U.S. Postal Service: Status of Efforts to Protect Privacy of Address
Changes (Letter Report, 07/30/1999, GAO/GGD-99-102).

The Postal Service's national change of address program is intended to
improve the quality of addresses on mail by providing business mailers
with accurate, properly formatted change-of-address data that are
automation compatible. To do this, the Service collects
change-of-address information reported by postal customers nationwide
and sends corrected addresses through several private firms licensed to
provide address correction services. A recent audit found that the
program saved the Service nearly $1.2 billion in rehandling costs
associated with forwarding mail in fiscal year 1998. GAO pointed out in
a 1996 report that the program was operating without clearly delineated
procedures and sufficient management attention to always prevent,
detect, and correct the inappropriate release or use of
change-of-address data. (See GAO/GGD-96-119, Aug. 1996.) This report
discusses the steps that the Service has taken in response to the 1996
report and whether any additional actions are needed to strengthen the
Service's oversight of the program.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  GGD-99-102
     TITLE:  U.S. Postal Service: Status of Efforts to Protect Privacy
	     of Address Changes
      DATE:  07/30/1999
   SUBJECT:  Postal service
	     Postal law
	     Privacy law
	     Proprietary data
	     Mailing lists
	     Mail delivery problems
	     Data collection
IDENTIFIER:  USPS National Change of Address Program

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO report.  This text was extracted from a PDF file.        **
** Delineations within the text indicating chapter titles,      **
** headings, and bullets have not been preserved, and in some   **
** cases heading text has been incorrectly merged into          **
** body text in the adjacent column.  Graphic images have       **
** not been reproduced, but figure captions are included.       **
** Tables are included, but column deliniations have not been   **
** preserved.                                                   **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
** A printed copy of this report may be obtained from the GAO   **
** Document Distribution Center.  For further details, please   **
** send an e-mail message to:                                   **
**                                                              **
**                                            **
**                                                              **
** with the message 'info' in the body.                         **
******************************************************************

    United States General Accounting Office GAO               Report
    to the Chairman, Subcommittee on the Postal Service, Committee on
    Government Reform, House of Representatives July 1999         U.S.
    Postal Service Status of Efforts to Protect Privacy of Address
    Changes GAO/GGD-99-102 United States General Accounting Office
    General Government Division Washington, D.C.  20548 B-281674 July
    30, 1999 The Honorable John M. McHugh Chairman, Subcommittee on
    the Postal Service Committee on Government Reform House of
    Representatives Dear Mr. Chairman: As you know, the Postal
    Service's National Change of Address (NCOA) program is intended to
    improve the quality of addresses on mail by providing business
    mailers with accurate, properly formatted change-of- address data
    that are automation compatible. To do this, the Service collects
    change-of-address information reported by postal customers
    nationally and disseminates corrected addresses through a number
    of private firms licensed by the Service to provide address
    correction services. A recently completed audit of the costs and
    benefits of the NCOA program for the Service's Office of Inspector
    General found that, through the program, the Service was able to
    avoid nearly $1.2 billion in rehandling costs associated with
    forwarding mail in fiscal year 1998.1 Accompanying the benefits
    the Service derives from this program, however, is the
    responsibility for oversight and control over postal customers'
    change-of-address data, which are protected from inappropriate
    release or use under applicable federal privacy laws. In our 1996
    report, we pointed out that the NCOA program was operating without
    clearly delineated procedures and sufficient management attention
    to always prevent, detect, and correct the inappropriate release
    or use of change-of-address data.2 We recommended specific actions
    the Service should take to strengthen its oversight and control of
    these data. This report responds to your November 19, 1998,
    request that we determine what actions the Service has taken in
    response to our 1996 report and whether any additional actions are
    needed to strengthen the Service's oversight of the program.
    1Performance Audit of the National Change of Address Program, DS-
    AR-99-001, United States Postal Service Office of Inspector
    General, Mar. 31, 1999. 2U.S. Postal Service: Improved Oversight
    Needed to Protect Privacy of Address Changes (GAO/GGD-96- 119,
    Aug. 13, 1996) Page 1
    GAO/GGD-99-102 Address Change Privacy B-281674 As we recommended,
    the Service has developed and implemented written Results in Brief
    procedures that addressed its NCOA program oversight and control
    responsibilities for (1) using seed records3 to help detect the
    unauthorized disclosure of NCOA data by licensees, should it
    occur; and (2) reviewing, responding to, and documenting NCOA-
    related complaints and inquiries from postal customers and NCOA-
    related proposed advertisements by licensees. However, procedures
    designed by the Service to ensure that it is alerted when mail is
    sent to seed record addresses were not working as intended; thus,
    the Service lacked assurance that the seeding process provided an
    effective program oversight mechanism. Further, even though
    required to do so by the licensing agreement or by prescribed
    program procedures, during the 1996 through 1998 period we
    examined, the Service did not always (1) conduct the minimum
    number of licensee audits, including on-site audits; (2) promptly
    reaudit licensees that failed initial audits; or (3) promptly or
    always suspend or terminate licensees that failed successive
    audits. Also, the Service reported that it had performed more
    licensee audits than were documented in its audit files; however,
    even when we included these additional audits in our data, we
    determined that the Service did not perform all audits required.
    We make recommendations near the end of this report to address
    these weaknesses. The Service has taken no action on our
    recommendation that it explicitly state, in the acknowledgment
    form signed by customers of licensees, that NCOA program-linked
    data are not to be used to create or maintain new- movers lists (a
    list of postal customers who have submitted address change orders
    to the Service, usually created for marketing purposes). We
    continue to believe that more specific language in the
    acknowledgment form could help ensure that use of NCOA program-
    linked data is limited to the purposes for which they were
    collected. Congress may want to consider intervening if it
    believes that the Service should act on our recommendation. The
    automation of mail sorting and distribution activities with state-
    of-the- Background          art technology is a core component of
    the Service's strategy to achieve its goals for efficiency,
    effectiveness, and financial performance. According to the
    Service, the success of this strategy relies, in considerable
    part, on the Service's ability to provide address management
    services that help mailers accurately address their mail and adopt
    automation-compatible address standards. The NCOA program is one
    of several Service address 3A seed record is a record inserted
    into a file to detect the unauthorized disclosure or inappropriate
    release of that record or file. The practice of seeding is
    reportedly widely used in the mailing industry to control
    proprietary information. Page 2
    GAO/GGD-99-102 Address Change Privacy B-281674 management programs
    under the direction of the Manager, Address Management, located at
    the National Customer Support Center in Memphis, TN. The Manager
    reports to the Vice President, Operations Planning, at Service
    headquarters. The NCOA program began in 1986 and extended the use
    of change-of- address information submitted by postal customers to
    the Service by providing that information to business mailers for
    updating their mailing lists. This is important to the Service
    because sorting, transporting, delivering, and, in some cases,
    disposing of improperly addressed mail costs the Service money-
    estimated by the Service in 1996 at about $1.5 billion a year. The
    Service estimated that of the 191 billion pieces of mail it
    processed in 1997, incomplete or inaccurate address elements
    adversely affected the delivery of about one-third, or over 63
    billion pieces. NCOA change-of-address data are widely
    disseminated to business mailers through a network of 21 private
    businesses licensed, for a fee, by the Service. Licensees are
    responsible for maintaining a complete and current NCOA master
    file. Every week, the NCOA program office is to provide licensees
    a copy of the latest NCOA file update via computer tape. Licensees
    are to use these tapes to update the NCOA files they maintain.
