Delivering the goods online

From online bill paying to encrypted, digitally signed electronic documents, the U.S. Postal Service is turning to the Internet to move information that traditionally has been printed on paper and stuffed into an envelope.

The Internet is faster and cheaper, but there's a big problem: privacy.

Before many postal customers will be willing to send sensitive information via the Internet, they must be convinced that it's safe. That's Zoi Strickland's job as the Postal Service's first chief privacy officer.

The quasi-public agency joins a growing number of companies appointing chief privacy officers to oversee the development and enforcement of privacy policies. The job is part policy implementation, part public relations. Strickland, a Postal Service lawyer since 1991, began her new job March 7 and reports to the agency's vice president for consumer affairs.

"We have to make sure people feel comfortable" with how the Postal Service handles their personal and private information, Strickland said.

Shoring up customer confidence may prove a challenge amid almost daily reports of hackers, credit card thieves and junk e-mailers. But Strickland said the Postal Service starts from a position of strength. "We've got a very strong tradition of privacy in the hard-copy world, and we want to grow it in the online world," she said.

With the volume of first-class mail shrinking, the Postal Service is turning to the Internet for revenue. Already, it sells T-shirts, bill-paying services and more than $24 million worth of stamps online each year. And the agency intends to add digital signatures, document encryption and other online services.

But like most companies trying to sell goods and services online, the Postal Service faces "mounting customer anxiety," according to Forrester Research, a technology research company based in Cambridge, Mass.

"We are in the early stages of a sweeping change in attitudes that will fuel years of political battles and put once-routine business practices under the microscope," said Forrester analyst Jay Stanley.

Poll results released this month by Forrester show that "only 6 percent of North Americans have a high level of trust in how Web sites handle their personally identifiable information. Seven in eight express interest in legislation protecting Internet privacy."

Fear that Internet companies are tracking online activity and capturing names, addresses, phone numbers and credit card accounts is a major impediment to e-commerce.

People should be concerned, Strickland said. Information gleaned online enables marketers and others to build far more extensive profiles on consumers than in the nonelectronic marketplace.

For example, a coming Postal Service endeavor, MoversGuide.com, will enable customers to file changes of address online and, at the same time, change phone and utility services and make other moving arrangements.

For marketers, such information would be a gold mine, Strickland said. While the new service was being developed, the question of how the information would be handled was "a huge issue," she said. "There's no way we're going to release it."

Although the Postal Service itself may not divulge names and addresses to marketers, there has been concern in the past that some of its business partners with access to the information have done so, said Peter Swire, who was President Clinton's privacy adviser.

As the Postal Service does more online business, there is concern that it may be able to compare its vast databases ofnames and physical addresses against its growing database of e-mail addresses, and then link e-mail addresses to individual identities and physical addresses, he said.

The agency already collects some personal data when its customers buy products and services or make inquiries, according to the agency's Internet privacy policy. Often, the information is used for marketing purposes, Strickland said. Although it is a government agency, the Postal Service must be self-supporting.

As chief privacy officer, Strickland said she wants to give postal customers more control over their personal information. "One of the things we're looking at is a customer choice model" that would permit customers to specify how the Postal Service may use their information.

Thus, a customer who signs up for the online bill-paying service could choose to be notified—or not—about other online products and services. "Ninety percent of the people want that kind of choice," Strickland said.

Customer choice has become such a fundamental element of privacy that it is included in most privacy legislation, she said. About a dozen privacy bills have been introduced in Congress, and hundreds are pending in state legislatures, but so far few have passed, Strickland said. AeA, formerly the American Electronics Association, warns that passing online privacy laws "would only produce perverse effects, confusing businesses and consumers alike."

AeA argues for "industry self-regulation." As part of that effort, IBM Corp., American Express Co., EarthLink Inc. and others have appointed chief privacy officers.

But even a chief privacy officer can't solve all privacy problems, as the Postal Service warns in its online policy: "Remember that e-mail may not necessarily be secure against interception. If your e-mail communication is very sensitive, or includes information such as your bank account, charge card or Social Security number, you should send it by mail."