Privacy Act of 1974; System of Records, 26155-26158 [E8-10183]
Download as PDF
<![CDATA[
Federal Register / Vol. 73, No. 90 / Thursday, May 8, 2008 / Notices
POSTAL SERVICE
Privacy Act of 1974; System of
Records
Postal Service.TM
Notice of modifications to three
existing systems of records.
AGENCY:
mstockstill on PROD1PC66 with NOTICES
ACTION:
SUMMARY: The Postal Service proposes
to revise the following existing systems
of records titled, ‘‘USPS 810.100, https://
www.usps.com Registration,’’ ‘‘USPS
810.200, https://www.usps.com Ordering,
Payment and Fulfillment,’’ and ‘‘USPS
860.000, Financial Transactions.’’ The
modifications clarify user information
in Categories of Records in the System,
Purpose, Retention and Disposal and
Systems Manager(s).
Background: The Postal Service’s
commitment to universal service is
based on a foundation of providing
secure products and services to postal
customers. As a trusted organization,
the Postal Service faces a variety of
security challenges which require
investigative, preventive, and security
responses.
The Postal Service works
collaboratively with internal and
external groups to ensure new postal
products and services are secure, thus
maintaining customers’ confidence in
the mail and satisfying their personal
and business needs.
This includes providing postal
customers with secure access to
products and services in all channels.
As online access to retail products and
services has grown, new types of
fraudulent activities have emerged to
challenge the security of online
transactions.
The Postal Service has responded by
developing fraud prevention initiatives
designed to protect the security of
financial transactions on usps.com.
These initiatives include enhanced
capabilities for ensuring the accuracy
and security of credit card transactions
conducted by national and international
customers on usps.com. Modifications
to the systems of records will be
reflected in the Categories of Records in
the System as it relates to businessspecific and user information, purpose,
and retention and disposal of online
user information.
DATES: The revisions will become
effective without further notice on June
9, 2008 unless comments received on or
before that date result in a contrary
determination.
ADDRESSES: Comments may be mailed
or delivered to the Records Office,
United States Postal Service, 475
L’Enfant Plaza, SW., Room 5821,
Washington, DC 20260–2200. Copies of
VerDate Aug<31>2005
17:22 May 07, 2008
Jkt 214001
all written comments will be available
at this address for public inspection and
photocopying between 8 a.m. and 4
p.m., Monday through Friday.
FOR FURTHER INFORMATION CONTACT:
Deborah D. Hubbard, 202–268–7119.
SUPPLEMENTARY INFORMATION: This
notice is in accordance with the Privacy
Act requirement that agencies publish
their amended systems of records in the
Federal Register when there is a
revision, change, or addition. The Postal
Service has reviewed its systems of
records and has determined that USPS
810.100, https://www.usps.com
Registration, should be revised to
modify existing categories of records in
the system, and retention and disposal
of such records. Collection, retention,
and disposal of user information will be
added to enhance the understanding
and fulfillment of customer needs and
for ensuring the security of registration
transactions conducted on usps.com.
In addition, the Postal Service has
reviewed its systems of records and has
determined that USPS 810.200, https://
www.usps.com Ordering, Payment and
Fulfillment, should be revised to modify
existing categories of records in the
system, purpose, and retention and
disposal of such records. Categories of
records in the system will be revised to
include online user information. The
purpose of collection will be revised to
support law enforcement investigations,
and retention and disposal of this
information will be added.
The Postal Service has also
determined that USPS 860.000,
Financial Transactions, should be
revised to include online user
information within the categories of
records in the system. The purpose of
collection will be revised to support law
enforcement investigations, and
retention and disposal of this
information will be added.
Privacy Act Systems of Records USPS
810.100, USPS 810.200, and USPS
860.000 were originally published in the
Federal Register on April 29, 2005 (70
FR 22548).
The Postal Service proposes
amending the systems as shown below:
USPS 810.100, https://www.usps.com
Registration
CATEGORIES OF RECORDS IN THE SYSTEM AND
RETENTION AND DISPOSAL:
[Revise to read as follows:]
*
*
*
*
Categories of Records in the System
will be changed to read:
7. Online user information: Internet
Protocol (IP) address, domain name,
operating system versions, browser
*
PO 00000
Frm 00082
Fmt 4703
Sfmt 4703
26155
version, date and time of connection,
and geographic location.
Retention and Disposal will be
changed to read:
4. Online user information may be
retained for 6 months.
Additionally, the System Manager(s)
title has been changed to Chief
Marketing Officer and Executive Vice
President.
USPS 810.200, https://www.usps.com
Ordering, Payment and Fulfillment
CATEGORIES OF RECORDS IN THE SYSTEM,
PURPOSE, RETENTION AND DISPOSAL, AND
SYSTEM MANAGER:
[Revise to read as follows:]
*
*
*
*
Categories of Records in the System
will be changed to read:
5. Online user information: Internet
Protocol (IP) address, domain name,
operating system version, browser
version, date and time of connection,
and geographic location.
Purpose will be changed to read:
5. To support investigations related to
law enforcement for fraudulent financial
transactions.
Retention and Disposal will be
changed to read:
3. Online user information may be
retained for 6 months.
Additionally, the System Manager(s)
and Address will reflect the following
addition:
Chief Financial Officer and Executive
Vice President, 475 L’Enfant Plaza, SW.,
Washington, DC 20260.
Also, the existing System Manager’s
title has been changed to Chief
Marketing Officer and Executive Vice
President.
