change-of-address order is voluntary, customers who want
their mail forwarded after moving must submit the form and must
accept that the Postal Service will further disseminate the new
addresses to commercial mailing list holders through the NCOA
program.
Each workday, the National Customer Support Center collects
change-of-address data from the forwarding units. These data are
then to be standardized into the Postal Service's "preferred address
with ZIP\5 + 4 code" format and used to update a centralized database
of change of address records--i.e., the master NCOA file. This file
contains more than 110 million permanent change-of-address records.
It covers the most recent 36-month period based on the move dates
that customers report. Newly reported moves are to be added and
those dated over 36 months are to be deleted biweekly. The computer
programs used to maintain the master NCOA file and all data released
from it are to be controlled by the National Customer Support Center.
--------------------
\4 This system is used to forward mail that cannot be delivered as
addressed.
\5 Zoning Improvement Plan.
LICENSEES ARE TO RECEIVE NEW
ADDRESS DATA BIWEEKLY
---------------------------------------------------------- Letter :4.1
The Postal Service has licensed, for a fee paid by the licensees, the
master NCOA file to a limited number of companies, which in turn use
the file to correct addresses on their mailing lists and sell
address-correction services to other businesses. As of December
1995, 24 companies were licensed, including some of the nation's
largest firms in the direct marketing and credit reporting
industries, such as Donnelly Marketing, Inc., a leading direct mail
marketing company; TRW Target Marketing Services, which operates
primarily in the direct marketing industry; and Metromail
Corporation, which primarily provides address services for direct
marketing purposes.\6 In 1995, 22 companies each paid $80,000, and
the remaining 2 each paid $120,000, to the Postal Service under the
licensing agreements.
Each licensee is responsible for maintaining a complete and current
NCOA file. Every 2 weeks, the NCOA program office within the
National Customer Support Center is to provide licensees with a copy
of the NCOA file update tapes, which on average contain about 1.1 to
1.5 million change-of-address records. Licensees are to use these
tapes, which include address deletions, additions, and changes, to
update the NCOA files they maintain. Licensees then use the NCOA
files and address-matching logic designed into their computer
software to update addresses on their customers' mailing lists as
well as their own mailing lists.
Since all records in the NCOA file are to be in the Postal Service's
standardized address format, licensees must convert customers'
mailing lists, to the extent possible, into the same standardized
address format before any matching occurs. This initial step may
also identify and correct incomplete or inaccurate addresses on the
licensee's list. The resulting standardized lists are to be matched
with the NCOA file by the licensees using address-matching computer
software tested and approved by the NCOA program office, as required
by the Postal Service. Each licensee's software must meet the
performance standards specified in the licensing agreement, and only
approved software may be used to provide NCOA services.
Under these procedures and conditions, each licensee is to update an
address on a mailing list only when a name and address on that list
matches a name and old address in the NCOA file. Licensees are to
provide their customers the original address as it was presented on
each customer's list; the standardized address, including the correct
ZIP + 4 code; and a new address where a match was found. When a
match is found and a new address is disclosed, licensees may also
disclose other information, such as whether the address is for a
family, individual, or business and when the move became effective.
--------------------
\6 Direct marketing refers to the use of mail services to target
advertising materials to specific segments of the American
population. Since the mid-1980s, direct marketing has flourished
primarily because of the ability to use large-scale, integrated,
automated files to combine various demographic characteristics of the
consuming public--such as age, income, neighborhood, etc., for
increasing the return on advertising and marketing investments.
THE POSTAL SERVICE RESTRICTS
LICENSEES' USE OF NAME AND
ADDRESS DATA
---------------------------------------------------------- Letter :4.2
Postal Service officials said they believe that the design and
implementation of the NCOA program fully complies with applicable
federal privacy laws. Postal Service officials said that they
analyzed federal privacy laws and that releasing the NCOA file to
licensees to provide address-correction services and licensees'
subsequent release of new addresses of postal customers--whose names
and old addresses are already on a licensee's or its customer's
lists--are lawful when done in accordance with the provisions and
conditions of the licensing agreement. In a July 12, 1995, letter to
us, the Postal Service's Chief Counsel for Ethics and Information Law
said that disclosure of the NCOA file to the licensee is supported by
subsection (m)(1) of the Privacy Act.\7 He said that because
licensees act as representatives of the Postal Service when
performing the list correction function, disclosure to the licensees
does not constitute disclosure to the "public" within the meaning of
section 412 of the Postal Reorganization Act of 1970. Furthermore,
the Chief Counsel said that release of the information by a licensee
to its customer for the limited purpose of list correction is
permissible routine use.