    These tapes include address deletions, additions, and changes.
    Licensees are to use their updated NCOA master files and the
    address- matching logic designed into their computer software to
    update addresses on their and their customers' mailing lists. Each
    licensee's address matching software is to be tested and approved
    by the NCOA program office. The Service requires the software to
    meet strict performance standards as specified in the licensing
    agreement, and licensees are to use only the approved software to
    provide the NCOA service. In providing this service, licensees are
    to update an address on a mailing list only when a name and
    address on that list match a name and old address in the NCOA
    file. Service authority to disclose address information about its
    customers is limited by certain privacy guarantees in two federal
    laws. One of them, Section 412 of the Postal Reorganization Act of
    1970, as amended (39 U.S.C. 412), provides that no officer or
    employee of the Postal Service shall make available to the public
    by any means or for any purpose any mailing or other list of names
    or addresses of postal patrons or other persons, except for census
    purposes or as otherwise specifically provided by law. Page 3
    GAO/GGD-99-102 Address Change Privacy B-281674 The Privacy Act of
    1974 (5 U.S.C. 552a) provides individuals broader protection from
    the unauthorized use of records that federal agencies maintain
    about them and gives them right of access to those records.
    Subsection (n) of the act specifically restricts certain uses of a
    name and address as follows: "An individual's name and address may
    not be sold or rented by an agency unless such action is
    specifically authorized by law." More generally, under the Privacy
    Act, agency records may be disclosed provided such disclosures are
    compatible with the purpose for which the records were collected.
    Under subsection (m)(1) of the act, NCOA licensees operate on
    behalf of the Service and are subject to the provisions of the act
    to the same extent that employees of the Service would be. To
    determine the actions the Service has taken in response to our
    Scope and      recommendations that it prepare and implement
    formal written Methodology    procedures to strengthen its
    oversight of the NCOA program, we interviewed the Manager, Address
    Management and National Customer Support Center; technical
    managers who oversee certain Service- administered address
    management processes and programs, including the NCOA program; and
    the NCOA program manager. We obtained and reviewed the two
    procedures manuals the Service prepared in response to our earlier
    recommendations. The "NCOA Procedure Guide" was undated but,
    according to the program manager, became effective beginning in
    about September 1996. It prescribes oversight procedures and
    processes for (1) reviewing and documenting reviews of licensees'
    proposed NCOA-related advertisements and sales methods; (2)
    receiving, responding to, and documenting Service responses to
    postal customer NCOA-related inquiries and complaints; and (3)
    scheduling, conducting, and managing the results of Service audits
    of NCOA program licensees. The second manual, the "NCOA Integrity
    Procedures Manual," dated October 1998, describes seed records,
    their purposes, and the procedures and organizational
    responsibilities for carrying out the seeding process. To verify
    that written procedures were being followed and assess whether
    they responded to our recommendations, we (1) discussed the
    procedures with the NCOA program manager and other managers and
    staff responsible for program operations and oversight; and (2)
    reviewed records and files documenting the oversight processes of
    seeding, responding to and resolving postal customer inquiries and
    complaints, reviewing licensee's proposed advertisement, and
    auditing licensees. Specifically, we discussed the seeding process
    with the program office's project leader, who had primary
    responsibility for carrying out the Page 4
    GAO/GGD-99-102 Address Change Privacy B-281674 process. We
    reviewed reports and documentation related to the seeding process,
    including tests of the process for alerting NCOA program officials
    to the possible release of seed record addresses, during the
    January 1996 through March 1999 period. We had discussions with
    the program manager responsible for handling customer inquiries
    and complaints and reviewed program files and records. We had no
    way to determine whether all inquiries and complaints received at
    the program office were logged and responded to. However, we
    randomly selected 18 of the 32 file drawers where inquiry and
    complaint records were stored, and we reviewed the entire contents
    of each. We discussed selected examples with the program office
    technical staff responsible for researching and responding to
    customer concerns. We examined documentation of licensees' NCOA-
    related advertisements that had been submitted to and reviewed and
    approved/disapproved by the Service as required by the licensing
    agreement and specified in the NCOA Procedure Guide. We reviewed
    all available documentation in the program office's official
    licensee files, and we discussed selected examples of
    advertisements with the program office staff responsible for the
    review and approval process. For the licensee audit process, we
    reviewed the results of all audits conducted from September 1995
    through March 1999 that were documented in the program office's
    audit files. We discussed the audits with the program manager and
    reviewed examples of audit results with responsible program office
    staff. To assess the Service's response to our recommendation that
    the Privacy Act-related restriction on the use of NCOA-linked data
    to create new- movers lists be communicated explicitly to
    licensees' customers, we discussed the issue with the Service's
    Chief Counsel, Consumer Protection Law; a Service Senior Attorney
    in Washington, D.C.; and the Manager, Address Management, in
    Memphis. We conducted our review between September 1998 and May
    1999 in accordance with generally accepted government auditing
    standards. We requested comments on a draft of this report from
    the Service and received written comments from the Postmaster
    General, which we have included in appendix I.  His comments are
    discussed near the end of this report. Page 5
    GAO/GGD-99-102 Address Change Privacy B-281674 The Service has
    taken steps to strengthen its oversight of the NCOA Program
    Oversight               program and help ensure that the program
    operates in compliance with the Strengthened, but
    privacy provisions of federal laws. The Service has developed and
    implemented written procedures formalizing its oversight processes
    and Seeding Process                 responsibilities for (1)
    seeding NCOA address change updates released to Weaknesses Still
    Exist licensees, (2) addressing customer NCOA-related inquiries
    and complaints, and (3) reviewing and approving licensees'
    proposed advertisements promoting NCOA-related services. However,
    our review revealed that the procedures the Service developed to
    ensure that mail sent to seed record addresses is appropriately
    identified, and the program office alerted to a possible release
    of a seed record address by a licensee, were not working as
    intended. As a result, the Service has no assurance that the
    seeding process provided an effective oversight mechanism. In
    1996, we found several weaknesses in the Service's practice of
    using Use of Seed Records             seed records as an oversight
    measure to detect the improper release of NCOA data by licensees.