*
USPS 860.000, Financial Transactions
CATEGORIES OF RECORDS IN THE SYSTEM,
PURPOSE AND RETENTION AND DISPOSAL AND
SYSTEM MANAGER:
[Revise to read as follows:]
*
*
*
*
Categories of Records in the System
will be changed to read:
7. Online user information: Internet
Protocol (IP) address, domain name,
operating system version, browser
version, date and time of connection,
and geographic location.
Purpose will be changed to read:
4. To support investigations related to
law enforcement for fraudulent financial
transactions.
Retention and Disposal will be
changed to read:
8. Online user information may be
retained for 6 months.
Additionally, the System Manager(s)
title has been changed to Chief
*
E:\FR\FM\08MYN1.SGM
08MYN1
26156
Federal Register / Vol. 73, No. 90 / Thursday, May 8, 2008 / Notices
ROUTINE USES OF RECORDS IN THE SYSTEM,
INCLUDING CATEGORIES OF USERS AND THE
PURPOSES OF SUCH USES:
Marketing Officer and Executive Vice
President.
*
*
*
*
*
Standard routine uses 1 through 7, 10,
and 11 apply.
USPS 810.100, https://www.usps.com
Registration
SYSTEM LOCATION:
Computer Operations Service Centers.
STORAGE:
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
Customers who register via the USPS
Web site at https://www.usps.com.
CATEGORIES OF RECORDS IN THE SYSTEM:
1. Customer information: Name;
customer ID(s); company name; job title
and role; home, business, and billing
address; home and business phone and
fax number; e-mail; URL; and
Automated Clearing House (ACH)
information.
2. Identity verification information:
Question, answer, username, user ID,
and password.
3. Business-specific information:
Business type and location, business
IDs, annual revenue, number of
employees, industry, nonprofit rate
status, product usage information,
annual and/or monthly shipping budget,
payment method and information,
planned use of product, and age of Web
site.
4. Customer preferences: Preferences
to receive USPS marketing information,
preferences to receive marketing
information from USPS partners,
preferred means of contact, preferred
e-mail format, product and/or service
marketing preference.
5. Customer feedback: Method of
referral to Web site.
6. Registration information: Date of
registration.
7. Online user Information: Internet
Protocol (IP) address, domain name,
operating system versions, browser
version, date and time of connection,
and geographic location.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
39 U.S.C. 401, 403, and 404.
mstockstill on PROD1PC66 with NOTICES
1. To provide online registration with
single sign on services for customers.
2. To obtain accurate contact
information in order to deliver
requested products, services, and other
material.
3. To authenticate customer logon
information for https://www.usps.com.
4. To permit customer feedback in
order to improve https://www.usps.com
or USPS products and services.
5. To enhance understanding and
fulfillment of customer needs.
17:22 May 07, 2008
Jkt 214001
Automated database, computer
storage media, and paper.
RETRIEVABILITY:
By customer name, customer ID(s),
phone number, or mail or e-mail
address.
SAFEGUARDS:
Paper records, computers, and
computer storage media are located in
controlled-access areas under
supervision of program personnel.
Access to these areas is limited to
authorized personnel, who must be
identified with a badge.
Access to records is limited to
individuals whose official duties require
such access. Contractors and licensees
are subject to contract controls and
unannounced on-site audits and
inspections.
Computers are protected by
mechanical locks, card key systems, or
other physical access control methods.
The use of computer systems is
regulated with installed security
software, computer logon
identifications, and operating system
controls including access controls,
terminal and transaction logging, and
file management software. Online data
transmissions are protected by
encryption.
For small business registration,
computer storage tapes and disks are
maintained in controlled-access areas or
under general scrutiny of program
personnel. Access is controlled by logon
ID and password as authorized by the
Marketing organization via secure Web
site. Online data transmissions are
protected by encryption.
RETENTION AND DISPOSAL:
PURPOSE(S):
VerDate Aug<31>2005
POLICIES AND PRACTICES FOR STORING,
RETRIEVING, ACCESSING, RETAINING, AND
DISPOSING OF RECORDS IN THE SYSTEM:
1. ACH records are retained up to 2
years.
2. Records stored in the registration
database are retained until the customer
cancels the profile record, 3 years after
the customer last accesses records, or
until the relationship ends.
3. For small business registration,
records are retained 5 years after the
relationship ends.
4. Online user information may be
retained for 6 months.
Records existing on paper are
destroyed by burning, pulping, or
PO 00000
Frm 00083
Fmt 4703
Sfmt 4703
shredding. Records existing on
computer storage media are destroyed
according to the applicable USPS media
sanitization practice.
SYSTEM MANAGER(S) AND ADDRESS:
Chief Marketing Officer and Executive
Vice President, United States Postal
Service, 475 L’Enfant Plaza SW.,
Washington, DC 20260.
NOTIFICATION PROCEDURE:
Customers wanting to know if
information about them is maintained in
this system of records must address
inquiries in writing to the system
manager. Inquiries must contain name,
address, and other identifying
information.
RECORD ACCESS PROCEDURES:
Requests for access must be made in
accordance with the Notification
Procedure above and USPS Privacy Act
regulations regarding access to records
and verification of identity under 39
CFR 266.6.
CONTESTING RECORD PROCEDURES:
See Notification Procedure and
Record Access Procedures above.
RECORD SOURCE CATEGORIES:
Customers.