Postal Service officials emphasized that the Postal Service does not
provide names to be included on any lists, whether held by its
licensees or by their customers. Postal Service officials said that
the information provided to licensees, and by licensees to their
customers, under the NCOA program is limited to the new addresses of
persons whose names and addresses are already on the licensee's or
the customer's list. Thus, Postal Service officials said they
believe that the NCOA program does not violate the prohibition in the
Privacy Act against the unauthorized disclosure of an individual's
"name and address."
--------------------
\7 Under 5 U.S.C. 552a(m)(1), contractors and their employees are
treated as agency employees for the purpose of assessing criminal
penalties for unauthorized disclosures as set forth in that section.
PRIVACY PROVISIONS OF THE
LICENSING AGREEMENT
---------------------------------------------------------- Letter :4.3
Postal Service officials said they believe that the NCOA licensing
agreement, with its conditions and performance provisions, helps to
ensure that federal privacy guarantees are not compromised through
the operation of the NCOA program. The licensing agreement requires
licensees to provide mailing-list correction services according to
standards set by the Postal Service, and specifies licensees'
obligations under the Privacy Act.
Postal Service officials said they believe that the prescribed
standards for licensee performance provide the Postal Service a basis
for monitoring performance to ensure the quality of the service
provided and compliance with the privacy restrictions of federal law.
For example, the agreement sets minimum standards for the performance
of the computer software that licensees use to provide the NCOA
service. It also establishes requirements for maintaining a current
NCOA file, for timeliness of the service, and for safeguarding the
NCOA file and the lists that customers submit for the
address-correction service.
The licensing agreement specifies the Privacy Act restrictions that
Postal Service officials said they believe apply to the release and
use of NCOA address information. The agreement states that the NCOA
file is a system of records, as defined in subsection (a)(5) of the
Privacy Act, and is subject to its provisions. It states that if, at
any time during the term of the agreement, the licensee fails to
comply with or fulfill any of the terms or conditions of the
agreement, the Postal Service may, at its discretion, terminate the
agreement.
The agreement prohibits licensees from disclosing or using the
information in the NCOA file for any purpose other than correcting
addresses on preexisting lists. Licensees are required to institute
procedural and physical safeguards to ensure the security of the
information in the NCOA file, as well as to maintain an accurate
accounting of all disclosures of information in the file in
accordance with subsection (c) of the Privacy Act. The agreement
points out that the Postal Service may conduct impromptu audits to
evaluate the potential for unauthorized access, disclosure, or misuse
of the NCOA file, as well as to ensure that all performance
requirements are met. The agreement also points out that the
licensee and its employees are subject to the criminal penalties set
out in subsection (i)(1) of the Privacy Act for any willful
disclosure prohibited by the act.
LICENSING AGREEMENT MODIFIED
TO STRENGTHEN CONTROL AND
OVERSIGHT
---------------------------------------------------------- Letter :4.4
After the congressional hearings held in 1991 and 1992, mentioned
previously, the Postal Service modified, in May 1994, certain
provisions of the licensing agreement.\8 The Service took steps to
clarify the licensing agreement restrictions on the use of NCOA data,
strengthen its oversight of licensee performance, and provided for
suspending any licensee who fails to comply with the terms and
conditions of the agreement.
--------------------
\8 The Postal Service and its licensees refer to this change to the
agreement as "Modification 75."
PROHIBITION ON USE OF
NCOA SERVICES
-------------------------------------------------------- Letter :4.4.1
As modified, the agreement specifies certain practices that are
prohibited, such as the creation of new-movers lists. The use of
new-movers lists is reportedly an important and common practice in
the mail marketing industry. New-movers lists can be created by
updating an existing list of names and addresses using NCOA data or
other sources of current-address data. Individuals on the existing
list whose addresses have changed are considered to have "moved," and
the names and new addresses of these individuals can be used to
create or supplement a new-movers list. These lists can be used by
list holders for their marketing purposes--e.g., to offer products or
services to anyone who moves into a new home, or they can be sold to
others.
The use of NCOA services to create or maintain new-movers lists has
been controversial and, as explained hereafter, the Postal Service
has not expressed a clear and consistent position regarding
prohibitions on using NCOA data to create such lists. During
congressional hearings in May 1992 on the NCOA program and privacy
issues, evidence was presented that some licensees were producing and
selling new-movers lists using NCOA-linked data. At that time, the
Postal Service Director, Office of Address Management Systems,\9
testified that the protections afforded individuals by federal
privacy law do not extend to proprietary lists that have been
appropriately updated by the NCOA service and that the Postal Service
was not responsible for how such lists are used. The Director said,
in part, that
"Licensees, as well as their customers, hold mailing lists which
are their intellectual property. We believe that by availing
themselves of the NCOA and other services, those lists are
legally and properly updated and that our management of these
services fully comports with all of the laws which you have
listed, as well as any others which may exist.