    We recommended that the Service develop and implement formal,
    written procedures that addressed the responsibilities and
    timetables for using the seeding process as an oversight
    mechanism. Our more recent work at the NCOA program office showed
    that, in response to our recommendations, the Service prepared
    formal written procedures that delineate program office
    responsibilities for carrying out the seeding process. Further,
    our work showed that the written procedures were generally being
    followed. However, we found another problem-the program's process
    for alerting program officials that mail was sent to a seed record
    address (and therefore a licensee had possibly released a seed
    record address) was not working as intended. As a result, the
    Service had no assurance that the seeding process was providing
    the program oversight intended. According to NCOA program
    officials, the process of seeding NCOA files provides program
    oversight by helping to detect and deter the improper release of
    NCOA data by licensees. They said that NCOA file updates have been
    seeded since the program began in 1986. Seed records are
    fictitious name and address data that the program office
    periodically places in NCOA file updates provided to licensees.
    These names and addresses are designed uniquely and do not
    identify postal customers who have moved and submitted mail-
    forwarding forms to the Service, or any other postal customer.
    Therefore, licensees should not be able to match the seed record
    names and addresses with names and addresses on their mailing
    lists or their customer's mailing lists when using the Service-
    approved name and address-matching computer software. Page 6
    GAO/GGD-99-102 Address Change Privacy B-281674 Service procedures
    state that mail sent to a seed record address is to be intercepted
    by the local post office and photocopied. The photocopy is to be
    returned to the NCOA program office, thereby alerting program
    officials of the possibility that a licensee has improperly
    released a seed record address. Program officials could then
    identify the licensee that released the seed record by tracing it
    back to the licensee that received (and subsequently released) the
    seed record. According to program officials, licensees are aware
    that NCOA file updates are seeded but are not able to identify the
    seed records. In our 1996 review, we found that the Service had
    informal, unwritten procedures for seeding. Specific
    responsibilities and timetables for carrying out the seeding
    process were not delineated. We found that, because of inattention
    to program management, seed record addresses for a 9-month period
    in 1993 and 1994 were inadvertently not included in licensee file
    updates. Thus, the Service's oversight of the program through use
    of the seeding process was not in effect during this period.
    Subsequent to our 1996 review, the Service developed written
    procedures that describe seed records; their purpose; and the
    procedures, responsibilities, and timetables for implementing and
    using the seeding process as an oversight mechanism. The
    procedures include steps such as developing the seed record
    addresses, placing them into the licensees' NCOA file updates at
    specified times, and testing the retrieval process for mail sent
    to seed record addresses. On the basis of our discussions with
    NCOA officials and our review of seeding files and reports, it
    appears that program office staff were following most of the
    written procedures. For example, files we examined showed that
    10,000 to 20,000 seed records were implanted in licensees'
    databases continuously throughout the period January 1996 through
    March 1999. Also, as required by the procedures, the Service
    annually added new seed records to the licensees' master file
    updates. However, we found that Service "tests" of the seeding
    process revealed that procedures for alerting program officials
    that mail had been sent to a seed record address were not working
    as intended. Specifically, we found that the NCOA program office
    was not always alerted by postal delivery units when test mail was
    sent to seed record addresses. As a result, the Service could not
    be assured that it would be appropriately alerted if actual mail
    were to be sent to seed record addresses. In turn, the Service
    could not be assured that it would always be made aware that a
    licensee had released a seed record address, should this occur.
    Page 7                                   GAO/GGD-99-102 Address
    Change Privacy B-281674 According to the Service, instructions for
    appropriately identifying and notifying program officials of mail
    sent to seed record addresses are sent by the program office to
    affected postal delivery units throughout the postal system each
    year. Periodically, the program office sends mail to seed record
    addresses to test whether the identification and notification
    process for mail sent to seed record addresses is working
    properly. If it is working properly, the applicable delivery units
    will identify mail sent to seed record addresses and return a
    photocopy of it to the program office, thereby alerting program
    officials that mail was sent to a seed record address. However, we
    found that local delivery units were not always appropriately
    alerting program officials when test mail was sent to seed record
    addresses. Data provided to us by the program office showed that
    program officials were appropriately notified of only about 6
    percent of nearly 1,000 test mailings sent out during the period
    October 1998 to February 1999. The program office did not have
    complete records showing the results of test mailings prior to
    this period. Although the program office has procedures for
    following up with delivery units when these units do not handle
    test mail appropriately, program office reports on test mail
    results showed that these procedures were not always followed. The
    program manager said that the process of sending test mail to seed
    record addresses, and following up with the appropriate delivery
    units when test mail was not returned, had been a manual process;
    however, because the process was labor intensive, it was automated
    in early 1999. The program manager said that, because the process
    is automated, when program officials are not appropriately
    notified that a delivery unit received test mail, the system will
    automatically generate correspondence advising the delivery unit
    manager that procedures were not followed for test mail sent to a
    seed record address. According to program officials, the automated
    process was only recently implemented. Therefore, its
    effectiveness in identifying and correcting problems in handling
    test mail sent to seed record addresses had not been determined at
    the time of our review. Determining why delivery units did not
    always appropriately notify NCOA program officials when test mail
    was received was not within the scope of our review. Further,
    delivery units are in a different Service organizational component
    and are not under the authority of NCOA program officials.