USPS 810.200, https://www.usps.com
Ordering, Payment, and Fulfillment
SYSTEM LOCATION:
Computer Operations Service Centers.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
Customers who place orders and/or
make payment for USPS products and
services through https://www.usps.com.
CATEGORIES OF RECORDS IN THE SYSTEM:
1. Customer information: Name,
customer ID(s), phone and/or fax
number, mail address and e-mail
address.
2. Payment information: Credit and/or
debit card number, type, and expiration
date, billing information, ACH
information.
3. Shipping and transaction
information: Product and/or service ID
numbers, descriptions, and prices; name
and address(es) of recipients; order
number and delivery status; electronic
address lists; electronic documents or
images; job number.
4. Claims submitted for defective
merchandise.
5. Online user information: Internet
Protocol (IP) address, domain name,
operating system versions, browser
version, date and time of connection,
and geographic location.
E:\FR\FM\08MYN1.SGM
08MYN1
Federal Register / Vol. 73, No. 90 / Thursday, May 8, 2008 / Notices
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
39 U.S.C. 401, 403, and 404.
PURPOSE(S):
1. To fulfill orders for USPS products
and services.
2. To promote increased use of the
mail by providing electronic document
preparation and mailing services for
customers.
3. To provide shipping supplies and
services, including return receipts and
labels.
4. To provide recurring ordering and
payment services for products and
services.
5. To support investigations related to
law enforcement for fraudulent financial
transactions.
ROUTINE USES OF RECORDS IN THE SYSTEM,
INCLUDING CATEGORIES OF USERS AND THE
PURPOSES OF SUCH USES:
Standard routine uses 1 through 7, 10,
and 11 apply. In addition:
a. Customs declaration records may be
disclosed to domestic and foreign
customs officials pursuant to 19 U.S.C.
2071 (note) and international
agreements or regulations.
POLICIES AND PRACTICES FOR STORING,
RETRIEVING, ACCESSING, RETAINING, AND
DISPOSING OF RECORDS IN THE SYSTEM:
Automated databases, computer
storage media, and paper.
RETRIEVABILITY:
By customer name, customer ID(s),
phone number, mail or e-mail address,
or job number.
mstockstill on PROD1PC66 with NOTICES
SAFEGUARDS:
Paper records, computers, and
computer storage media are located in
controlled-access areas under
supervision of program personnel.
Access to these areas is limited to
authorized personnel, who must be
identified with a badge.
Access to records is limited to
individuals whose official duties require
such access. Contractors and licensees
are subject to contract controls and
unannounced on-site audits and
inspections.
Computers are protected by
mechanical locks, card key systems, or
other physical access control methods.
The use of computer systems is
regulated with installed security
software, computer logon
identifications, and operating system
controls including access controls,
terminal and transaction logging, and
file management software.
Online data transmission is protected
by encryption, dedicated lines, and
authorized access codes. For shipping
17:22 May 07, 2008
Jkt 214001
RETENTION AND DISPOSAL:
1. Records related to mailing online
and online tracking and/or confirmation
services supporting a customer order are
retained for up to 30 days from
completion of fulfillment of the order,
unless retained longer by request of the
customer. Records related to shipping
services and domestic and international
labels are retained up to 90 days.
Delivery Confirmation and return
receipt records are retained for 6
months. Signature Confirmation records
are retained for 1 year. ACH records are
retained for up to 2 years.
2. Other customer records are retained
for 3 years after the customer
relationship ends.
3. Online user information may be
retained for 6 months.
Records existing on paper are
destroyed by burning, pulping, or
shredding. Records existing on
computer storage media are destroyed
according to the applicable USPS media
sanitization practice.
SYSTEM MANAGER(S) AND ADDRESS:
STORAGE:
VerDate Aug<31>2005
supplies, data is protected within a
stand-alone system within a controlledaccess facility.
Chief Financial Officer and Executive
Vice President, 475 L’Enfant Plaza, SW.,
Washington, DC 20260.
Chief Marketing Officer and Executive
Vice President, United States Postal
Service, 475 L’Enfant Plaza SW.,
Washington, DC 20260.
NOTIFICATION PROCEDURE:
Customers wanting to know if
information about them is maintained in
this system of records must address
inquiries in writing to the system
manager. Inquiries must contain name,
address, customer ID(s), and order
number, if known.
RECORD ACCESS PROCEDURES:
Requests for access must be made in
accordance with the Notification
Procedure above and USPS Privacy Act
regulations regarding access to records
and verification of identity under 39
CFR 266.6.
CONTESTING RECORD PROCEDURES:
See Notification Procedure and
Record Access Procedures above.
RECORD SOURCE CATEGORIES:
Customers.
USPS 860.000, Financial Transactions
SYSTEM LOCATION:
USPS Headquarters; Integrated
Business Solutions Services Centers;
Accounting Service Centers; anti-money
PO 00000
Frm 00084
Fmt 4703
Sfmt 4703
26157
laundering support group; and
contractor sites.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
1. Customers who use online payment
or funds transfer services.
2. Customers who file claims or make
inquiries related to online payment
services, funds transfers, money orders,
and stored-value cards.
3. Customers who purchase funds
transfers or stored-value cards in an
amount of $1000 or more per day, or
money orders in an amount of $3000 or
more per day, or who purchase or
redeem any such services in a manner
requiring collection of information as
potential suspicious activities under
anti-money laundering requirements.
Recipients of funds transfers and the
beneficiaries of funds from money
orders totaling $10,000 in 1 day.
