Expands the main menu

Audit Reports

May
15
2014
Report Number:
HR-MA-14-007
Report Type:
Audit Reports
Category: Security

Passport Personally Identifiable Information

BACKGROUND:

This report responds to a request from U.S. Congressman Duncan Hunter of California regarding a constituent’s concern that the U.S. Postal Service compromised her daughter’s personally identifiable information (PII) while processing her passport application. PII is information used to determine or trace an individual’s identity.

The Postal Service has more than 5,300 passport acceptance facilities, which accepted about 5.3 million applications and collected passport revenue of more than $133.2 million in fiscal year 2013. The Postal Service, in conjunction with the U.S. Department of State (DOS), established policies and procedures to ensure the security of PII to avoid theft, misuse, or loss. In addition, the DOS inspects Postal Service passport facilities every 2 years as part of its oversight program.

Our objective was to evaluate the Postal Service’s procedures for protecting PII on passport applications.

WHAT THE OIG FOUND:

The Postal Service must strengthen its procedures for securing and protecting PII on passport applications. Although we found no indication the PII in question was compromised, Postal Service personnel did not always safeguard passport PII and provide customers with adequate privacy when processing passport applications. We also identified control weaknesses relating to transmittal forms and inconsistent passport procedures at the district level to address deficiencies the DOS identified. These issues occurred due to inadequate training and passport application procedures and conflicting criteria.

The DOS identified similar issues regarding the safeguarding of PII and passport application processing procedures in its reviews of Postal Service passport acceptance facilities. We identified about $64 million in annual revenue at risk if the Postal Service does not comply with established procedures.

WHAT THE OIG RECOMMENDED:

We recommended management implement controls to ensure that Postal Service personnel complete and document training; provide customers with adequate privacy during the passport application process; ensure transmittal forms are accurate, appropriately retained, and monitored; and ensure consistency of passport acceptance, compliance, and procedures to address deficiencies the DOS identified. 

Report Recommendations

# Recommendation Status Value Initial Management Response USPS Proposed Resolution OIG Response Final Resolution
1

R - 1 -- Ensure all acceptance agents have completed the required passport acceptance training.

 Closed $0 Disagree
2

R - 2 -- Require responsible personnel adhere to policies and procedures for appropriately safeguarding customers’ privacy and personally identifiable information associated with the passport acceptance process

 Closed $0 Disagree
3

R - 3 -- Revise the Postal Service Form 5659, Daily Passport Application (DS-11) Transmittal, to include instructions for monitoring and recording the delivery date of the completed passport application on the form.

 Closed $0 Agree
4

R - 4 -- Implement controls to ensure completed transmittal forms are independently reviewed for accuracy and retained as required by Postal Service policy.

 Closed $0 Disagree
5

R - 5 -- Revise the online version of the Administrative Support Manual to reflect the correct transmittal form retention period of 2 years.

 Closed $0 Agree
6

R - 6 -- Establish and implement policies and procedures identifying district management’s roles and responsibilities relating to passport acceptance procedures and remediation of deficiencies identified in Department of State reviews.

 Closed $0 Agree