"The simple fact of the matter is that once a list holder has
acquired a corrected address through address correction service,
we do not believe it is the intent of the law, nor do we believe
it is the role of the Postal Service to attempt to police how
the private sector uses their own intellectual property for
their business reasons."
This position, however, is contrary to the conclusion reached by the
Committee on Government Operations in its November 24, 1992, report
(House Report 102-1067) following the 1992 congressional hearings.
The Committee found that the NCOA program contravenes section 412 of
the Postal Reorganization Act and subsection (n) of the Privacy Act.
Among its other reasons for this conclusion, the Committee focused on
the creation and sale of NCOA-linked new-mover lists by licensees as
violating the restrictions imposed by the Privacy Act.
The Postal Service later added a prohibition in the licensing
agreement on the creation of new-movers lists. Specifically, the
licensing agreement was modified in May 1994 to read, in part, as
follows:
"The sole purpose of this license and of the standardized name
and address matching services is to provide a mailing list
correction service for lists that will be used for the
preparation of mailings. Information obtained or derived from
the NCOA file or service shall NOT be used by the Licensee,
either on its own behalf or knowingly for its customers, for the
purpose of creating or maintaining "new-movers" lists.
"As with the NCOA file itself, no proprietary Licensee list,
which contains both old and corresponding new address records,
if it is updated by use of the NCOA file, shall be rented or
sold or otherwise provided, in whole or in part, to Licensee
customers or anyone else."
Postal Service officials said that the above prohibition was not new
but, rather, that the above language clarified restrictions that were
already stated in broader terms in the original licensing agreement.
However, the statement that the prohibition was not new appears to be
contrary to the testimony quoted previously from the May 1992
congressional hearings.
Further, in the May 1994 modification, the Postal Service imposed new
requirements to limit the use of NCOA-linked data by the customers of
licensees. However, in contrast to the modification provision
applicable to licensees, this new requirement does not state
explicitly that the prohibition on the use of NCOA-linked data to
create new-movers list applies to the licensees' customers.
Specifically, the Postal Service added a requirement to the licensing
agreement that, at least once each year, licensees are to have
customers sign an "NCOA Processing Acknowledgement Form." By signing
the form, customers acknowledge their understanding that "the sole
purpose of the NCOA service is to provide a mailing list correction
service for lists that will be used for the preparation of mailings."
However, the form is not clear as to any specific prohibitions on the
use of NCOA services by licensees' customers because the form does
not explicitly state that NCOA data are not to be used to create or
maintain new-movers lists.
Postal Service officials said they continue to believe that neither
the Privacy Act nor the Postal Reorganization Act of 1970 limit in
any way licensees' and customers' use of address data that have been
properly updated or corrected through the NCOA service. The Manager,
Address Management said that the change to the licensing agreement
cited above was made as a "good business practice" to address
concerns raised by Congress and the public in the 1992 congressional
hearings.
We do not question the Postal Service's view that the disclosure of
NCOA data to licensees for the specific and limited purpose of
address list correction is permitted under the Privacy Act and the
1970 Act. However, we do not agree that the Privacy Act allows
licensees to use NCOA-linked data to create new-movers lists, which
may then be sold to their customers. As the Postal Service
acknowledges, under the Privacy Act
(5 U.S.C. 552a (m)(1)), the NCOA licensees operate on behalf of the
Postal Service. As such, they are subject to provisions of the
Privacy Act that allow an agency record to be disclosed provided that
it is used for a purpose compatible with the purpose for which it was
collected. Like the Postal Service, licensees may use the
information disclosed only for the limited purpose of address-list
correction, which is the routine use and purpose for which the Postal
Service collected such information. Thus, in our view, use of
NCOA-linked data by a licensee for the purpose of creating a
new-movers list would not be consistent with the limitations imposed
by the Privacy Act.
--------------------
\9 At the time of our review this position was entitled Manager,
Address Management.
OTHER PROVISIONS ADDED ON
AUDIT AND SUSPENSION OF
LICENSEES
---------------------------------------------------------- Letter :4.5
In addition to the above changes, the May 1994 modification called
for increasing the frequency of Postal Service audits that licensees
must pass, from one to at least three each contract year. The
modification further added the alternative of suspending a licensee
for failure to comply with the terms and conditions of the agreement
pending verification that the deficiencies have been corrected.