CATEGORIES OF RECORDS IN THE SYSTEM:
1. Customer information: Name,
customer ID(s), mail and e-mail address,
telephone number, occupation, type of
business, and customer history.
2. Identity verification information:
Date of birth, username and/or ID,
password, Social Security Number
(SSN) or tax ID number, and driver’s
license number (or other type of ID if
driver’s license is not available, such as
Alien Registration Number, Passport
Number, Military ID, Tax ID Number).
(Note: For online payment services, SSNs
are collected, but not retained, in order to
verify ID.)
3. Billers registered for online
payment services: Biller name and
contact information, bill detail, and bill
summaries.
4. Transaction information: Name,
address, and phone number of
purchaser, payee, and biller; amount,
date, and location; credit and/or debit
card number, type, and expiration;
sales, refunds, and fees; type of service
selected and status; sender and recipient
bank account and routing number; bill
detail and summaries; transaction
number, serial number, and/or reference
number or other identifying number,
pay out agent name and address; type of
payment, currency, and exchange rate;
Post Office information such as location,
phone number, and terminal; employee
ID numbers, license number and state,
and employee comments.
5. Information to determine credit
worthiness: Period at current residence,
previous address, and period of time
with same phone number.
6. Information related to claims and
inquiries: Name, address, phone
number, signature, SSN, location where
product was purchased, date of issue,
E:\FR\FM\08MYN1.SGM
08MYN1
26158
Federal Register / Vol. 73, No. 90 / Thursday, May 8, 2008 / Notices
amount, serial number, and claim
number.
7. Online user information: Internet
Protocol (IP) address, domain name,
operating system versions, browser
version, date and time of connection,
and geographic location.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
39 U.S.C. 401, 403, and 404; 31 U.S.C.
5318, 5325, 5331, and 7701.
PURPOSE(S):
1. To provide financial products and
services.
2. To respond to inquiries and claims
related to financial products and
services.
3. To fulfill requirements of antimoney laundering statutes and
regulations.
4. To support investigations related to
law enforcement for fraudulent financial
transactions.
Access to records is limited to
individuals whose official duties require
such access. Contractors and licensees
are subject to contract controls and
unannounced on-site audits and
inspections.
Computers are protected by
mechanical locks, card key systems, or
other physical access control methods.
The use of computer systems is
regulated with installed security
software, computer logon
identifications, and operating system
controls including access controls,
terminal and transaction logging, and
file management software. Online data
transmissions are protected by
encryption.
RETENTION AND DISPOSAL:
For online payment and funds
transfer services, information is
retrieved by customer name, customer
ID(s), transaction number, or address.
Claim information is retrieved by
name of purchaser or payee, claim
number, serial number, transaction
number, check number, customer ID(s),
or ZIP Code.
Information related to anti-money
laundering is retrieved by customer
name; SSN; alien registration, passport,
or driver’s license number; serial
number; transaction number; ZIP Code;
transaction date; data entry operator
number; and employee comments.
1. Summary records, including bill
due date, bill amount, biller
information, biller representation of
account number, and the various status
indicators, are retained 2 years from the
date of processing.
2. For funds transfers, transaction
records are retained 3 years.
3. Records related to claims are
retained up to 3 years from date of final
action on the claim.
4. Forms related to fulfillment of antimoney laundering requirements are
retained 5 years from the end of the
calendar quarter in which they were
created.
5. Related automated records are
retained the same 5-year period and
purged from the system quarterly after
the date of creation.
6. Enrollment records related to
online payment services are retained 7
years after the subscriber’s account
ceases to be active or the service is
cancelled.
7. Account banking records, including
payment history, Demand Deposit
Account (DDA) number, and routing
number, are retained 7 years from the
date of processing.
8. Online user information may be
retained for 6 months.
Records existing on paper are
destroyed by burning, pulping, or
shredding.
Records existing on computer storage
media are destroyed according to the
applicable USPS media sanitization
practice.
SAFEGUARDS:
SYSTEM MANAGER(S) AND ADDRESS:
Paper records, computers, and
computer storage media are located in
controlled-access areas under
supervision of program personnel.
Access to these areas is limited to
authorized personnel, who must be
identified with a badge.
Chief Financial Officer and Executive
Vice President, 475 L’Enfant Plaza, SW.,
Washington DC 20260.
Chief Marketing Officer and Executive
Vice President, United States Postal
Service, 475 L’Enfant Plaza, SW.,
Washington, DC 20260.
ROUTINE USES OF RECORDS IN THE SYSTEM,
INCLUDING CATEGORIES OF USERS AND THE
PURPOSES OF SUCH USES:
Standard routine uses 1 through 7, 10,
and 11 apply. Legally required
disclosures to agencies for law
enforcement purposes include
disclosures of information relating to
money orders, funds transfers, and
stored-value cards as required by antimoney laundering statutes and
regulations.
POLICIES AND PRACTICES FOR STORING,
RETRIEVING, ACCESSING, RETAINING, AND
DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Automated database, computer
storage media, microfiche, and paper.
mstockstill on PROD1PC66 with NOTICES
RETRIEVABILITY:
VerDate Aug<31>2005
17:22 May 07, 2008
Jkt 214001
PO 00000
Frm 00085
Fmt 4703
Sfmt 4703
NOTIFICATION PROCEDURE:
For online payment services, funds
transfers, and stored-value cards,
individuals wanting to know if
information about them is maintained in
this system must address inquiries in
writing to the Chief Marketing Officer.
