Section



[Code of Federal Regulations]
[Title 39, Volume 1]
[Revised as of January 1, 2007]
From the U.S. Government Printing Office via GPO Access
[CITE: 39CFR266.10]

[Page 129-130]
 
                        TITLE 39--POSTAL SERVICE
 
                 CHAPTER I--UNITED STATES POSTAL SERVICE
 
PART 266_PRIVACY OF INFORMATION--Table of Contents
 
Sec.  266.10  Computer matching.

    (a) General. Any agency or Postal Service component that wishes to 
use records from a Postal Service automated system of records in a 
computerized comparison with other postal or non-postal records must 
submit its proposal to the Postal Service Manager Records Office. 
Computer matching programs as defined in paragraph (c) of Sec.  262.5 
must be conducted in accordance with the Privacy Act, implementing 
guidance issued by the Office of Management and Budget and these 
regulations. Records may not be exchanged for a matching program until 
all procedural requirements of the Act and these regulations have been 
met. Other matching activities must be conducted in accordance with the 
Privacy Act and with the approval of the Manager, Records Office. See 
paragraph (b)(6) of Sec.  266.4.
    (b) Procedure for submission of matching proposals. A proposal must 
include information required for the matching agreement discussed in 
paragraph (d)(1) of this section. The Inspection Service must submit its 
proposals for matching programs and other matching activities to the 
Postal Service Manager Records Office through: Independent Counsel, 
Inspection Service, U.S. Postal Service, 475 L'Enfant Plaza SW, Rm 3417, 
Washington, DC 20260-2181. All other matching proposals, whether from 
postal organizations or other government agencies, must be mailed 
directly to: Manager, Records Office, U.S. Postal Service, 475 L'Enfant 
Plaza SW., Washington, DC 20260.
    (c) Lead time. Proposals must be submitted to the Postal Service 
Manager Records Office at least 3 months in advance of the anticipated 
starting date to allow time to meet Privacy Act publication and review 
requirements.
    (d) Matching agreements. The participants in a computer matching 
program must enter into a written agreement specifying the terms under 
which the matching program is to be conducted. The Manager, Records 
Office may require similar written agreements for other matching 
activities.
    (1) Content. Agreements must specify:
    (i) The purpose and legal authority for conducting the matching 
program;
    (ii) The justification for the program and the anticipated results, 
including, when appropriate, a specific estimate of any savings in terms 
of expected costs and benefits, in sufficient detail for the Data 
Integrity Board to make an informed decision;
    (iii) A description of the records that are to be matched, including 
the data elements to be used, the number of records, and the approximate 
dates of the matching program;
    (iv) Procedures for providing notice to individuals who supply 
information that the information may be subject to verification through 
computer matching programs;
    (v) Procedures for verifying information produced in a matching 
program and for providing individuals an opportunity to contest the 
findings in accordance with the requirement that an agency may not take 
adverse action against an individual as a result of information produced 
by a matching program until the agency has independently verified the 
information and provided the individual with due process;
    (vi) Procedures for ensuring the administrative, technical, and 
physical security of the records matched; for the retention and timely 
destruction of

[[Page 130]]

records created by the matching program; and for the use and return or 
destruction of records used in the program;
    (vii) Prohibitions concerning duplication and redisclosure of 
records exchanged, except where required by law or essential to the 
conduct of the matching program;
    (viii) Assessments of the accuracy of the records to be used in the 
matching program; and
    (ix) A statement that the Comptroller General may have access to all 
records of the participant agencies in order to monitor compliance with 
the agreement.
    (2) Approval. Before the Postal Service may participate in a 
computer matching program or other computer matching activity that 
involves both USPS and non-USPS records, the Data Integrity Board must 
have evaluated the proposed match and approved the terms of the matching 
agreement. To be effective, the matching agreement must receive approval 
by each member of the Board. Votes are collected by the Postal Service 
Manager Records Office. Agreements are signed on behalf of the Board by 
the Chairman. If a matching agreement is disapproved by the Board, any 
party may appeal the disapproval in writing to the Director, Office of 
Management and Budget, Washington, DC 20503-0001, within 30 days 
following the Board's written disapproval.
    (3) Effective dates. No matching agreement is effective until 40 
days after the date on which a copy is sent to Congress. The agreement 
remains in effect only as long as necessary to accomplish the specific 
matching purpose, but no longer than 18 months, at which time the 
agreement expires unless extended. The Data Integrity Board may extend 
an agreement for one additional year, without further review, if within 
3 months prior to expiration of the 18-month period it finds that the 
matching program is to be conducted without change, and each party to 
the agreement certifies that the program has been conducted in 
compliance with the matching agreement. Renewal of a continuing matching 
program that has run for the full 30-month period requires a new 
agreement that has received Data Integrity Board approval.

[59 FR 37161, July 21, 1994, as amended at 60 FR 57345, Nov. 15, 1995; 
64 FR 41291, July 30, 1999; 68 FR 56560, Oct. 1, 2003; 69 FR 34935, June 
23, 2004]