39 CFR § 266.2 - Responsibility.

§ 266.2 Responsibility.

(a) Privacy and Records Management Office. The Privacy and Records Management Office will ensure Postal Service-wide compliance with this part.

(b) Records Custodian. Records Custodians are responsible for adherence to this part within their respective units, and in particular for affording individuals their rights to inspect and obtain copies of records concerning them.

(c) Corporate Information Security Office. This office is responsible for ensuring compliance with information security policies, including protection of information resources containing customer, employee, or other individuals' information; developing policy for safeguarding and disposing of electronic records (including emails) that are maintained in information systems (including those that are subject to legal holds); serving as the central contact for information security issues; preventing and engaging in some investigation of cybercrime and misuse of Postal Service information technology resources; and providing security consultation as requested.

(d) Data Integrity Board—(1) Responsibilities. The Data Integrity Board oversees Postal Service computer matching activities. The Board's principal function is to review, approve, and maintain all written agreements for use of Postal Service records in matching programs to ensure compliance with the Privacy Act and all relevant statutes, regulations, and guidelines. In addition, the Board annually: Reviews matching programs and other matching activities in which the Postal Service has participated during the preceding year to determine compliance with applicable laws, regulations, and agreements; compiles a biennial matching report of matching activities; and performs review and advice functions relating to record accuracy, recordkeeping and disposal practices, and other computer matching activities.

(2) Composition. The Privacy Act requires that the senior official responsible for implementation of agency Privacy Act policy and the Inspector General serve on the Board. The Chief Privacy and Records Management Officer, as administrator of Postal Service Privacy Act policy, serves as Secretary of the Board and performs the administrative functions of the Board. The Board is composed of these and other members designated by the Postmaster General, as follows:

(i) General Counsel and Executive Vice President (Chairman).

(ii) Chief Postal Inspector.

(iii) Inspector General.

(iv) Chief Human Resources Officer and Executive Vice President.

(v) Chief Privacy and Records Management Officer.