Inquiries must contain name, address,
and other identifying information, as
well as the transaction number for funds
transfers.
For money order claims and antimoney laundering documentation,
inquiries should be addressed to the
Chief Financial Officer. Inquiries must
include name, address, or other
identifying information of the purchaser
(such as driver’s license, Alien
Registration Number, Passport Number,
etc.), and serial or transaction number.
Information collected for anti-money
laundering purposes will only be
provided in accordance with Federal
anti-money laundering laws and
regulations.
RECORD ACCESS PROCEDURES:
Requests for access must be made in
accordance with the Notification
Procedure above and USPS Privacy Act
regulations regarding access to records
and verification of identity under 39
CFR 266.6.
CONTESTING RECORD PROCEDURES:
See Notification Procedure and
Record Access Procedures above.
RECORD SOURCE CATEGORIES:
Customers, recipients, financial
institutions, and USPS employees.
SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS
OF THE ACT:
USPS has established regulations at
39 CFR 266.9 that exempt information
contained in this system of records from
various provisions of the Privacy Act in
order to conform to the prohibition in
the Bank Secrecy Act, 31 U.S.C.
5318(g)(2), against notification of the
individual that a suspicious transaction
has been reported.
Neva R. Watson,
Attorney, Legislative.
[FR Doc. E8–10183 Filed 5–7–08; 8:45 am]
BILLING CODE 7710–12–P
E:\FR\FM\08MYN1.SGM
08MYN1
]]>Agencies
[Federal Register Volume 73, Number 90 (Thursday, May 8, 2008)]
[Notices]
[Pages 26155-26158]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E8-10183]
[[Page 26155]]
=======================================================================
-----------------------------------------------------------------------
POSTAL SERVICE
Privacy Act of 1974; System of Records
AGENCY: Postal Service.TM
ACTION: Notice of modifications to three existing systems of records.
-----------------------------------------------------------------------
SUMMARY: The Postal Service proposes to revise the following existing
systems of records titled, ``USPS 810.100, https://www.usps.com
Registration,'' ``USPS 810.200, https://www.usps.com Ordering, Payment
and Fulfillment,'' and ``USPS 860.000, Financial Transactions.'' The
modifications clarify user information in Categories of Records in the
System, Purpose, Retention and Disposal and Systems Manager(s).
Background: The Postal Service's commitment to universal service is
based on a foundation of providing secure products and services to
postal customers. As a trusted organization, the Postal Service faces a
variety of security challenges which require investigative, preventive,
and security responses.
The Postal Service works collaboratively with internal and external
groups to ensure new postal products and services are secure, thus
maintaining customers' confidence in the mail and satisfying their
personal and business needs.
This includes providing postal customers with secure access to
products and services in all channels. As online access to retail
products and services has grown, new types of fraudulent activities
have emerged to challenge the security of online transactions.
The Postal Service has responded by developing fraud prevention
initiatives designed to protect the security of financial transactions
on usps.com. These initiatives include enhanced capabilities for
ensuring the accuracy and security of credit card transactions
conducted by national and international customers on usps.com.
Modifications to the systems of records will be reflected in the
Categories of Records in the System as it relates to business-specific
and user information, purpose, and retention and disposal of online
user information.
DATES: The revisions will become effective without further notice on
June 9, 2008 unless comments received on or before that date result in
a contrary determination.
ADDRESSES: Comments may be mailed or delivered to the Records Office,
United States Postal Service, 475 L'Enfant Plaza, SW., Room 5821,
Washington, DC 20260-2200. Copies of all written comments will be
available at this address for public inspection and photocopying
between 8 a.m. and 4 p.m., Monday through Friday.
FOR FURTHER INFORMATION CONTACT: Deborah D. Hubbard, 202-268-7119.
SUPPLEMENTARY INFORMATION: This notice is in accordance with the
Privacy Act requirement that agencies publish their amended systems of
records in the Federal Register when there is a revision, change, or
addition. The Postal Service has reviewed its systems of records and
has determined that USPS 810.100, https://www.usps.com Registration,
should be revised to modify existing categories of records in the
system, and retention and disposal of such records. Collection,
retention, and disposal of user information will be added to enhance
the understanding and fulfillment of customer needs and for ensuring
the security of registration transactions conducted on usps.com.
In addition, the Postal Service has reviewed its systems of records
and has determined that USPS 810.200, https://www.usps.com Ordering,
Payment and Fulfillment, should be revised to modify existing
categories of records in the system, purpose, and retention and
disposal of such records. Categories of records in the system will be
revised to include online user information. The purpose of collection
will be revised to support law enforcement investigations, and
retention and disposal of this information will be added.
The Postal Service has also determined that USPS 860.000, Financial
Transactions, should be revised to include online user information
within the categories of records in the system. The purpose of
collection will be revised to support law enforcement investigations,
and retention and disposal of this information will be added.
Privacy Act Systems of Records USPS 810.100, USPS 810.200, and USPS
860.000 were originally published in the Federal Register on April 29,
2005 (70 FR 22548).
The Postal Service proposes amending the systems as shown below:
USPS 810.100, https://www.usps.com Registration
CATEGORIES OF RECORDS IN THE SYSTEM AND RETENTION AND DISPOSAL:
[Revise to read as follows:]
* * * * *
Categories of Records in the System will be changed to read:
7. Online user information: Internet Protocol (IP) address, domain
name, operating system versions, browser version, date and time of
connection, and geographic location.