    However, until the process for appropriately identifying test mail
    and notifying program officials when test mail is sent to seed
    record addresses is working completely as intended, the Service
    cannot be assured that Page 8
    GAO/GGD-99-102 Address Change Privacy B-281674 program officials
    would be appropriately notified if actual mail were sent to seed
    record addresses. In turn, the Service cannot be assured that the
    seeding process would detect an improper release of NCOA data by a
    licensee. In our 1996 review, we found that the NCOA program
    office's complaint Program-Related Inquiries    investigation
    process was informal and lacked structure. We were and Complaints
    therefore unable to assess the effectiveness of the complaint
    process as a program oversight mechanism. We recommended that the
    NCOA program office develop and implement written oversight
    procedures providing for the systematic recording of all NCOA-
    related complaints received, including actions taken to resolve
    the complaints. On the basis of our recent review, we believe that
    the actions taken by the Service provide the formal structure
    needed to ensure that the complaint investigation process could be
    an effective licensee oversight mechanism. In our earlier review,
    NCOA program officials told us that they investigate program-
    related inquiries and complaints from postal customers, licensees,
    and the licensees' customers to provide another program oversight
    and control mechanism. They said that inquiries and complaints
    were important because they can alert the Service to possible
    problems involving the quality of NCOA program services that
    licensees are providing, as well as to instances of licensees'
    noncompliance with the terms and provisions of the licensing
    agreement. However, the office could not provide us with any
    evidence of a process for logging inquiries and complaints
    received, investigating them, and reporting the results of the
    investigations internally or to the inquirers or complainants. In
    our most recent review, we found that the procedure guide
    contained written procedures providing formal structure to the
    program's process for receiving, researching, and responding to
    customer inquiries and complaints and documenting the results of
    these actions. Our examination of the program office's inquiry and
    complaint files, combined with our discussions with program office
    managers and staff, showed that the procedures had been
    implemented. Specifically, we found documentation showing that (1)
    NCOA-related inquiries and complaints had been entered into an
    electronic tracking system and (2) research and analysis needed to
    respond to inquiries and complaints had been conducted and, where
    appropriate, responses provided. The NCOA program manager told us
    that since about September 1997, over 38,000 inquiries and
    complaints had been logged into a database at the program office.
    Documentation relating to these inquiries and Page 9
    GAO/GGD-99-102 Address Change Privacy B-281674 complaints was
    retained in 32 file drawers located in the program office.
    Although we had no way to verify that all inquiries and complaints
    received were logged in and responded to, we randomly selected 18
    of these drawers and reviewed the entire contents of each. On the
    basis of this review and our discussions with program managers and
    staff, it appears that the Service was following procedures and
    appropriately utilizing inquiries and complaints as a program
    oversight mechanism. We reported in 1996 that we had been unable
    to fully evaluate the ProgramRelated    effectiveness of the NCOA
    program office's oversight of licensees' Advertising
    program-related proposed advertising as prescribed in the
    licensing agreement because program officials had not documented
    their oversight efforts. We recommended that the Service develop
    and implement written oversight procedures for obtaining and
    reviewing licensees' program- related proposed advertisements,
    documenting the review, and notifying licensees of the results
    within the time period prescribed in the licensing agreement. On
    the basis of the results of our current review, we believe that
    the Service has substantially complied with our recommendations
    and has in place a formalized process for ensuring generally that
    licensees' proposed advertising is in compliance with the
    provisions of the licensing agreement. The licensing agreement
    requires licensees to adhere to Service guidelines relating to the
    wording, content, and design of proposed advertisements that
    mention the NCOA program to ensure that the relationship between
    licensees and the Service is correctly represented. In addition,
    the licensing agreement requires that all licensee advertisements
    be pre- approved by the NCOA program office prior to their use.
    According to the agreement, the program office is to provide
    licensees a written notice of its approval or disapproval of
    proposed advertisements within 20 days of receipt of this
    material, or the licensees may consider the proposed advertisement
    approved. In our earlier review, however, we found little
    documentation of an advertisement review process, and it appeared
    that NCOA program officials did not always review licensees'
    program-related advertisements. For example, we found that at
    least two licensees had submitted proposed advertisements for
    review that contained material promoting the availability of new-
    movers lists linked to NCOA data, which was in violation of the
    licensing agreement. Even though licensees were precluded by the
    licensing agreement from advertising the availability of new-
    movers lists based in any part on NCOA-related data, program
    officials took no action to disapprove the advertisements. Page 10
    GAO/GGD-99-102 Address Change Privacy B-281674 In our most recent
    review, we found that the program office's oversight of NCOA-
    related proposed advertisements had improved, and licensees were
    generally meeting the terms of the licensing agreement related to
    advertising. Specifically, we found that licensee files in the
    program office contained varying types and amounts of proposed
    advertisements. In addition, most of the advertisements submitted
    for approval had a document noting either the approval or
    disapproval of the advertisement within the 20-day period
    prescribed. If the advertisement had been disapproved, reasons for
    the disapproval and suggested changes were also documented.
    Although we reviewed all advertisements contained in the program
    office files, we had no way to determine whether licensees had
    submitted all of their advertisements for review. Program
    officials told us, however, that office staff regularly review
    publications where licensees are known to advertise frequently to
    help verify that the licensees are using only approved
    advertisements. In addition, we found examples of advertisements
    that had not been approved and the related follow-up
    correspondence with the licensees. Program officials told us that
    when these situations are discovered, they contact the licensee
    and require a written explanation. In December 1998, the program
    office sent letters to all of the licensees stating that effective
    January 1, 1999, if a licensee fails three times within a 1-year
    period to obtain program office approval before an NCOA-related
    advertisement is used, the licensee may be suspended from the NCOA
    program. Our 1996 review disclosed that licensee audit files at
    the NCOA program Requirements for       office were poorly
    maintained, and that the number of licensee audits Licensee Audits
    and    conducted by the program office was unclear. As a result,
    we could not determine whether the Service's licensee audits were
    providing effective Suspensions Not Met    and meaningful
    oversight of licensees' compliance with the licensing agreement or
    the applicable privacy provisions of federal law. We recommended
    that the Service enforce the provision of the licensing agreement
    that licensees be audited a prescribed minimum number of times
    each year and suspend or terminate, as appropriate, licensees that
    fail consecutive audits. Our follow-up review of licensee audit
    files at the program office revealed that problems similar to what
    we found earlier still existed. Specifically, we found that the
    program office had not (1) performed the required minimum number
    of annual licensee audits, (2) performed the required minimum
    number of on-site licensee audits every 24 months, (3) performed
    timely licensee reaudits after a failed audit, and (4) always or
    Page 11                                     GAO/GGD-99-102 Address
    Change Privacy B-281674 promptly suspended or terminated licensees
    that failed two consecutive audits. Further, it appears that the
    licensee audit files at the program office were still incomplete
    because program officials told us that they had performed more on-
    site audits than could be verified by documentation in the audit
    files. Nevertheless, even when these additional audits are taken
    into consideration, we determined that the Service did not perform
    all audits required. The licensing agreement requires licensees to
    pass three audits each year, and the Service's procedure guide
    specifies that the program office is to audit each licensee a
    minimum of three times per year. Also, at least one on-site audit
    is to be conducted at the premises of each licensee every 24
    months. On-site audits can be unannounced and include both tests
    of the licensees' NCOA software accuracy and verification of the
    licensees' compliance with other provisions of the licensing
    agreement, such as the provision that licensees prevent
    unauthorized access to the NCOA file. Audits not conducted on-site
    are administered by the program office through a test computer
    tape mailed to the licensees. According to program officials,
    these audits focus on the comprehensive assessment of the accuracy
    of the licensees' NCOA name and address-matching software. The
    licensing agreement sets a strict standard of 99-percent accuracy
    for licensees' name and address-matching software that is to be
    rigorously tested in the audit process. Licensee software that
    does not meet the standard is to fail the audit. NCOA program
    officials told us that when a licensee fails an audit, they notify
    the licensee by telephone. Additionally, the Service's Contracting
    Officer, who is located at the Service's headquarters in
    Washington, D.C., officially notifies the licensee of the audit
    failure by sending a written 30-day "Cure Notice" with a
    description of the deficiencies identified in the audit. When the
    licensee notifies the program office that the deficiencies have
    been corrected, or after the 30- day period has expired, whichever
    comes first, the NCOA program office is to reaudit the licensee.
