Imagini ale paginilor
PDF
ePub

(b) Submission of Statement of Disagreement. If the final decision concerning a request for the amendment of a record does not satisfy the requester, any statement of reasonable length provided by that individual setting forth a position regarding the disputed information will be accepted and attached to the relevant personal record.

(c) Availability of Assistance in Exercising Rights. The USPS Records Officer is available to provide an individual with assistance in exercising rights pursuant this part.

[40 FR 45723, Oct. 2, 1975, as amended at 41 FR 24709, June 18, 1976; 45 FR 44273, July 1, 1980]

§ 266.8 Schedule of fees.

(a) Policy. The purpose of this section is to establish fair and equitable fees to permit reproduction of records to concerned individuals while substantially covering the direct costs incurred by the Postal Service.

(b) Reproduction. (1) For reproducing any paper or micrographic record or publication, the fee is $.10 per page. Computer reports will be provided at $.015 per page. No charge will be made if the total fees authorized by this Part in compliance with a request or series of related requests is less than $1.00.

(2) The Postal Service may at its discretion make coin-operated copy machines available at any location. In that event, the requester will be given the opportunity to make copies at his own expense.

(3) The Postal Service will not normally furnish more than one copy of any record.

(c) Limitations. No fee will be charged to any individual for the process of retrieving, or amending records. [40 FR 45723, Oct. 2, 1975]

§ 266.9 Exemptions.

(a) Subsections 552a (j) and (k) of title 5, U.S.C., empower the Postmaster General to exempt systems of records meeting certain critiera from various other subsections of section 552a. With respect to systems of records so exempted, nothing in this part shall require compliance with provisions hereof implementing any

subsections of section 552a from which those systems have been exempted.

(b) Pursuant to, and to the extent permitted by, subsection 552a(j) and (k) of title 5, U.S.C., the following systems of records maintained by the Postal Service are exempted from the designated subsections of section 552a of title 5, U.S.C.:

(1) Inspection Requirements-Investigative File System, USPS 080.010 from 5 U.S.C. 552a(c) (3) and (4), (d) (1)-(4), (e)(1)−(3), (e)(4) (G) and (H), (e) (5) and (8), (f), (g), and (m).

(2) Inspection Requirements—Mail Cover Program, USPS 080.020 from 5 U.S.C. 552a (c)(3) and (4), (d)(1)-(4), (e) (1)-(3), (e)(4)(G) and (H), (e)(5), (e)(8), (f), (g) and (m).

(3) Personnel Records-Preemployment Investigation Records, USPS 120.110 from 5 U.S.C. 552a (d) (1)−(4) and (e)(1) to the extent that information in the system is subject to exemption under 5 U.S.C. 552a(k)(5) as relating to the identity of a source who furnished information to the Government in confidence as a part of an investigation conducted solely for the purpose of determining suitability, eligibility, or qualifications of an individual for employment.

(4) Personnel Records-Recruiting, Examining, and Appointment Records, USPS 120.151 from 5 U.S.C. 552a (d) (1)-(4), (e)(1), (e)(4) (G) and (H), and (f) to the extent that information in the system is subject to exemption pursuant to 5 U.S.C. 552a(k) (5) and (6) as relating to the compromise of the objectivity or fairness of the testing or examination process and to the identity of a source who has furnished information to the Government in confidence as a part of an investigation conducted solely for the purpose of determining suitability, eligibility, or qualifications of an individual for employment.

(5) Personnel Research and Test Validation Records, USPS 120.120 from 5 U.S.C. 552a (d) (1)-(4), (e)(4)(G) and (H), and (f) to the extent that information in the system is subject to exemption pursuant to 5 U.S.C. 552a(k)(6) as relating to testing and examination material.