Retention and Disposal will be changed to read:
4. Online user information may be retained for 6 months.
Additionally, the System Manager(s) title has been changed to Chief
Marketing Officer and Executive Vice President.
USPS 810.200, https://www.usps.com Ordering, Payment and Fulfillment
CATEGORIES OF RECORDS IN THE SYSTEM, PURPOSE, RETENTION AND DISPOSAL,
AND SYSTEM MANAGER:
[Revise to read as follows:]
* * * * *
Categories of Records in the System will be changed to read:
5. Online user information: Internet Protocol (IP) address, domain
name, operating system version, browser version, date and time of
connection, and geographic location.
Purpose will be changed to read:
5. To support investigations related to law enforcement for
fraudulent financial transactions.
Retention and Disposal will be changed to read:
3. Online user information may be retained for 6 months.
Additionally, the System Manager(s) and Address will reflect the
following addition:
Chief Financial Officer and Executive Vice President, 475 L'Enfant
Plaza, SW., Washington, DC 20260.
Also, the existing System Manager's title has been changed to Chief
Marketing Officer and Executive Vice President.
USPS 860.000, Financial Transactions
CATEGORIES OF RECORDS IN THE SYSTEM, PURPOSE AND RETENTION AND DISPOSAL
AND SYSTEM MANAGER:
[Revise to read as follows:]
* * * * *
Categories of Records in the System will be changed to read:
7. Online user information: Internet Protocol (IP) address, domain
name, operating system version, browser version, date and time of
connection, and geographic location.
Purpose will be changed to read:
4. To support investigations related to law enforcement for
fraudulent financial transactions.
Retention and Disposal will be changed to read:
8. Online user information may be retained for 6 months.
Additionally, the System Manager(s) title has been changed to Chief
[[Page 26156]]
Marketing Officer and Executive Vice President.
* * * * *
USPS 810.100, https://www.usps.com Registration
System Location:
Computer Operations Service Centers.
Categories of Individuals Covered by the System:
Customers who register via the USPS Web site at https://
www.usps.com.
Categories of Records in the System:
1. Customer information: Name; customer ID(s); company name; job
title and role; home, business, and billing address; home and business
phone and fax number; e-mail; URL; and Automated Clearing House (ACH)
information.
2. Identity verification information: Question, answer, username,
user ID, and password.
3. Business-specific information: Business type and location,
business IDs, annual revenue, number of employees, industry, nonprofit
rate status, product usage information, annual and/or monthly shipping
budget, payment method and information, planned use of product, and age
of Web site.
4. Customer preferences: Preferences to receive USPS marketing
information, preferences to receive marketing information from USPS
partners, preferred means of contact, preferred e-mail format, product
and/or service marketing preference.
5. Customer feedback: Method of referral to Web site.
6. Registration information: Date of registration.
7. Online user Information: Internet Protocol (IP) address, domain
name, operating system versions, browser version, date and time of
connection, and geographic location.
Authority for Maintenance of the System:
39 U.S.C. 401, 403, and 404.
Purpose(s):
1. To provide online registration with single sign on services for
customers.
2. To obtain accurate contact information in order to deliver
requested products, services, and other material.
3. To authenticate customer logon information for https://
www.usps.com.
4. To permit customer feedback in order to improve https://
www.usps.com or USPS products and services.
5. To enhance understanding and fulfillment of customer needs.
Routine Uses of Records in the System, Including Categories of Users
and the Purposes of Such Uses:
Standard routine uses 1 through 7, 10, and 11 apply.
Policies and Practices for Storing, Retrieving, Accessing, Retaining,
and Disposing of Records in the System:
Storage:
Automated database, computer storage media, and paper.
Retrievability:
By customer name, customer ID(s), phone number, or mail or e-mail
address.
Safeguards:
Paper records, computers, and computer storage media are located in
controlled-access areas under supervision of program personnel. Access
to these areas is limited to authorized personnel, who must be
identified with a badge.
Access to records is limited to individuals whose official duties
require such access. Contractors and licensees are subject to contract
controls and unannounced on-site audits and inspections.
Computers are protected by mechanical locks, card key systems, or
other physical access control methods. The use of computer systems is
regulated with installed security software, computer logon
identifications, and operating system controls including access
controls, terminal and transaction logging, and file management
software. Online data transmissions are protected by encryption.
For small business registration, computer storage tapes and disks
are maintained in controlled-access areas or under general scrutiny of
program personnel. Access is controlled by logon ID and password as
authorized by the Marketing organization via secure Web site. Online
data transmissions are protected by encryption.
Retention and Disposal:
1. ACH records are retained up to 2 years.
2. Records stored in the registration database are retained until
the customer cancels the profile record, 3 years after the customer
last accesses records, or until the relationship ends.
3. For small business registration, records are retained 5 years
after the relationship ends.
4. Online user information may be retained for 6 months.
Records existing on paper are destroyed by burning, pulping, or
shredding. Records existing on computer storage media are destroyed
according to the applicable USPS media sanitization practice.
System Manager(s) and Address:
Chief Marketing Officer and Executive Vice President, United States
Postal Service, 475 L'Enfant Plaza SW., Washington, DC 20260.
Notification Procedure:
Customers wanting to know if information about them is maintained
in this system of records must address inquiries in writing to the
system manager. Inquiries must contain name, address, and other
identifying information.
Record Access Procedures:
Requests for access must be made in accordance with the
Notification Procedure above and USPS Privacy Act regulations regarding
access to records and verification of identity under 39 CFR 266.6.