Previously, the agreement provided only for the outright
termination--at the Service's discretion--of a licensee who failed to
comply with provisions of the agreement.
THE POSTAL SERVICE HAS NOT
REASONABLY ENSURED LICENSEES'
COMPLIANCE WITH LICENSING
AGREEMENT PRIVACY PROVISIONS
------------------------------------------------------------ Letter :5
The Postal Service's oversight fell short of ensuring that licensees
have met the provisions and conditions of the licensing agreement
and, thus, did not ensure that the NCOA program was operating in
compliance with federal privacy laws. The Postal Service's oversight
procedures and processes have been weak with regard to (1) "seeding"
the NCOA files with fictitious records to discourage unauthorized
name and address disclosure by licensees; (2) auditing the
performance of licensees' NCOA software and conducting impromptu site
visits to monitor whether licensees are complying with various
licensing agreement requirements; (3) reviewing licensees' proposed
advertisements for NCOA services they sell; and (4) investigating
NCOA program-related complaints.
WEAKNESSES IN THE SEEDING
PROCESS
---------------------------------------------------------- Letter :5.1
Our review of files and discussion of the seeding process with NCOA
program officials disclosed certain management practices and
inattention to procedure that, we believe, have limited the value of
seeding as a control to ensure against the improper disclosure of
NCOA data. Seeding is commonly used in the mailing industry to
control proprietary records. The Postal Service periodically plants
"seed" records when updating licensees' NCOA files. A seed record is
any nonmatch data placed in the NCOA file by the Postal Service and
so designed that it will be released to mailing list holders only
through improper use of the NCOA file. Licensees are aware that the
NCOA files are seeded by the Postal Service, but according to NCOA
program officials, specific seeding data are guarded against
disclosure to licensees and the public.
Postal Service officials said they believe that, if a licensee
disclosed information from the NCOA file by any means other than
through the approved computer software, fictitious seed address
records would also be disclosed. Mail sent to seed record addresses
would then be retrieved by the NCOA program office, alerting it to a
possible improper disclosure of NCOA information. The NCOA program
office would then trace the seed record back to the licensee who
released it, and the Postal Service would take disciplinary and/or
corrective action. The NCOA program manager reported that he was not
aware that any seed mail had ever been received.
Program officials told us that they had seeded NCOA files since the
program began but had not retained historical records of seeding for
the complete period. Available documentation of seeding activities
began with the NCOA file update in July 1990. Our review of this
documentation and information provided by program officials disclosed
several weaknesses in the seeding process and documentation of the
process as an NCOA program control measure.
-- From July 1993 to April 1994, the NCOA files contained no seed
records because the program office neglected to replace those
records when they became 36 months old and were deleted. Seed
records loaded in July 1990 were deleted in July 1993, some 36
months later. Seed records were not replaced in licensees' NCOA
files until April 1994.
-- Program officials were not aware of this gap in seed coverage
until our review. They said the gap was a "technical" error
that was not particularly serious because the main value of
seeding as a control comes from the licensees' awareness that
the Postal Service seeds the NCOA files. Program officials said
they did not believe that licensees were aware that the gap in
seed coverage had occurred.
-- Program officials told us that before November 1994, the program
office used only seed records unique to each licensee. All name
and address updates to the licensees' NCOA files by the Postal
Service were identical, except for seed record names and
addresses unique to each licensee. Program officials said they
believed that this feature would enable them to trace any mail
received at seed addresses to the licensee who released the
record. However, it is possible that seed records could be
identified and neutralized by two or more licensees who agreed
to compare their NCOA files.
-- After we discussed our concerns with NCOA program officials, in
November 1994, the program office began using some "common" seed
records. Under this new feature, a quantity of identical seed
records are introduced into the NCOA files of all licensees,
along with some seed records that are unique to each licensee.
Although this procedure may help to identify any improper
disclosure of addresses by licensees, it will not allow the
Postal Service to identify which licensee was responsible for
the impropriety if licensees compared their NCOA files to
identify unique seed records because all licensees will have had
access to a common seed record.
-- The Postal Service process for seeding, identifying, and
responding to mail that might be sent to a seed address was
informal. There were no written procedures on the seeding
process, the process for retrieving mail sent to seed addresses,
or the process for investigating mail sent to seed addresses and
then reporting the results of the investigation internally.