    Although in practice the Service does not suspend licensees that
    fail an initial audit, its procedure guide states that the Service
    can suspend licensees that fail audits and do not correct the
    deficiencies identified by the end of the 30-day period. The
    suspension may continue until the deficiencies have been corrected
    and confirmed by a reaudit. Further, the license agreement
    provides that licensees that fail two consecutive audits are to be
    suspended or terminated. Upon a third consecutive audit failure,
    licensees are to be terminated. Because of the contractual
    relationship between the Service and the licensees, only the
    Contracting Officer, who is Page 12
    GAO/GGD-99-102 Address Change Privacy B-281674 not under the
    authority of the NCOA program office, may suspend or terminate
    licensees. Service licensee audits are designed to check for both
    the failure of the software to make correct name and address
    matches and for instances where the software produces an incorrect
    match. The failure of a licensee's software to make appropriate
    matches can result in the licensee not providing its customers all
    the address corrections that should be provided through the NCOA
    program service. Incorrect matches, which are more serious, can
    result in the licensee improperly releasing new addresses from the
    NCOA database in violation of privacy law. The procedure guide
    states that incorrect matches found during an initial audit will
    result in an automatic audit failure, and that the licensee will
    be required to immediately make the necessary software corrections
    and will be reaudited. According to the licensing agreement,
    Service licensee audits are an important oversight measure for
    helping to ensure that the provisions and performance standards of
    the licensing agreement are met, the integrity of the address
    correction services licensees provide is maintained, and the
    program operates in compliance with privacy guarantees of federal
    law. Because licensees' NCOA software that fails an audit is not
    performing to the prescribed licensing standards, we believe that
    (1) performing the required number of licensee audits, (2)
    promptly reauditing licensees that fail audits, and (3) promptly
    suspending or terminating licensees that fail successive audits
    are important features of the Service's responsibility to help
    ensure the integrity of the NCOA program. However, according to
    the documentation in the licensee audit files at the program
    office and other information provided by the Service indicating
    that additional audits had been performed, the program office did
    not perform the minimum number of annual licensee audits
    prescribed by its procedure guide during fiscal years 1996 through
    1998. Table 1 illustrates that in fiscal year 1996, the Service
    did not audit 7 of 25 licensee systems the required minimum number
    of 3 times; in fiscal year 1997, 10 of 25 licensee systems were
    not audited the required minimum number of 3 times; and in fiscal
    year 1998, 8 of 25 licensee systems were not audited the required
    minimum number of 3 times.4 4Licensees may have more than one NCOA
    software matching computer system. During the period of our
    review, 17 licensees operated a single system, and 4 licensees
    each operated 2 separate systems, for a total of 25 systems. Page
    13
    GAO/GGD-99-102 Address Change Privacy B-281674 Table 1: Summary of
    Number of Annual
    Systems receiving Audits Performed on 25 Licensee         Fiscal
    year                             3 audits                2 audits
    1 audit Systems for Fiscal Years 1996-1998      1996
    18 (72%)                 7 (28%)                            0 1997
    15 (60%)                 9 (36%)                   1 (4%) 1998
    17 (68%)                 6 (24%)                   2 (8%) Note:
    Total licensee systems include all 25 computer systems providing
    NCOA program services. Source: GAO analysis of licensee audit
    documentation in NCOA program office files and additional
    information provided by the Service. Moreover, because the program
    office did not always perform the minimum number of annual
    licensee systems' audits prescribed by its procedure guide,
    licensees were not always required to prove the integrity of their
    systems by passing at least three audits each year, as specified
    in the licensing agreement. Specifically, documentation in the
    licensee audit files at the program office, combined with
    additional documentation provided to us by program officials,
    showed that in fiscal year 1996 only 12 (48 percent) of 25
    licensee systems passed the minimum of 3 audits; in fiscal year
    1997, only 7 (28 percent) of 25 systems passed 3 audits; and in
    fiscal year 1998, only 9 (36 percent) of 25 systems passed 3
    audits. Thus, the Service cannot be assured that licensees are
    consistently providing the address correction services intended by
    the program or consistently releasing only name and address data
    permitted by law. In addition, according to documentation in the
    audit files and additional information provided by program
    officials, the program office did not conduct at least one on-site
    audit of each licensee system every 24 months as prescribed by the
    procedure guide. Only 18 licensee systems received on-site audits
    during the 42-month period we reviewed; also, as of May 1999, 14
    licensee systems were overdue for an on-site audit. Further,
    according to documentation in the audit files and the additional
    information provided by program officials, the program office did
    not always do timely reaudits of licensees that failed initial
    audits. We believe that promptly reauditing licensees that fail
    initial audits is important to ensure program integrity because
    after failing an initial audit, licensees are permitted to
    continue providing NCOA program services with software that does
    not comply with performance standards specified in the licensing
    agreement. However, as table 2 shows, of 35 licensee system audit
    failures during the period we reviewed, 9 systems were not
    reaudited until 61 to 90 days after the initial audit failure; and
    3 were not reaudited until over 90 days after the initial audit
    failure. Page 14
    GAO/GGD-99-102 Address Change Privacy B-281674 Table 2: Number of
    Days Between NCOA
    Total number of reaudits Licensee's Failed Audit and Subsequent
    Days
    for timespan Reaudit Between Fiscal Year 1996 and      30 days or
    less
    10 March 1999                                31 to 60 days
    13 61 to 90 days
    9 Over 90 days
    3 Total number of reaudits
    35 Source: GAO analysis of licensee audit documentation in NCOA
    program office files and additional information provided by the
    Service. We noted that one licensee system reaudit in the "over 90
    days" category was not completed until 210 days after the failed
    initial audit. Because this audit failure involved an incorrect
    name and address match-an automatic failure because of the
    possibility that the licensee was releasing name and address data
    in violation of privacy law-for this 210-day period, the licensee
    could have been inappropriately releasing NCOA-related data.