Records-Personnel

(6) Equal Employment Opportunity-EEO Discrimination Complaint In

vestigations. USPS 030.010 from 5 U.S.C. 552a (d)(1)-(4), (e)(4) (G) and (H) and (f) to the extent that information in the system is subject to exemption pursuant to 5 U.S.C. 552a(k)(2) as material compiled for law enforcement purposes and (k)(5) as relating to the identity of a source who has furnished information to the Government in confidence as a part of an investigation conducted solely for the purpose of determining suitability, eligibility, or qualifications of an individual for employment.

(7) Personnel Records-Postmaster Selection Program Records, USPS 120.130 from 5 U.S.C. 552a (d) (1)-(4) and (e)(1) to the extent that information in the system is subject to exemption under 5 U.S.C. 552a(k)(5) as relating to the identity of a source who furnished information to the Government in confidence as a part of an investigation conducted solely for the purpose of determining suitability, eligibility, or qualifications of an individual for employment.

(8) Personnel Records-Career Development and Training Records, USPS 120.152 from 5 U.S.C. 552a (d) (1)-(4), (e)(4) (G) and (H), and (f) to the extent that information in the system is subject to exemption pursuant to 5 U.S.C. 552a(k)(6) as relating to the compromise of the objectivity or fairness of the testing or examination process.

[40 FR 45723, Oct. 2, 1975, as amended at 42 FR 21471, Apr. 27, 1977; 43 FR 41391, Sept. 18, 1978; 45 FR 44273, July 1, 1980; 47 FR 17814, Apr. 26, 1982]

Sec.

PART 267-PROTECTION OF INFORMATION

267.1 Purpose and scope.

267.2 Policy.

267.3 Responsibility.

267.4 Information security standards. 267.5 National Security Information.

AUTHORITY: 39 U.S.C. 401; Pub. L. 93-579, 88 Stat. 1896.

8267.1 Purpose and scope.

This Part addresses the protection of information and records in the custody of the Postal Service throughout all phases of information flow and

within all organization components, and includes micromated, manual and data processing information.

[40 FR 45726, Oct. 2, 1975]

§ 267.2 Policy.

Consistent with the responsibility of the Postal Service to make its official records available to the public to the maximum extent required by the public interest, and to ensure the security, confidentiality, and integrity of official records containing sensitive or national security information, it is the policy of the Postal Service to maintain definitive and uniform information security safeguards. These safeguards will have as their purpose: (a) Ensuring the effective operation of the Postal Service through appropriate controls over critical information, and (b) Protecting personal privacy, the public interest, and the national security by limiting unauthorized access to both restricted and national security information.

[44 FR 51224, Aug. 31, 1979]

§ 267.3 Responsibility.

(a) Chief Postal Inspector and USPS Records Officer. The Chief Inspector and the Records Officer will insure within their respective areas of jurisdiction:

(1) Postal Service-wide compliance with this policy and related standards and procedures, and

(2) That remedial action is taken when violations or attempted violations of these standards and procedures occur.

(b) Custodians. All custodians are responsible for insuring that information security standards and procedures are followed and that all relevant employees participate in the information security awareness programs.

[40 FR 45726, Oct. 2, 1975]

§ 267.4 Information security standards.

(a) The Postal Service will operate under a uniform set of information security standards which address the following functional aspects of information flow and management:

(1) Information system development, (2) Information collection,

(3) Information handling and processing,

(4) Information dissemination and disclosure,

(5) Information storage and destruction,

(b) Supplementing this list are information security standards pertaining to the following administrative areas: (1) Personnel selection and training, (2) Physical environment protection, (3) Contingency planning,

(4) Information processing or storage system procurement,

(5) Contractual relationships.

[40 FR 45726, Oct. 2, 1975; 40 FR 48512, Oct. 16, 1975]

8 267.5 National Security Information.

(a) Purpose and Scope. The purpose of this section is to provide regulations implementing the requirements in Executive Order 12065, National Security Information (hereinafter referred to as the Executive order), which deals with the protection, handling and classification of national security information in the custody of the Postal Service.

