Update: I just noticed the post office doesn't even consider an account number to be "personal information", at least according to this ruling.
It has been my habit for many years to routinely toss any "PRSRT STD" (as the envelope says) mail, on the theory that it shouldn't be of a personal nature. (I have long made an exception for credit card offers -- those always meet the shredder in any case).
However, I recently received a "PRSRT STD" letter in the mail which contained information of a very personal nature, as I realized while the letter was sailing towards the recycling bin. Incredibly miffed, I started researching the applicable laws so I could give the company a good dressing down, when I discovered it was all perfectly legal.
Apparently, while us consumers weren't paying attention, all the direct mailers got together and got the Post Office to change its rules on what kinds of matter have to be mailed First Class. Now, your credit card company can send you a letter which contains your account number via Standard Mail instead of First Class as long as the reason they are doing that is to try to advertise new services to you, and the account number is relevant to the advertisement.
For example, I just got an American Airlines mailing with my AAdvantage miles balance in it, mailed via Standard Mail. This is now perfectly acceptable. You may think it would be a stretch for a financial institution to try to use Standard Mail for account information, but you would be wrong, although thankfully, they need to be at least a little creative about it.
Ironically, one of the reasons I started using the Standard vs. First Class method of sorting mail was because of all of the envelopes which claimed to have "personal" information in them but didn't. The post office has been perfectly fine with this fraud for awhile now, so I started looking for other clues to aid in distinguishing real mail from advertisements, and honed in on the type of postage, which is always clearly visible on the front of the letter.
That apparently worked fine until sometime in late 2004. I shouldn't feel too bad about not realizing this stopped working until now -- apparently the post office still just tosses undeliverable Standard Class mail in the bin, as well. (Companies can avoid this by marking the mail "Return Service Requested" or "Forwarding Service Requested", but that actually costs money if the mail is returned as undeliverable, and we're talking about companies who have already shown a clear preference for their money over your privacy.)
This insecure disposal of private information would seem to go against the spirit of the Privacy Act. It might even go against the actual law, too -- the definition of "record" is arguably broad enough to include letters, and the Post office certainly "collects" and "disseminates" them.
Even worse, in this current political climate, "the mailing of articles at Standard Mail rates .. constitutes consent by the mailer to postal inspection of the contents." So you don't even need to be President Bush to open one of these puppies without a warrant.
Write your congressman, of course, but Congress and the post office may have been bought and sold on this issue, so unfortunately, we might have to fight it one business at a time. Check all your mail, and ask the companies and charities you do business with to update their privacy policies to indicate they will never communicate any of your personal information via Standard Mail.