    Finally, we found three instances where licensees failed two
    consecutive audits yet were not promptly suspended, suspended at
    all, or terminated from the program. One licensee failed two
    successive audits and was not suspended until 17 days after the
    second audit. Another licensee failed two successive audits and
    was not suspended until 67 days after failing the second audit. A
    third licensee failed two successive audits and was never
    suspended. That licensee received a passing score on the third
    audit, which was conducted 147 days after the initial failed
    audit. According to the licensing agreement, licensees that fail
    two successive audits are to be either suspended or terminated
    from the program. By not promptly suspending or terminating these
    licensees, the Service allowed these licensees to continue
    providing NCOA program services for varying periods of time with
    software that was not in compliance with the performance standards
    specified in the licensing agreement. Program officials told us
    they had performed more on-site audits than could be verified by
    evidence in the audit files, but they were initially unable to
    provide us with supporting documentation. However, after we had
    completed our audit work at the program office, program officials
    sent us documentation indicating that 18 licensee systems had
    received on-site audits during the period we reviewed-10 more than
    indicated by documentation we had found in the program office
    audit files. The documentation the Service sent us consisted of
    recently signed statements from officials of some licensees
    indicating that these additional on-site audits had been
    performed. Page 15
    GAO/GGD-99-102 Address Change Privacy B-281674 Even after counting
    these additional audits reported by the Service, we determined
    that it did not perform the minimum number of annual audits or on-
    site audits required during the periods included in our review.
    This deficiency in the number of audits performed, coupled with
    the lack of documentation in the audit files evidencing all of the
    audits reported by the Service, indicated that the NCOA program
    audit process was not a fully effective oversight mechanism. The
    NCOA program manager attributed these problems-not performing the
    required minimum number of annual audits and on-site audits, not
    performing timely reaudits, and not promptly suspending or
    terminating licensees that failed successive audits-to (1) an
    insufficient number of staff to handle the program office's
    increasing workload; (2) high rates of turnover among program
    audit staff during this period, which reduced the number of
    experienced auditors; and (3) the need to assign program office
    staff to respond to an unexpectedly high volume of customer calls
    to the program office regarding the Service Move Update program
    implemented in 1997.5 Previously, we reported that the Service had
    not clearly communicated Service Believes        through NCOA
    program licensees to the licensees' customers the privacy Privacy
    Restrictions    law-related restriction on the use of NCOA-linked
    data to create or maintain new-movers lists. Specifically, the
    Service had not stated in the Do Not Apply to the     NCOA
    Processing Acknowledgment Form that NCOA data are not to be
    Secondary Use of        used to create or maintain new-movers
    lists. The licensing agreement NCOA Data               requires
    licensees to have their customers sign this form before receiving
    NCOA-linked services. The Service, however, had communicated this
    restriction to the licensees in the licensing agreement. The
    licensing agreement stated, in part, that "Information obtained or
    derived from the NCOA File or service shall not be used by the
    Licensee, either on its own behalf or knowingly for its customers,
    for the purpose of creating or maintaining new-movers lists." The
    Service stated that it placed this restriction on licensees as a
    "good business practice" and to address concerns raised by
    Congress and the public, not because use of the NCOA-linked data
    to create or maintain new-movers lists was restricted under the
    Privacy Act. 5Move Update, implemented by the Service in July
    1997, required First-Class presort and automation rate customers
    to update mailing lists using Service-approved address-correction
    services within 6 months prior to the date of any mailing on which
    a postage discount would be claimed. Page 16
    GAO/GGD-99-102 Address Change Privacy B-281674 We disagreed with
    the Service's assessment of the Privacy Act and expressed our view
    that use of NCOA-linked data by a licensee to create a new-movers
    list would not be consistent with the limitations imposed by the
    act. We recommended that the Service use the acknowledgment form
    that licensees' customers are to sign to explicitly notify the
    customers that the use of NCOA-linked data to create or maintain
    new-movers lists is not permitted. The Service disagreed with our
    recommendation in 1996 and stated that it believed that (1) a
    restriction on the creation and maintenance of new- movers lists
    from NCOA-linked data was not required by privacy law, (2)
    enforcement of such a restriction on customers of licensees would
    be impracticable, and (3) we had misinterpreted the purpose of the
    acknowledgment form when we said that it was "to limit the use of
    NCOA- linked data by the customers of licensees." Our recent
    review showed that the Service has not implemented our
    recommendation that it amend or revise the acknowledgment form to
    explicitly convey this restriction to the customers of licensees.
    Service officials believe that the design and implementation of
    the NCOA program fully complies with applicable federal privacy
    laws. Service attorneys responsible for this issue told us that
    the Service continues to believe that the use of NCOA-linked data
    to create or maintain new-movers lists is not restricted by the
    Privacy Act. With regard to licensees, the Service's position
    stems from the view that a licensee wears two hats-one when
    performing address correction services as an agent of the Service
    and another as a private business. In the Service's view, after a
    licensee performs address correction services as an agent of the
    Service, it is then free under the Privacy Act to use NCOA-linked
    data to create or maintain new-movers lists. With regard to the
    licensees' customers, the attorneys said that the Service has no
    responsibility to attempt to restrict the use of NCOA-linked data
    by a private business with which it has no legal relationship. We
    disagree. The Service collects change-of-address information from
    postal customers for the limited purposes of address list
    correction and mail forwarding, not for the purpose of creating
    and maintaining new- movers lists. Therefore, we continue to
    believe that use of NCOA-linked data to create or maintain new-
    movers lists by licensees of the Service, who are viewed under the
    Privacy Act as if they were employees of the Service, would not be
    consistent with the limitations imposed by the Privacy Act.