-- The National Customer Support Center manager stated that the
informal mail retrieval process was tested in 1990 and again in
1992. He said that the test results showed that this process
worked in that test mail sent to the seed addresses through the
regular mail stream was properly forwarded back to the NCOA
program office. However, the manager told us that there was no
record of these tests and that the results were not reported
within the Postal Service. He said that procedures were revised
in January 1995 to specifically cover what postal field
personnel are required to do when they identify mail to be
delivered to seed addresses.
QUESTIONABLE EFFECTIVENESS
OF LICENSEE AUDITS
---------------------------------------------------------- Letter :5.2
On the basis of our examination of poorly maintained audit files and
subsequent discussions with NCOA program officials, we were unable to
(1) confirm that we had identified all Postal Service audits of
licensees or (2) fully assess the Postal Service's management of
audits. However, on the basis of our review of the records available
and on interviews with program officials and staff, we question
whether the licensee audits, as administered by the program office,
provided a meaningful oversight measure of compliance with the
applicable privacy provisions of federal law.
During most of the program's history, unannounced on-site audits were
to be conducted annually at the licensees' facilities. These audits
were to include tests of licensees' NCOA software accuracy and
verification of licensees' compliance with other licensing agreement
provisions, such as the provision to prevent unauthorized access to
the NCOA file. Under the licensing agreement, the Postal Service
allows a licensee that fails an audit 30 days to correct the problem
and be retested. This period is to begin when the Postal Service's
contracting officer notifies the licensee of the audit results.
In 1992, the program office introduced an "automated" audit
administered through a test tape mailed to each licensee. According
to the program manager, the automated audit focused on a more
comprehensive assessment of the accuracy of the licensees' NCOA
software. The audits are designed to detect both the failure of
licensees' NCOA software to make appropriate matches and instances of
incorrect matches. Matching of names and addresses results in the
release of new addresses to the mailing list holders and, eventually,
into the mail stream. Incorrect matches, therefore, are more serious
because they can result in the release of new addresses in violation
of federal privacy laws.
The Postal Service has set a high standard for the performance of
licensees' address-matching software. The licensing agreement
specifies that a licensee's address-matching software must achieve a
99-percent matching accuracy rate. That is, the software may produce
no more than one error per 100 name and address matches as analyzed
and scored by the program office.
In May 1994, the Postal Service significantly modified the licensing
agreement to, among other things, strengthen the Service's oversight
of licensees through audits. Before this modification, NCOA program
officials said that licensees were audited at least once a year and
that the only option available to the Postal Service under the
licensing agreement was to terminate the license of a licensee who
failed successive audits. The modification requires licensees to
pass at least three audits each contract year and provides the option
of either suspending or terminating licensees that fail two
consecutive process audits or that fail to comply with other terms or
conditions of the licensing agreement. Further, the modification
requires the Postal Service to terminate the license of any licensee
that fails three consecutive audits.
Since 1992, the NCOA program office has maintained a separate file on
each licensee containing various items of correspondence, internal
memorandums, notes, and other information relating to process audits
performed. We reviewed the files for details of process audits
conducted during 1992 and 1993. The files we reviewed, however,
generally did not contain complete records of the audits performed,
audit results, or resolution of audit findings.
We were able to ascertain from the files, however, that in 1992 at
least 65 automated audits were made of the 25 firms licensed at that
time to provide NCOA services. All but one licensee failed the
initial audit. Seven licensees passed the first follow-up audit.
Another seven licensees failed the first follow-up audit but passed a
second follow-up audit. However, 10 licensees failed all automated
process audits performed that year.
The Postal Service did not terminate the license of any of the 10
licensees who failed successive process audits during 1992. In fact,
these licensees continued to provide NCOA services with
address-matching software that had failed repeatedly to meet the
performance standards for accuracy required by the licensing
agreement. For example, four licensees failed an initial audit in
May 1992, and then failed two follow-up audits, before finally
passing an audit conducted in March 1993. However, these same
licensees were allowed to continue providing NCOA services during the
10-month period in which their software failed to meet the Service's
minimum standard for accuracy.
The NCOA program manager explained that the pattern of repeated audit
failures resulted from the increased thoroughness, coverage, and
focus on software accuracy of the new automated process audit as
compared with earlier process audits. He acknowledged that program
oversight had not been carried out as strictly as it could have been
because program officials did not want to terminate licensees from
the program, which was the only option available under the licensing
agreement at that time.