(b) Definitions. (1) In this section, "National Security Information" means information on the national defense and foreign relations of the United States that has been determined under the Executive Order or prior Orders to require protection against unauthorized disclosure and has been so designated.

(2) "Derivative Classification" means the carrying forward of a classification from one document to a newly created document that contains national security information which is in substance the same as information that is currently classified.

(3) "In the Custody of the Postal Service" means any national security information transmitted to and held by the U.S. Postal Service for the information and use of postal officials. (This does not include any national security information being transmitted via the U.S. Mail to or from a nonpostal organization.)

(c) Responsibility and authority. (1) The Postal Service Records Officer shall serve as the USPS National Security Information Oversight Officer. This officer shall:

(i) Conduct an active oversight program to ensure that the appropriate provisions of the Executive order are complied with;

(ii) Chair a committee composed of the Records Officer, the Chief Postal Inspector (USPS Security Officer), the General Counsel, the Executive Assistant to the Postmaster General, and the Director, Operating Policies Office, or their designees, with authority to act on all suggestions and complaints concerning the Postal Service's compliance with the Executive order;

(iii) Ensure that appropriate and prompt corrective action is taken whenever a postal employee knowingly, willfully and without authorization:

(A) Discloses national security information properly classified under the Executive order, or prior orders,

(B) Compromises properly classified information through negligence, or (C) Violates any provisions of the Executive order or its implementing regulations or procedures;

(iv) Inform the Director, Information Security Oversight Office, General Services Administration, whenever violations of paragraph (c)(1)(iii) of this section occur;

(v) In conjunction with the USPS Security Officer, prepare and issue instructions for the control, protection, and derivative classification of national security information in the custody of, and use by, the Postal Service. These instructions shall include requirements that:

(A) A demonstrable need for access to national security information is established before requesting the initiation of administrative clearance procedures;

(B) Ensure that the number of people granted access to national security information is reduced to and maintained at the minimum number consistent with operational requirements and needs;

(vi) Establish, staff and direct activities for controlling documents containing national security information at USPS Headquarters and provide functional direction to each Regional Records Control Officer;

(vii) As part of the overall program implementation, develop a training

program to familiarize appropriate postal employees of the requirements for control, protection and classification; and

(viii) Report to the USPS Security Officer any incidents of possible loss or compromise of national security information.

(2) The USPS Security Officer (the Chief Postal Inspector) shall:

(i) Provide technical guidance to the USPS Records Officer in implementing the national security information program;

(ii) Conduct investigations into reported program violations or loss or possible compromise of national security information and report any actual loss or compromise to the originating agency;

(iii) Periodically conduct an audit of the USPS national security information program;

(iv) Process requests for sensitive clearances; conduct the appropriate investigations and grant or deny a sensitive clearance to postal employees having an official "need to know" national security information; and

(v) Report to the Attorney General any evidence involving national security information of possible violations of federal criminal law by a USPS employee and of possible violations by any other person of those federal criminal laws specified in guidelines adopted by the Attorney General.

(3) All postal employees who have access to national security information shall:

(i) Be familiar with and follow all Program regulations and instructions;

(ii) Actively protect and be accountable for all national security information entrusted to their care; and

(iii) Immediately report to the USPS Records Officer and the USPS Security Officer any suspected or actual loss or compromise of national security information.

(d) Derivative classification. When applying derivative classifications to documents created by the Postal Service, the Postal Service shall:

(1) Respect original classification decisions;

(2) Verify the information's current level of classification so far as practi

cable before applying the markings; and

(3) Carry forward to any newly created documents the assigned dates or events for declassification or review and any additional authorized markings in accordance with section 2 of the Executive order.

(e) General provisions—(1) Dissemination. Except to the extent consistent with Section 102 of the National Security Act of 1947, 61 Stat. 495, 50 U.S.C. 403 (1970 and Supp. V 1975), national security information received by the U.S. Postal Service shall not be further disseminated to any other agency without the consent of the originating agency.