    Further, we continue to believe that more specific language in
    Page 17                                   GAO/GGD-99-102 Address
    Change Privacy B-281674 the acknowledgment form that licensees'
    customers sign could help ensure that use of NCOA-linked data is
    limited to the purposes for which it was collected. Through the
    NCOA program, the Service has extended the use of address
    Conclusions    change information that its customers report for
    mail forwarding purposes to provide business mailers with current
    name and address and address- format information for customers on
    their mailing lists. This program helps ensure that postal
    customers' mail is more accurately addressed and thereby reduces
    Service costs associated with additional handling of improperly
    and inaccurately addressed mail. However, by creating a postal
    customers' change-of-address database, the Service is obligated to
    use and protect the data in compliance with the constraints of
    applicable federal privacy laws. The Service has been partially
    responsive to our previous recommendations to strengthen oversight
    of the NCOA program in that it developed and implemented written
    procedures for (1) seeding NCOA file updates released to licensees
    and (2) reviewing, responding to, and documenting customers' NCOA-
    related inquiries and complaints and licensees' NCOA-related
    advertising. However, the Service has not effectively implemented
    program procedures and requirements for (1) ensuring that it is
    appropriately alerted when mail is sent to seed record addresses,
    (2) auditing and reauditing licensees, and (3) suspending or
    terminating licensees that fail successive audits. Although in
    early 1999 the Service made procedural changes that it believes
    will help ensure that mail sent to seed record addresses is
    appropriately brought to its attention, it is too early to
    determine the effectiveness of those changes. In addition, the
    Service reported that it had performed more licensee on-site
    audits than were documented in licensee audit files at the NCOA
    program office. However, the effectiveness of the licensee audit
    process as a program oversight mechanism is diminished when the
    Service does not perform all required audits and does not document
    the audit results. Until these program oversight and enforcement
    procedures are effectively implemented and documented, the Service
    cannot be assured that (1) the process of seeding NCOA file
    updates provided to licensees will be effective in alerting the
    Service to licensees' improper releases of NCOA data, (2)
    licensees are audited to ensure that they are in full compliance
    with federal privacy law and NCOA program requirements, and (3)
    Page 18                                    GAO/GGD-99-102 Address
    Change Privacy B-281674 licensees not in compliance are precluded
    from continuing to receive and disseminate program data. Although
    the NCOA program office is responsible for auditing and reauditing
    licensees, the problems we identified related to ensuring the
    effectiveness of seeding NCOA file updates as an oversight
    mechanism, and delays in suspending or terminating licensees that
    fail two consecutive audits do not appear to be completely under
    its control. Local postal delivery units that are in a different
    Service organizational component and are not under the authority
    of NCOA program officials appear to be involved in the former
    problem. Only the Contracting Officer, also in a different
    organizational component and not under the authority of NCOA
    program officials, has authority to suspend or terminate licensees
    from the NCOA program. Finally, in spite of the recommendation we
    made in our previous report, the Service has not changed the
    acknowledgment form to explicitly convey to licensees' customers
    the restriction against using NCOA-linked data to create or
    maintain new-movers lists. The Service also has not changed its
    position that it has no responsibility to attempt to restrict the
    use of NCOA -linked data by licensees' customers with whom it has
    no legal relationship. We disagree with the Service. We continue
    to believe that by including specific language in the
    acknowledgment form signed by licensees' customers that they
    should not use NCOA-linked data to create or maintain new-movers
    lists, the Service would help to ensure that NCOA program data are
    used only for the purposes for which such data were collected. If
    Congress is concerned about the failure of the Postal Service to
    Matter for       implement the recommendation we made in our prior
    report concerning Congressional    the creation and maintenance of
    new-movers lists by customers of its licensees, it may wish to
    amend the Postal Reorganization Act of 1970. An Consideration
    amendment could either (1) expressly prohibit the use of change-
    of- address data by licensees and their customers in the creation
    or maintenance of new-movers lists or (2) specifically require the
    Service to have its licensees and their customers acknowledge in
    writing that they have been informed and understand that change-
    of-address data may not be used for any purpose not authorized by
    law, including the creation or maintenance of new-movers lists.
    Page 19                                   GAO/GGD-99-102 Address
    Change Privacy B-281674 To help ensure that the NCOA program
    operates in compliance with Recommendations
    applicable provisions of federal privacy law and NCOA program
    requirements, we are making the following recommendations. *  The
    Postmaster General should ensure that NCOA program officials (1)
    conduct the minimum number of annual and on-site audits, as well
    as reaudits of licensees as required by the licensing agreement
    and the program procedure guide and (2) document in the program
    office files licensee audits performed, the results of those
    audits, and actions taken. *  The Postmaster General should also
    ensure that NCOA program officials and other appropriate Service
    officials coordinate actions to *  identify and correct weaknesses
    in the process of alerting program officials when mail is sent to
    seed record addresses so that the process works as intended and *
    ensure that licensees that fail successive audits are promptly
    suspended or terminated, as appropriate, from the program or that
    the licensing agreement is revised to reflect Service policy
    regarding when licensees will be suspended or terminated. On July
    19, 1999, we received written comments from the Postmaster Agency
    Comments and General on a draft of this report.  Among other
    points he made about the Our Evaluation                  NCOA
    program, the Postmaster General stated that the Service believes
    that the program is a valuable service that directly benefits
    ratepayers by contributing to the stabilization of postage rates.
    Regarding the Matter for Congressional Consideration and our
    position that the Service should explicitly convey to licensees'
    customers the restriction against using NCOA-linked data to create
    or maintain new-movers lists, he stated that the Service continued
    to believe that it has neither the legal responsibility nor the
    practical ability to regulate how the owners of mailing lists may
    use those lists once they have been matched against the NCOA
    database. He said that without an effective way to enforce a
    prohibition on the creation of new-movers lists, such as sending
    Postal Inspectors into mailers' plants, revising the
    acknowledgment form to explicitly prohibit their use would be an
    empty gesture. We recognize the Service's view regarding the
    challenges associated with enforcing a restriction on licensees'
    customers with whom they have no contractual relationship.
