Title 39
SECTION 266.9
266.9 Computer matching.
§ 266.9 Computer matching.(a) General. Any agency or Postal Service component that wishes to use records from a Postal Service automated system of records in a computerized comparison with other postal or non-postal records must submit its proposal to the Postal Service Privacy and Records Management Office. Computer matching programs as defined in § 262.5(c) must be conducted in accordance with the Privacy Act, as amended by the Computer Matching and Privacy Protection Act of 1988. Records may not be exchanged for a matching program until all procedural requirements of the Act and these regulations have been met. Other matching activities must be conducted in accordance with the Privacy Act and with the approval of the Privacy and Records Management Office. See § 266.3(b)(6).
(b) Procedure for submission of matching proposals. A proposal must include information required for the matching agreement discussed in paragraph (d)(1) of this section. The Inspection Service must submit its proposals for matching programs and other matching activities to the Privacy and Records Management Office through: Counsel, Inspection Service, U.S. Postal Service, 475 L'Enfant Plaza SW., Washington, DC 20260. All other matching proposals, whether from postal organizations or other government agencies, must be mailed directly to: Privacy and Records Management Office, U.S. Postal Service, 475 L'Enfant Plaza SW., Washington, DC 20260-1101.
(c) Lead time. Proposals must be submitted to the Postal Service Privacy and Records Management Office at least three months in advance of the anticipated starting date to allow time to meet Privacy Act publication and review requirements.
(d) Matching agreements. The participants in a computer matching program must enter into a written agreement specifying the terms under which the matching program is to be conducted. The Privacy and Records Management Office may require similar written agreements for other matching activities.
(1) Content. Agreements must specify:
(i) The purpose and legal authority for conducting the matching program;
(ii) The justification for the program and the anticipated results, including, when appropriate, a specific estimate of any savings in terms of expected costs and benefits, in sufficient detail for the Data Integrity Board to make an informed decision;
(iii) A description of the records that are to be matched, including the data elements to be used, the number of records, and the approximate dates of the matching program;
(iv) Procedures for providing notice to individuals who supply information that the information may be subject to verification through computer matching programs;
(v) Procedures for verifying information produced in a matching program and for providing individuals an opportunity to contest the findings in accordance with the requirement that an agency may not take adverse action against an individual as a result of information produced by a matching program until the agency has independently verified the information and provided the individual with due process;
(vi) Procedures for ensuring the administrative, technical, and physical security of the records matched; for the retention and timely destruction of records created by the matching program; and for the use and return or destruction of records used in the program;
(vii) Prohibitions concerning duplication and redisclosure of records exchanged, except where required by law or essential to the conduct of the matching program;
(viii) Assessments of the accuracy of the records to be used in the matching program; and
(ix) A statement that the Comptroller General may have access to all records of the participant agencies in order to monitor compliance with the agreement.
(2) Approval. Before the Postal Service may participate in a computer matching program or other computer matching activity that involves both USPS and non-USPS records, the Data Integrity Board must have evaluated the proposed match and unanimously approved the terms of the matching agreement. Agreements are executed by the Chairman of the Board. If a matching agreement is disapproved by the Board, any party may appeal the disapproval in writing to the Director, Office of Management and Budget, Washington, DC 20503, within 30 days following the Board's written disapproval.
(3) Effective dates. The agreement will become effective in accordance with the date in the matching agreement and as provided to Congress and the Office of Management and Budget and published in the Federal Register. The agreement remains in effect only as long as necessary to accomplish the specific matching purpose, but no longer than 18 months, at which time the agreement expires unless extended. The Data Integrity Board may extend an agreement for one additional year, without further review, if within three months prior to expiration of the 18-month period it finds that the matching program is to be conducted without change, and each party to the agreement certifies that the program has been conducted in compliance with the matching agreement. Renewal of a continuing matching program that has run for the full 30-month period requires a new agreement that has received Data Integrity Board approval.