Before the
United States Postal Service
Washington, D.C. 20260
In the Matter of Privacy Act of 1974; Postal Service Distribution Quality Improvement
COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER
AND PRIVACY RIGHTS CLEARINGHOUSE
August 13, 2004
The United States Postal Service has announced its intention to engage in a "Distribution Quality Improvement" (DQI) program where the government will use a commercially available name and address database to improve mail processing.[1] This backup system will be employed where addresses are inaccurate, incomplete, or illegible. Information available on the mailpiece will be matched against a commercially available database of names and addresses, and where a match if found, the USPS will spray an accurate delivery barcode onto the mailpiece. The USPS has articulated clear security and privacy standards for employment of DQI data once the information reaches the agency.
We applaud the USPS for carefully designing the DQI system with privacy in mind. Specifically, we support the USPS' use of the minimum necessary amount of information to perform address correction functions. We also think it important that USPS maintain its proposed policy of not providing information on names or addresses back to the commercial database vendor.
Our primary concern involves the increasing government reliance on commercial data brokers (CDBs). Commercial data brokers allow some government entities to perform an end-run around important privacy legislation, such as the Privacy Act of 1974.[2] Essentially, CDBs allow government to do what it cannot do legallybuild dossiers on every American without a legitimate agency purpose.
We think it important that the USPS require that any contractor hired to perform DQI voluntarily comply with a series of Fair Information Practices (FIPs) in all of their business functions. USPS has a unique opportunity here to promote best practices in the CDB field by choosing a vendor that promises to protect privacy.
We wish also to express here that while the USPS has clearly invested exhaustive analysis on distribution improvement, many Americans want a reduction in distribution. That is, they receive an inordinate and growing amount of unwanted commercial solicitations in the mail. Standard techniques to avoid these solicitations (such as limiting disclosure of home address information, using a private mailbox, prohibitory orders, etc.) have become increasingly ineffective, in part because of the sale of address information by CDBs and other businesses. Even where CDBs claim to offer the ability to opt-out of address sale and the exploitation of other personal information, barriers have been erected to consumers' choice.[3] In other communications systems, federal agencies have stepped in to supplement consumer choice where the market has failed to produce privacy. For instance, the Federal Trade and Federal Communications Commissions recently created the wildly popular and successful Telemarketing Do-Not-Call Registry. Just last week, the Federal Communications Commission prohibited wireless spam, and declared that unsolicited messages sent by the Short Message Service violate federal consumer protection laws.
Because existing methods of shielding the mailbox from unwanted commercial solicitations are ineffective and self-regulatory efforts have failed, we call upon the USPS to research and implement systems that would give individuals more control over the mailbox. One possibility is a Do-Not-Mail list, a system where individuals could set preferences to block saturation mailings and/or individually-addressed commercial solicitations.
Promoting Best Practices
The USPS has an excellent opportunity to raise accountability of CDBs by requiring successful bidders for the DQI system to comply with a series of best privacy practices. The USPS should require that the commercial vendor adhere to the following Fair Information Practices (FIPs):
- Collection Limitation Principle: There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.
- Data Quality Principle: Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.
- Purpose Specification Principle: The purposes for which personal data are collected should be specified not later than at the time of collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.
- Use Limitation Principle: Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with Purpose Specification Principle except: (a) with the consent of the data subject; or (b) by the authority of law.
- Security Safeguards Principle: Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data.
- Openness Principle: There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller.
- Individual Participation Principle: An individual should have the right:
(a) to obtain from the a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him;
(b) to have communicated to him, data relating to him within a reasonable time; at a charge, if any, that is not excessive; in a reasonable manner; and in a form that is readily intelligible to him;
(c) to be given reasons if a request made under sub-paragraphs (a) and (b) is denied, and to be able to challenge such denial; and
(d) to challenge data relating to him and, if the challenge is successful, to have the data erased, rectified, completed or amended. - Accountability Principle: A data controller should be accountable for complying with measures, which give effect to the principles stated above.
Other Recommendations
Recipients of mail have no way of knowing that the DQI system was employed on any given mailpiece. DQI corrects addresses by spraying an accurate barcode onto the mailpiece. The majority of mail recipients, upon seeing a DQI-generated barcode, will not realize that a commercial database was consulted to obtain accurate contact information.
In order to improve notice, encourage accuracy, and reduce reliance on commercial databases, we recommend that the USPS investigate whether a notice that the address was inaccurate, incomplete, or illegible could be sprayed on the mailpiece along with the barcode. A simple message, such as, "Inaccurate/Incomplete/Illegible Address Rectified Using DQI; Notify Sender of Correct Address," could alert recipients to errors and encourage them to contact the sender.
Respectfully submitted,
Chris Jay Hoofnagle |
Jordana Beebe Communications Director Privacy Rights Clearinghouse |
[1] Privacy Act of 1974, System of Records, 69 Fed. Reg. 42221 (Jul. 14, 2004),
to be codified at USPS 500.100.
[2] See Chris Jay Hoofnagle, Big Brother's Little Helpers: How ChoicePoint
and Other Commercial Data Brokers Collect and Package Your Data for Law Enforcement,
29 N.C.J. Int'l L. & Com. Reg. 595 (Summer 2004).
[3] See, e.g. Ryan Singel, Acxiom Opts Out of Opt-Out, Nov. 17, 2003, available
at http://www.wired.com/news/print/0,1294,61240,00.html (explaining that Acxiom,
a major CDB, will not honor bulk opt-out requests from Private Citizen, Inc.,
a company that for a small fee will opt out individuals from many different
list brokers and other sources of commercial mailings).
Last Updated:
August 13, 2004
Page URL: http://www.epic.org/privacy/postal/dqi_comment.html