The program manager believed that the Postal Service correctly opted
to work with the licensees to resolve the software deficiencies
identified in the 1992 audits. He indicated that, among other
things, most of the software performance errors involved failures to
make any matches rather than making inappropriate matches. He also
said that the program office staff responded promptly to ensure that
licensees corrected software weaknesses identified in the audits,
which may have affected compliance with federal privacy laws.
During 1993, the Postal Service audited the 10 licensees who failed
all audits conducted during 1992. Each of these 10 licensees passed
the 1993 audit. The NCOA program manager explained that other
licensees were not audited during 1993 because, starting in about
March of that year, the entire master NCOA file was redesigned, and
licensees had to change their software to accommodate this redesign.
Further, the NCOA program office had a contract with one of its NCOA
licensees for computer support to build and maintain the master NCOA
file. The program office brought this function in-house in October
1993. Consequently, according to the program manager, all program
staff who would have done the licensee audits were instead used to
support this transition and maintain the NCOA file.
INADEQUATE INFORMATION TO
DETERMINE THE EFFECTIVENESS
OF ADVERTISING REVIEW
---------------------------------------------------------- Letter :5.3
We were unable to completely evaluate this oversight activity because
the NCOA program office did not have historical records of any
advertisements either submitted or reviewed. However, the
information that we were able to obtain indicated that the program
office was not effectively overseeing licensees' advertising
activities. Specifically, we found that although at least two
licensees had advertised NCOA-linked new-movers lists and had
submitted these advertisements to the Postal Service for review, no
action had been subsequently taken by the Postal Service to
disapprove the advertisements. The May 1994 modification stated that
a licensee's advertising will be disapproved if it includes any
reference to NCOA or the Postal Service.
The licensing agreement requires licensees to submit all proposed
advertising and methods of selling NCOA program-related services to
the NCOA program office for review and approval. The purpose of this
requirement is to ensure that licensees' customers are not misled by
the advertising or sales methods used, as well as to specifically
ensure that the relationship between the Postal Service and the
licensee is correctly represented. The licensing agreement states
that the Postal Service will provide the licensee with a written
response on the acceptability of proposed advertising within 20
working days of receipt of the material. However, if the licensee
does not receive a written response within this time, the agreement
states that the licensee may consider the proposed advertisements or
sales methods approved for use.
The program manager told us that licensees had regularly submitted
their proposed NCOA-related advertisements to the program office for
review. However, our review of licensee contract files and
discussions with a licensee disclosed that at least two licensees had
regularly submitted advertising materials for NCOA-linked new-movers
lists for Postal Service review and approval and that the program
office had not responded. For example, a May 19, 1994, letter from a
licensee stated that it had regularly submitted for review copies of
its advertisements promoting NCOA-linked new-movers lists since
inception of the NCOA program but that the Postal Service had never
responded.
As noted earlier, Postal Service officials said that the change to
the licensing agreement that specifically prohibited the creation of
NCOA-linked new-movers lists was to make more explicit the existing
restrictions on uses of NCOA data. Therefore, even before the
licensing agreement was modified in 1994, the exercise of effective
oversight should have dictated that the Service inform licensees who
proposed advertisements promoting NCOA-linked new-movers lists that
such advertisements were not permitted by the licensing agreement.
However, the Postal Service failed to respond to these proposed
advertisements.
In discussing this issue with the program manager, we were told that,
notwithstanding the advertisements submitted for review, the Postal
Service had not fully understood how licensees were using the NCOA
file--i.e., to create NCOA-linked new-movers lists. When it became
clear that licensees were creating such lists, the licensing
agreement was modified to specifically (1) preclude licensees from
creating and maintaining new-movers lists for either their own use or
the use of their customers and (2) state that a licensee's
advertising will be disapproved if it includes any reference to NCOA
or the Postal Service anywhere in any text or graphics that include a
reference to nonmailing products and services, such as new-movers
lists.
UNCERTAIN EFFECTIVENESS OF
COMPLAINT INVESTIGATIONS
---------------------------------------------------------- Letter :5.4
Another oversight or control mechanism over licensees that the Postal
Service reportedly uses is the investigation of NCOA-related
complaints emanating from the public, the licensees themselves, or
their customers. However, because the program office had no records
of complaints received or related investigations, we could not assess
the effectiveness of the complaint investigation process as a control
mechanism.
The NCOA program office's complaint investigation process was
informal and lacked structure. The office could provide us with no
record of complaints received. Further, we found no evidence of a
formal process for logging complaints, investigating complaints, and
reporting the results of investigations internally or to
complainants. According to the program manager, a few complaints had
been received, which were mainly related to customer
misunderstandings about the NCOA-related services that licensees
provide.
