Passport Personally Identifiable Information
BACKGROUND:
This report responds to a request from U.S. Congressman Duncan Hunter of California regarding a constituent’s concern that the U.S. Postal Service compromised her daughter’s personally identifiable information (PII) while processing her passport application. PII is information used to determine or trace an individual’s identity.
The Postal Service has more than 5,300 passport acceptance facilities, which accepted about 5.3 million applications and collected passport revenue of more than $133.2 million in fiscal year 2013. The Postal Service, in conjunction with the U.S. Department of State (DOS), established policies and procedures to ensure the security of PII to avoid theft, misuse, or loss. In addition, the DOS inspects Postal Service passport facilities every 2 years as part of its oversight program.
Our objective was to evaluate the Postal Service’s procedures for protecting PII on passport applications.
WHAT THE OIG FOUND:
The Postal Service must strengthen its procedures for securing and protecting PII on passport applications. Although we found no indication the PII in question was compromised, Postal Service personnel did not always safeguard passport PII and provide customers with adequate privacy when processing passport applications. We also identified control weaknesses relating to transmittal forms and inconsistent passport procedures at the district level to address deficiencies the DOS identified. These issues occurred due to inadequate training and passport application procedures and conflicting criteria.
The DOS identified similar issues regarding the safeguarding of PII and passport application processing procedures in its reviews of Postal Service passport acceptance facilities. We identified about $64 million in annual revenue at risk if the Postal Service does not comply with established procedures.
WHAT THE OIG RECOMMENDED:
We recommended management implement controls to ensure that Postal Service personnel complete and document training; provide customers with adequate privacy during the passport application process; ensure transmittal forms are accurate, appropriately retained, and monitored; and ensure consistency of passport acceptance, compliance, and procedures to address deficiencies the DOS identified.