More than 40 million Americans change their addresses annually and submit change of address (COA) orders to the U.S. Postal Service. Customers can submit orders electronically through the Internet or submit hard copy orders through the mail or at a Post Office retail counter. The Postal Service provides COA information for a fee through National Change of Address Linkage (NCOALink) to licensees who facilitate relationships with business mailers. NCOA Link is an application containing about 160 million COA records. The Postal Service requires licensees and their customers to complete a Processing Acknowledgment Form (acknowledgement form) to comply with the Privacy Act of 1974 and document the companies’ intended use of the data.

Our objectives were to determine whether security controls over the COA manual process and NCOALink data adequately protect the confidentiality and integrity of customer data and identify potential solutions for improving the Postal Service’s acknowledgement form process.

What The OIG Found

Security controls over the COA manual processes and NCOALink data are not sufficient to protect the confidentiality and integrity of customer information. We visited one of the 22 Computerized Forwarding System sites and found personnel did not adhere to controls related to processing and retaining hard copy COA orders.

As a result, there is a risk that unauthorized users could access COA data and NCOALink data could be breached, which could lead to fines and a negative impact on the Postal Service brand. We estimated 13,554,542 NCOALink customer records with a potential value of $228 million are at risk.

In addition, management does not have an enterprise solution in place or plan to automate the acknowledgement form process.

What The OIG Recommended

We recommended management centralize user account management in eAccess for the COA Forms Processing System, and store hard copy COA orders in accordance with policy. We also recommended management re-initiate the National Change of Address certification and accreditation process, upgrade outdated security software, identify all cooperative database mailers and their activities, and implement a process to ensure current Postal Service requirements are in all license agreements to protect customer information.

Finally, we recommended management implement a plan of action for conducting random site security reviews of licensees and evaluate potential solutions and benefits of automating the acknowledgement form process.