CONCLUSIONS
------------------------------------------------------------ Letter :6
In establishing the NCOA program, the Postal Service took a positive
step toward dealing with the inefficiencies of processing
misaddressed mail. In setting up and using a nationwide database of
postal customer names and addresses to provide this address
correction service, the Postal Service has tried, primarily through
changes to licensing agreements, to create controls that help ensure
that the release and use of NCOA information complies with the
provisions of federal privacy laws. The Postal Service said it
believes that it has met its legal responsibilities through program
design and oversight.
However, at the time of our review, the NCOA program was operating
without clearly delineated procedures and without sufficient
management attention to ensure that the program was operating in
compliance with the privacy provisions of federal laws.
Specifically, the Postal Service lacked adequate written procedures
and oversight processes regarding
-- seeding the NCOA files with fictitious records to discourage
unauthorized name and address disclosure by licensees;
-- obtaining and reviewing, in a timely manner, licensees' proposed
advertisements that mention the NCOA program, taking prompt
action to disapprove inappropriate advertisements, and
documenting the results; and
-- documenting all NCOA-related complaints received and actions
taken to address the complaints.
The NCOA program office's absence of written procedures and
inattention to processes allowed seeding control features to lapse
for a 9-month period before the condition was discovered and
corrected. Also, several licensees had advertised NCOA-linked
new-movers lists, submitted the advertisements to the Postal Service
for review, and yet the Postal Service had taken no action to
disapprove the advertisements. Further, with regard to complaints,
the NCOA program office had no records of complaints received or
related investigations, although officials said that complaints had
been received.
The NCOA program office had not implemented and enforced some
provisions of the licensing agreement, including those requiring a
minimum number of licensee audits each year and the termination of
licensees that failed to maintain address-matching software that
meets the performance standards prescribed in the license agreements.
Ten licensees failed successive audits of their software and
continued to provide NCOA services in 1992. When licensees' software
does not perform according to the standards, the Postal Service
cannot be sure that the NCOA program is operating in compliance with
federal privacy laws.
Finally, we found that the Postal Service had not clearly
communicated, through licensees, to licensees' customers, the
restrictions on the use of NCOA data to create or maintain new-movers
lists. That is, the Postal Service had not explicitly stated in the
acknowledgment form--to be signed by customers of licensees--that
NCOA data are not to be used to create or maintain new-movers lists,
a restriction that the Service has communicated to licensees.
RECOMMENDATIONS
------------------------------------------------------------ Letter :7
To strengthen oversight of the NCOA program, we recommend that the
Postmaster General require the NCOA program office to
-- develop and implement written oversight procedures, which should
include (1) the responsibilities and timetables for using seed
records to help verify that licensees release new addresses only
as a result of accurate name and address matching; (2)
requirements to obtain and review licensees' NCOA-related
proposed advertisements, document the review, and notify
licensees of the results within the time period prescribed in
the licensing agreement; and (3) requirements for systematically
recording all NCOA-related complaints received, including
actions taken to resolve complaints; and in addition,
-- enforce all provisions of the licensing agreement, including (1)
conducting at least the prescribed minimum number of licensee
audits, currently three per contract year; and (2) suspending or
terminating, as appropriate, licensees that fail two consecutive
audits or that are determined to be in noncompliance with other
terms or conditions of the licensing agreement. (As provided in
the agreement, licensees that fail three consecutive audits
should be terminated.)
We also recommend that the Postmaster General further restrict the
use of NCOA-linked data to create or maintain new-movers lists by
explicitly stating it on the acknowledgment form that is signed by
customers of NCOA licensees.
POSTAL SERVICE COMMENTS AND OUR
EVALUATION
------------------------------------------------------------ Letter :8
In a May 30, 1996, letter (see app. I) the Postmaster General
commented on a draft of this report. He said that the Postal Service
had implemented our recommendations to develop written oversight
procedures for conducting NCOA seeding operations, reviewing and
responding to NCOA-related advertisements, and investigating
complaints about the program. He said also that the Postal Service
was pleased that we did not question the lawfulness of licensing NCOA
data for the purpose of address-list correction. It is important to
note that, while we did not question the legality of the Postal
Service's arrangements with licensees to provide address list
correction services, we disagree with its view that the Privacy Act
allows licensees to use NCOA-linked data to create new-movers lists.
The Postal Service did not adopt our recommendation that restrictions
on the use of NCOA-linked data to create or maintain new-movers lists
be included in the acknowledgment form that is to be signed by NCOA
licensees' customers. The Postal Service primarily provided three
reasons for its decision to not adopt our recommendation, which are
summarized below along with our evaluation.