Contesting Record Procedures:
See Notification Procedure and Record Access Procedures above.
Record Source Categories:
Customers.
USPS 810.200, https://www.usps.com Ordering, Payment, and Fulfillment
System Location:
Computer Operations Service Centers.
Categories of Individuals Covered by the System:
Customers who place orders and/or make payment for USPS products
and services through https://www.usps.com.
Categories of Records in the System:
1. Customer information: Name, customer ID(s), phone and/or fax
number, mail address and e-mail address.
2. Payment information: Credit and/or debit card number, type, and
expiration date, billing information, ACH information.
3. Shipping and transaction information: Product and/or service ID
numbers, descriptions, and prices; name and address(es) of recipients;
order number and delivery status; electronic address lists; electronic
documents or images; job number.
4. Claims submitted for defective merchandise.
5. Online user information: Internet Protocol (IP) address, domain
name, operating system versions, browser version, date and time of
connection, and geographic location.
[[Page 26157]]
Authority for Maintenance of the System:
39 U.S.C. 401, 403, and 404.
Purpose(s):
1. To fulfill orders for USPS products and services.
2. To promote increased use of the mail by providing electronic
document preparation and mailing services for customers.
3. To provide shipping supplies and services, including return
receipts and labels.
4. To provide recurring ordering and payment services for products
and services.
5. To support investigations related to law enforcement for
fraudulent financial transactions.
Routine Uses of Records in the System, Including Categories of Users
and the Purposes of Such Uses:
Standard routine uses 1 through 7, 10, and 11 apply. In addition:
a. Customs declaration records may be disclosed to domestic and
foreign customs officials pursuant to 19 U.S.C. 2071 (note) and
international agreements or regulations.
Policies and Practices for Storing, Retrieving, Accessing, Retaining,
and Disposing of Records in the System:
Storage:
Automated databases, computer storage media, and paper.
Retrievability:
By customer name, customer ID(s), phone number, mail or e-mail
address, or job number.
Safeguards:
Paper records, computers, and computer storage media are located in
controlled-access areas under supervision of program personnel. Access
to these areas is limited to authorized personnel, who must be
identified with a badge.
Access to records is limited to individuals whose official duties
require such access. Contractors and licensees are subject to contract
controls and unannounced on-site audits and inspections.
Computers are protected by mechanical locks, card key systems, or
other physical access control methods. The use of computer systems is
regulated with installed security software, computer logon
identifications, and operating system controls including access
controls, terminal and transaction logging, and file management
software.
Online data transmission is protected by encryption, dedicated
lines, and authorized access codes. For shipping supplies, data is
protected within a stand-alone system within a controlled-access
facility.
Retention and Disposal:
1. Records related to mailing online and online tracking and/or
confirmation services supporting a customer order are retained for up
to 30 days from completion of fulfillment of the order, unless retained
longer by request of the customer. Records related to shipping services
and domestic and international labels are retained up to 90 days.
Delivery Confirmation and return receipt records are retained for 6
months. Signature Confirmation records are retained for 1 year. ACH
records are retained for up to 2 years.
2. Other customer records are retained for 3 years after the
customer relationship ends.
3. Online user information may be retained for 6 months.
Records existing on paper are destroyed by burning, pulping, or
shredding. Records existing on computer storage media are destroyed
according to the applicable USPS media sanitization practice.
System Manager(s) and Address:
Chief Financial Officer and Executive Vice President, 475 L'Enfant
Plaza, SW., Washington, DC 20260.
Chief Marketing Officer and Executive Vice President, United States
Postal Service, 475 L'Enfant Plaza SW., Washington, DC 20260.
Notification Procedure:
Customers wanting to know if information about them is maintained
in this system of records must address inquiries in writing to the
system manager. Inquiries must contain name, address, customer ID(s),
and order number, if known.
Record Access Procedures:
Requests for access must be made in accordance with the
Notification Procedure above and USPS Privacy Act regulations regarding
access to records and verification of identity under 39 CFR 266.6.
Contesting Record Procedures:
See Notification Procedure and Record Access Procedures above.
Record Source Categories:
Customers.
USPS 860.000, Financial Transactions
System Location:
USPS Headquarters; Integrated Business Solutions Services Centers;
Accounting Service Centers; anti-money laundering support group; and
contractor sites.
Categories of Individuals Covered by the System:
1. Customers who use online payment or funds transfer services.
2. Customers who file claims or make inquiries related to online
payment services, funds transfers, money orders, and stored-value
cards.
3. Customers who purchase funds transfers or stored-value cards in
an amount of $1000 or more per day, or money orders in an amount of
$3000 or more per day, or who purchase or redeem any such services in a
manner requiring collection of information as potential suspicious
activities under anti-money laundering requirements. Recipients of
funds transfers and the beneficiaries of funds from money orders
totaling $10,000 in 1 day.
Categories of Records in the System:
1. Customer information: Name, customer ID(s), mail and e-mail
address, telephone number, occupation, type of business, and customer
history.
2. Identity verification information: Date of birth, username and/
or ID, password, Social Security Number (SSN) or tax ID number, and
driver's license number (or other type of ID if driver's license is not
available, such as Alien Registration Number, Passport Number, Military
ID, Tax ID Number).
(Note: For online payment services, SSNs are collected, but not
retained, in order to verify ID.)
3. Billers registered for online payment services: Biller name and
contact information, bill detail, and bill summaries.
