Section



[Code of Federal Regulations]
[Title 39, Volume 1]
[Revised as of July 1, 2003]
From the U.S. Government Printing Office via GPO Access
[CITE: 39CFR266.10]

[Page 144-145]
 
                        TITLE 39--POSTAL SERVICE
 
                 CHAPTER I--UNITED STATES POSTAL SERVICE
 
PART 266--PRIVACY OF INFORMATION--Table of Contents
 
Sec. 266.10  Computer matching.

    (a) General. Any agency or Postal Service component that wishes to 
use records from a Postal Service automated system of records in a 
computerized comparison with other postal or non-postal records must 
submit its proposal to the USPS Freedom of Information/Privacy Acts 
Officer. Computer matching programs as defined in paragraph (c) of 
Sec. 262.5 must be conducted in accordance with the Privacy Act, 
implementing guidance issued by the Office of Management and Budget and 
these regulations. Records may not be exchanged for a matching program 
until all procedural requirements of the Act and these regulations have 
been met. Other matching activities must be conducted in accordance with 
the Privacy Act and with the approval of the Freedom of Information/
Privacy Acts Officer. See paragraph (b)(6) of Sec. 266.4.
    (b) Procedure for submission of matching proposals. A proposal must 
include information required for the matching agreement discussed in 
paragraph (d)(1) of this section. The Inspection Service must submit its 
proposals for matching programs and other matching activities to the 
USPS Freedom of Information/Privacy Acts Officer through: Independent 
Counsel, Inspection Service, U.S. Postal Service, 475 L'Enfant Plaza SW, 
Rm 3417, Washington, DC 20260-2181. All other matching proposals, 
whether from postal organizations or other government agencies, must be 
mailed directly to: Freedom of Information/Privacy Acts Officer, U.S. 
Postal Service, 475 L'Enfant Plaza SW., Washington, DC 20260-5202.
    (c) Lead time. Proposals must be submitted to the USPS Freedom of 
Information/Privacy Acts Officer at least 3 months in advance of the 
anticipated starting date to allow time to meet Privacy Act publication 
and review requirements.
    (d) Matching agreements. The participants in a computer matching 
program must enter into a written agreement specifying the terms under 
which the matching program is to be conducted. The Freedom of 
Information/Privacy Acts Officer may require similar written agreements 
for other matching activities.
    (1) Content. Agreements must specify:
    (i) The purpose and legal authority for conducting the matching 
program;
    (ii) The justification for the program and the anticipated results, 
including, when appropriate, a specific estimate of any savings in terms 
of expected costs and benefits, in sufficient detail for the Data 
Integrity Board to make an informed decision;
    (iii) A description of the records that are to be matched, including 
the data elements to be used, the number of records, and the approximate 
dates of the matching program;
    (iv) Procedures for providing notice to individuals who supply 
information that the information may be subject to verification through 
computer matching programs;
    (v) Procedures for verifying information produced in a matching 
program

[[Page 145]]

and for providing individuals an opportunity to contest the findings in 
accordance with the requirement that an agency may not take adverse 
action against an individual as a result of information produced by a 
matching program until the agency has independently verified the 
information and provided the individual with due process;
    (vi) Procedures for ensuring the administrative, technical, and 
physical security of the records matched; for the retention and timely 
destruction of records created by the matching program; and for the use 
and return or destruction of records used in the program;
    (vii) Prohibitions concerning duplication and redisclosure of 
records exchanged, except where required by law or essential to the 
conduct of the matching program;
    (viii) Assessments of the accuracy of the records to be used in the 
matching program; and
    (ix) A statement that the Comptroller General may have access to all 
records of the participant agencies in order to monitor compliance with 
the agreement.
    (2) Approval. Before the Postal Service may participate in a 
computer matching program or other computer matching activity that 
involves both USPS and non-USPS records, the Data Integrity Board must 
have evaluated the proposed match and approved the terms of the matching 
agreement. To be effective, the matching agreement must receive approval 
by each member of the Board. Votes are collected by the USPS Freedom of 
Information/Privacy Acts Officer. Agreements are signed on behalf of the 
Board by the Chairman. If a matching agreement is disapproved by the 
Board, any party may appeal the disapproval in writing to the Director, 
Office of Management and Budget, Washington, DC 20503-0001, within 30 
days following the Board's written disapproval.
    (3) Effective dates. No matching agreement is effective until 40 
days after the date on which a copy is sent to Congress. The agreement 
remains in effect only as long as necessary to accomplish the specific 
matching purpose, but no longer than 18 months, at which time the 
agreement expires unless extended. The Data Integrity Board may extend 
an agreement for one additional year, without further review, if within 
3 months prior to expiration of the 18-month period it finds that the 
matching program is to be conducted without change, and each party to 
the agreement certifies that the program has been conducted in 
compliance with the matching agreement. Renewal of a continuing matching 
program that has run for the full 30-month period requires a new 
agreement that has received Data Integrity Board approval.

[59 FR 37161, July 21, 1994, as amended at 60 FR 57345, Nov. 15, 1995; 
64 FR 41291, July 30, 1999]