First, the Postal Service said it does not believe that a restriction
on the creation and maintenance of new-movers lists from NCOA-derived
data is required by privacy law. For the reasons stated earlier in
this report, we continue to believe that use of NCOA-linked data by a
licensee for creating a new-movers list would not be consistent with
the limitations imposed by the Privacy Act. The Postal Service did
not provide any new evidence or rationale for its view that the
Privacy Act permits licensees to use NCOA-derived data for purposes
other than address-list correction, which is the routine use or
purpose for which the Postal Service collected such information.
Second, the Postal Service said that effective enforcement of such a
restriction on customers of licensees would be impracticable. The
Postal Service said that the Privacy Act does not govern the private
sector and provides no basis for requiring the Service to control
what the private sector does with address corrections legitimately
obtained from the Postal Service. The Postal Service said it
believes that it would be inappropriate to place limitations on
licensees' customers, with whom the Service has no formal
relationship.
Regarding this second point, we recognize that enforcement of the
restrictions on third parties, i.e, licensees' customers, might be
difficult because the Postal Service has no contractual relationship
with licensees' customers. However, we do not believe that a
potential difficulty of enforcing such restrictions under
arrangements made with licensees means that the Postal Service should
not clearly communicate what those restrictions are. NCOA licensees
operate on behalf of the Postal Service and are subject to the same
provisions of the Privacy Act as the Service, which allows an agency
record to be disclosed provided the record is used for a purpose
compatible with that for which it was collected. These records were
collected by the Postal Service for address-list corrections, not to
create new-movers lists.
As a practical matter, it appears that the Postal Service could, at a
minimum, communicate through licensees to the licensees' customers
any restrictions on the use of NCOA data to create or maintain
new-movers lists. Acting on behalf of the Postal Service, licensees
could help ensure compliance with the restrictions by explaining to
their customers the limitations on the release and use of NCOA data
under the Privacy Act. Unless the Postal Service implements and
attempts to enforce these limitations, it cannot ensure that use of
NCOA-derived data is limited to the purpose for which it was
gathered.
Third, the Service said that we misinterpreted the purpose of the
acknowledgment form when we said that it was "to limit the use of
NCOA-linked data by the customers of licensees." The Service said
that the purpose of the form is to ensure that lists presented to
licensees for correction are really mailing lists. The
acknowledgment form states that the sole purpose of the NCOA service
is to provide a mailing-list correction service for lists that will
be used to prepare mailings. We believe that this language does
limit the use of NCOA-linked data. However, the Postal Service had
not explicitly stated in the acknowledgment form the specific
restriction that it communicated to licensees, namely, that NCOA data
are not to be used to create or maintain new-movers lists. We are
recommending that the Postmaster General explicitly state this
restriction on the acknowledgment form. Also, the Postal Service
said that it has never acknowledged that the creation of new-movers
lists by customers is prohibited. We clarified in our report that
the Postal Service had communicated the prohibition on the creation
of new-movers list to licensees--but not to their customers.
---------------------------------------------------------- Letter :8.1
We are sending copies of this report to the Ranking Minority Member
of this Subcommittee, the Postmaster General, and other interested
parties. Copies will also be made available to others upon request.
The major contributors to this report are listed in appendix III. If
you have any questions about the report, please call me on (202)
512-8387.
J. William Gadsby
Director, Government Business
Operations Issues
U.S. POSTAL SERVICE CHANGE OF
ADDRESS ORDER (POSTAL SERVICE FORM
3575, JULY 1995)
=========================================================== Appendix I
(See figure in printed
edition.)
(Front of form)
(See figure in printed
edition.)
(See figure in printed
edition.)
(Back of form)
(See figure in printed
edition.)
(See figure in printed edition.)Appendix II
COMMENTS FROM THE U.S. POSTAL
SERVICE
=========================================================== Appendix I
(See figure in printed edition.)
MAJOR CONTRIBUTORS TO THIS REPORT
========================================================= Appendix III
GENERAL GOVERNMENT DIVISION,
WASHINGTON, D.C.
Michael E. Motley, Associate Director, Government Business
Operations Issues
James T. Campbell, Assistant Director
OFFICE OF GENERAL COUNSEL,
WASHINGTON, D.C.
Alan N. Belkin, Assistant General Counsel
Robert J. Heitzman, Senior Attorney
DALLAS REGIONAL OFFICE
Sherrill H. Johnson, Core Group Leader
Robert T. Griffis, Evaluator-in-Charge
*** End of document. ***