    Nevertheless, as discussed in this report, the Service collects
    change-of-address information for the limited purposes of address
    list correction and mail forwarding, not for the purposes of Page
    20                                   GAO/GGD-99-102 Address Change
    Privacy B-281674 creating and maintaining new-movers lists. Thus,
    in our view, the challenges associated with enforcement should not
    preclude the Service from notifying and receiving acknowledgment
    from licensees' customers that use of NCOA-linked data to create
    new-movers lists is not permitted. Given that our views on this
    issue differ from the Service's, we believe that our suggestion
    that Congress consider the issue remains appropriate. The
    Postmaster General generally agreed with our recommendations for
    improving oversight of the NCOA program.  Specifically, he stated
    that regarding our recommendation concerning the periodic audits
    and reaudits of licensees as required by the license agreement and
    the program procedure guide, the Service understands the
    importance of licensee oversight through regularly scheduled
    audits and has taken steps to ensure that the required audits will
    be performed for each licensee each year.  He stated, however,
    that because these audits, particularly the on-site audits, are
    labor intensive and can be performed only by technically
    knowledgeable staff, on occasion it may be necessary to defer some
    audits temporarily in order to have the resources available for
    other high-priority tasks.  He stated that, nevertheless, the
    Service would make every effort to keep the licensee audit
    schedule current. The Postmaster General stated that the Service
    also agreed with the second part of our recommendation concerning
    the need for more thorough documentation of licensee audits, the
    results of those audits, and the actions taken.  He stated that
    the NCOA program office has already implemented the recommendation
    and developed a standardized documentation process that accurately
    reports the results of audits. Regarding our recommendation to
    strengthen the process for alerting program officials when mail is
    sent to seed record addresses, the Postmaster General stated that
    the Service believes that the improvements currently being
    implemented will fully respond to the concerns we raised and that
    these improvements should be implemented nationally by September
    1999.  Regarding our proposed recommendation that the Service
    comply with the provisions of the licensing agreement to suspend
    or terminate licensees that fail successive audits, the Postmaster
    General stated that while the Service agrees with the
    recommendation, it thinks it is important to evaluate each audit
    failure on its own merits because it is in the best interest of
    the Service to work with licensees in ensuring that their systems
    work properly and are compatible with NCOA's programs.  He further
    stated that, when warranted and appropriate, the Service would
    invoke these provisions against licensees to preserve the
    integrity of the Page 21
    GAO/GGD-99-102 Address Change Privacy B-281674 program and to
    protect the privacy of customers' change-of-address information.
    We believe that the actions taken or planned described by the
    Postmaster General are responsive to our recommendations to him.
    Furthermore, we believe that the Postmaster General's position
    that it is in the best interest of the Service to work with
    licensees in ensuring that their systems work properly and are
    compatible with the NCOA's programs and that licensees would be
    suspended or terminated when warranted and appropriate is
    reasonable. However, we believe that the Service should change its
    licensing agreement to reflect such a policy. Accordingly, we have
    revised our recommendation to state that the Service should either
    suspend or terminate licensees that fail successive audits in
    accordance with the licensing agreement or change the licensing
    agreement to reflect the Service policy that licensees will be
    suspended or terminated when the Service believes that such
    actions are warranted. We are sending copies of this report to
    Representative Chaka Fattah, Ranking Minority Member of your
    Subcommittee; Senator Thad Cochran, Chairman, and Senator Daniel
    Akaka, Ranking Minority Member, Subcommittee on International
    Security, Proliferation, and Federal Services, Senate Committee on
    Governmental Affairs; William J. Henderson, Postmaster General;
    and Karla W. Corcoran, Postal Service Inspector General. We will
    make copies available to others upon request. Major contributors
    to this report are acknowledged in appendix II. If you have any
    questions about this report, please call Bernard L. Ungar on (202)
    512-8387 or Sherrill Johnson on (214) 777-5600. Sincerely yours,
    Nancy Kingsbury Acting Assistant Comptroller General Page 22
    GAO/GGD-99-102 Address Change Privacy Page 23    GAO/GGD-99-102
    Address Change Privacy Contents 1 Letter 26 Appendix I Comments
    From the U.S. Postal Service 28 Appendix II GAO Contacts and Staff
    Acknowledgments Table 1: Summary of Number of Annual Audits
    14 Tables                   Performed on 25 Licensee Systems for
    Fiscal Years 1996-1998 Table 2: Number of Days Between NCOA
    Licensee's                          15 Failed Audit and Subsequent
    Reaudit Between Fiscal Year 1996 and March 1999 Abbreviations NCOA
    National Change of Address (program) Page 24
    GAO/GGD-99-102 Address Change Privacy Page 25    GAO/GGD-99-102
    Address Change Privacy Appendix I Comments From the U.S. Postal
    Service Page 26         GAO/GGD-99-102 Address Change Privacy
    Appendix I Comments From the U.S. Postal Service Page 27
    GAO/GGD-99-102 Address Change Privacy Appendix II GAO Contacts and
    Staff Acknowledgments Bernard L. Ungar, (202) 512-8387 GAO
    Contacts       Sherrill H. Johnson, (214) 777-5600 In addition to
    those named above, Robert T. Griffis, Dorothy M. Tejada,
    Acknowledgments    Alan N. Belkin, and Jill P. Sayre made key
    contributions to this report. Page 28
    GAO/GGD-99-102 Address Change Privacy Ordering Information The
    first copy of each GAO report and testimony is free. Additional
    copies are $2 each. Orders should be sent to the following
    address, accompanied by a check or money order made out to the
    Superintendent of Documents, when necessary. VISA and MasterCard
    credit cards are accepted, also. Orders for 100 or more copies to
    be mailed to a single address are discounted 25 percent. Order by
    mail: U.S. General Accounting Office P.O. Box 37050 Washington, DC
    20013 or visit: Room 1100 700 4th St. NW (corner of 4th and G Sts.
    NW) U.S. General Accounting Office Washington, DC Orders may also
    be placed by calling (202) 512-6000 or by using fax number (202)
    512-6061, or TDD (202) 512-2537. Each day, GAO issues a list of
    newly available reports and testimony. To receive facsimile copies
    of the daily list or any list from the past 30 days, please call
    (202) 512-6000 using a touch-tone phone. A recorded menu will
    provide information on how to obtain these lists. For information
    on how to access GAO reports on the INTERNET, send e-mail message
    with "info" in the body to: [email protected] or visit GAO's World
    Wide Web Home Page at: http://www.gao.gov United States General
    Accounting Office           Bulk Rate Washington, D.C. 20548-0001
    Postage & Fees Paid GAO Permit No. G100 Official Business Penalty
    for Private Use $300 Address Correction Requested 240322

*** End of document. ***