(2) Disposal. Classified documents no longer needed by the Postal Service shall be either properly destroyed or returned to the originating agency.

(3) Freedom of Information Act or Mandatory Review Requests. (i) Requests for documents made under the Freedom of Information Act (FOIA) and mandatory review requests (requests under section 3-501 of the Executive order for the declassification and release of information) should be submitted to: USPS Records Officer, U.S. Postal Service, Washington, D.C. 20260.

(ii) In response to an FOIA request or a mandatory review request, the Postal Service shall not refuse to confirm the existence or non-existence of a document, unless the fact of its existence or non-existence would itself be classifiable.

(iii) The Postal Service shall forward all FOIA and mandatory review requests for national security information in its custody (including that within records derivatively classified by the USPS) to the originating agency for review unless the agency objects on the grounds that its association with the information requires protection. The requester shall be notified that:

(A) The request was referred; and

(B) The originating agency will provide a direct response.

(4) Research requests. Requests from historical researchers for access to national security information shall be referred to the originating agency.

[44 FR 51224, Aug. 31, 1979, as amended at 45 FR 30069, May 7, 1980]

PART 268-PRIVACY OF INFORMATION-EMPLOYEE RULES OF CON

DUCT

Sec.

268.1 General principles.

268.2 Consequences of non-compliance.

§ 268.1 General principles.

In order to conduct its business, the Postal Service has the need to collect various types of personally identifiable information about its customers, employees and other individuals. Information of this nature has been entrusted to the Postal Service, and employees handling it have a legal and ethical obligation to hold it in confidence and to actively protect it from uses other than those compatible with the purpose for which the information was collected. This obligation is legally imposed by the Privacy Act of 1974, which places specific requirements upon all Federal agencies, including the Postal Service, and their employees. In implementation of these requirements, the following rules of conduct apply:

(a) Except as specifically authorized in § 266.4(b)(2) of this chapter, no employee shall disclose, directly or indirectly, the contents of any record about another individual to any person or organization. Managers are to provide guidance in this regard to all employees who must handle such information.

(b) No employee will maintain a secret system of records about individuals. All records systems containing personally identifiable information about individuals must be reported to the Records Officer.

(c) All employees shall adhere strictly to the procedures established by the U.S. Postal Service to ensure the confidentiality and integrity of information about individuals that is collected, maintained and used for official Postal Service business. Employees shall be held responsible for any violation of these procedures.

(39 U.S.C. 401)

[45 FR 44273, July 1, 1980]

§ 268.2 Consequences of non-compliance.

(a) The Privacy Act authorizes any individual, whether or not an employee, to bring a civil action in U.S. District Court to obtain judicial review of the failure of the Postal Service to comply with the requirements of the Act or its implementing regulations. In certain instances of willful or intentional non-compliance, the plaintiff may recover damages from the Postal Service in the minimum amount of $1,000 together with costs of the action and attorney fees.

(b) The Act provides criminal sanctions for individuals, including employees, who violate certain of its provisions.

(1) Any officer or employee who, by virtue of his employment or position, has possession of, or access to, official records which contain individually identifiable information and who, knowing that disclosure of the specific material is prohibited by Postal Service regulations, willfully discloses the material to a person or agency not entitled to receive it, shall be guilty of a misdemeanor and fined not more than $5,000.

(2) Any officer or employee who willfully maintains a system of records without meeting the notice requirements set forth in Postal Service regulations shall be guilty of a misdemeanor and fined not more than $5,000.

(3) Any person who knowingly and willfully requests or obtains any record concerning another individual from the Postal Service under false pretense shall be guilty of a misdemeanor and fined not more than $5,000.

(c) In addition to the criminal sanctions, any employee violating any provisions of these rules of conduct is subject to disciplinary action which may result in dismissal from the Postal Service.

(39 U.S.C. 401; Pub. L. 93-579, 88 Stat. 1896) [40 FR 45726, Oct. 2, 1975)

« ÎnapoiContinuă »