4. Transaction information: Name, address, and phone number of
purchaser, payee, and biller; amount, date, and location; credit and/or
debit card number, type, and expiration; sales, refunds, and fees; type
of service selected and status; sender and recipient bank account and
routing number; bill detail and summaries; transaction number, serial
number, and/or reference number or other identifying number, pay out
agent name and address; type of payment, currency, and exchange rate;
Post Office information such as location, phone number, and terminal;
employee ID numbers, license number and state, and employee comments.
5. Information to determine credit worthiness: Period at current
residence, previous address, and period of time with same phone number.
6. Information related to claims and inquiries: Name, address,
phone number, signature, SSN, location where product was purchased,
date of issue,
[[Page 26158]]
amount, serial number, and claim number.
7. Online user information: Internet Protocol (IP) address, domain
name, operating system versions, browser version, date and time of
connection, and geographic location.
Authority for Maintenance of the System:
39 U.S.C. 401, 403, and 404; 31 U.S.C. 5318, 5325, 5331, and 7701.
Purpose(s):
1. To provide financial products and services.
2. To respond to inquiries and claims related to financial products
and services.
3. To fulfill requirements of anti-money laundering statutes and
regulations.
4. To support investigations related to law enforcement for
fraudulent financial transactions.
Routine Uses of Records in the System, Including Categories of Users
and the Purposes of Such Uses:
Standard routine uses 1 through 7, 10, and 11 apply. Legally
required disclosures to agencies for law enforcement purposes include
disclosures of information relating to money orders, funds transfers,
and stored-value cards as required by anti-money laundering statutes
and regulations.
Policies and Practices for Storing, Retrieving, Accessing, Retaining,
and Disposing of Records in the System:
Storage:
Automated database, computer storage media, microfiche, and paper.
Retrievability:
For online payment and funds transfer services, information is
retrieved by customer name, customer ID(s), transaction number, or
address.
Claim information is retrieved by name of purchaser or payee, claim
number, serial number, transaction number, check number, customer
ID(s), or ZIP Code.
Information related to anti-money laundering is retrieved by
customer name; SSN; alien registration, passport, or driver's license
number; serial number; transaction number; ZIP Code; transaction date;
data entry operator number; and employee comments.
Safeguards:
Paper records, computers, and computer storage media are located in
controlled-access areas under supervision of program personnel. Access
to these areas is limited to authorized personnel, who must be
identified with a badge.
Access to records is limited to individuals whose official duties
require such access. Contractors and licensees are subject to contract
controls and unannounced on-site audits and inspections.
Computers are protected by mechanical locks, card key systems, or
other physical access control methods. The use of computer systems is
regulated with installed security software, computer logon
identifications, and operating system controls including access
controls, terminal and transaction logging, and file management
software. Online data transmissions are protected by encryption.
Retention and Disposal:
1. Summary records, including bill due date, bill amount, biller
information, biller representation of account number, and the various
status indicators, are retained 2 years from the date of processing.
2. For funds transfers, transaction records are retained 3 years.
3. Records related to claims are retained up to 3 years from date
of final action on the claim.
4. Forms related to fulfillment of anti-money laundering
requirements are retained 5 years from the end of the calendar quarter
in which they were created.
5. Related automated records are retained the same 5-year period
and purged from the system quarterly after the date of creation.
6. Enrollment records related to online payment services are
retained 7 years after the subscriber's account ceases to be active or
the service is cancelled.
7. Account banking records, including payment history, Demand
Deposit Account (DDA) number, and routing number, are retained 7 years
from the date of processing.
8. Online user information may be retained for 6 months.
Records existing on paper are destroyed by burning, pulping, or
shredding.
Records existing on computer storage media are destroyed according
to the applicable USPS media sanitization practice.
System Manager(s) and Address:
Chief Financial Officer and Executive Vice President, 475 L'Enfant
Plaza, SW., Washington DC 20260.
Chief Marketing Officer and Executive Vice President, United States
Postal Service, 475 L'Enfant Plaza, SW., Washington, DC 20260.
Notification Procedure:
For online payment services, funds transfers, and stored-value
cards, individuals wanting to know if information about them is
maintained in this system must address inquiries in writing to the
Chief Marketing Officer. Inquiries must contain name, address, and
other identifying information, as well as the transaction number for
funds transfers.
For money order claims and anti-money laundering documentation,
inquiries should be addressed to the Chief Financial Officer. Inquiries
must include name, address, or other identifying information of the
purchaser (such as driver's license, Alien Registration Number,
Passport Number, etc.), and serial or transaction number. Information
collected for anti-money laundering purposes will only be provided in
accordance with Federal anti-money laundering laws and regulations.
Record Access Procedures:
Requests for access must be made in accordance with the
Notification Procedure above and USPS Privacy Act regulations regarding
access to records and verification of identity under 39 CFR 266.6.
Contesting Record Procedures:
See Notification Procedure and Record Access Procedures above.
Record Source Categories:
Customers, recipients, financial institutions, and USPS employees.
Systems Exempted From Certain Provisions of the Act:
USPS has established regulations at 39 CFR 266.9 that exempt
information contained in this system of records from various provisions
of the Privacy Act in order to conform to the prohibition in the Bank
Secrecy Act, 31 U.S.C. 5318(g)(2), against notification of the
individual that a suspicious transaction has been reported.
Neva R. Watson,
Attorney, Legislative.
[FR Doc. E8-10183 Filed 5-7-08; 8:45 am]
BILLING CODE 7710-12-P
