Privacy Act of 1974; System of Records, 64164-64166 [2018-26428]
Download as PDF
<![CDATA[
64164
Federal Register / Vol. 83, No. 239 / Thursday, December 13, 2018 / Notices
POSTAL SERVICE
Product Change—Priority Mail
Negotiated Service Agreement
Postal ServiceTM.
Notice.
AGENCY:
ACTION:
The Postal Service gives
notice of filing a request with the Postal
Regulatory Commission to add a
domestic shipping services contract to
the list of Negotiated Service
Agreements in the Mail Classification
Schedule’s Competitive Products List.
DATES: Date of required notice:
December 13, 2018.
FOR FURTHER INFORMATION CONTACT:
Elizabeth Reed, 202–268–3179.
SUPPLEMENTARY INFORMATION: The
United States Postal Service® hereby
gives notice that, pursuant to 39 U.S.C.
3642 and 3632(b)(3), on December 6,
2018, it filed with the Postal Regulatory
Commission a USPS Request to Add
Priority Mail Contract 488 to
Competitive Product List. Documents
are available at www.prc.gov, Docket
Nos. MC2019–39, CP2019–41.
SUMMARY:
Elizabeth Reed,
Attorney, Corporate and Postal Business Law.
[FR Doc. 2018–26940 Filed 12–12–18; 8:45 am]
BILLING CODE 7710–12–P
POSTAL SERVICE
Privacy Act of 1974; System of
Records
Postal Service TM.
ACTION: Notice of a modified system of
records.
AGENCY:
In accordance with the
Privacy Act of 1974, the United States
Postal Service® (Postal Service) is
revising the notice for Privacy Act
System of Records USPS 910.000,
Identity and Document Verification
Services.
SUMMARY:
These revisions will become
effective without further notice on
January 14, 2019 unless comments
received on or before that date result in
a contrary determination.
ADDRESSES: Comments may be mailed
or delivered to the Privacy and Records
Management Office, United States
Postal Service, 475 L’Enfant Plaza SW,
Room 1P830, Washington, DC 20260–
1101. Copies of all written comments
will be available at this address for
public inspection and photocopying
between 8 a.m. and 4 p.m., Monday
through Friday.
FOR FURTHER INFORMATION CONTACT:
Janine Castorina, Chief Privacy and
amozie on DSK3GDR082PROD with NOTICES1
DATES:
VerDate Sep<11>2014
17:12 Dec 12, 2018
Jkt 247001
Records Management Officer, Privacy
and Records Management Office, 202–
268–3069 or privacy@usps.gov.
SUPPLEMENTARY INFORMATION: This
notice is in accordance with the Privacy
Act requirement that agencies publish
their systems of records in the Federal
Register when there is a revision,
change, or addition, or when the agency
establishes a new system of records. As
detailed below, the Postal Service has
determined that USPS 910.000, Identity
and Document Verification Services
should be revised to modify Categories
of Individuals Covered by the System,
Categories of Records in the System,
Purpose(s), and Retention and Disposal.
The changes are being made to:
a. Support the new Address Matching
Database, which will be used to
identify, prevent and mitigate
fraudulent activity within the Change of
Address and Hold Mail processes.
b. Allow for the scanning of
Government issued IDs at retail
locations for the purposes of verifying
identity for customers who need postal
products and services.
c. To enhance the Postal Service’s
existing remote identity proofing with a
Phone Validation and One-Time
Passcode solution.
The new Address Matching Database
is being implemented to identify,
prevent and mitigate fraudulent activity
within the Change of Address and Hold
Mail processes. The Postal Service is
establishing a dataflow between existing
customer systems and the Address
Matching Database. This dataflow will
allow the Address Matching Database
to: confirm if there is an address match
when a new Hold Mail request is
submitted; confirm the presence of a
Change of Address request when a Hold
Mail request is submitted during a 30
day time frame; and confirm the
presence of a Hold Mail request when
a Change of Address request is
submitted during a 30 day time frame.
The Address Matching Database will
also send confirmation notifications to
customers who submit a Hold Mail
request.
The capability to scan Government
issued IDs is being implemented to
verify identity when requesting
government-issued ID to reduce
fraudulent cases surrounding USPS
programs and the disposition of certain
customer mail services. This will
provide the Postal Service the ability to
capture and store information provided
in the 2-Dimensional barcode on
government issued photo IDs (e.g. Stateissued driver or non-driver licenses and
military IDs).
The Phone Validation and One-Time
Passcode solution is being implemented
PO 00000
Frm 00068
Fmt 4703
Sfmt 4703
to enhance the Postal Service’s existing
remote identity proofing solution and to
detect, to the best extent possible, the
presentation of fraudulent identities by
a malicious user. The Postal Service’s
objective in implementing the Phone
Validation and One-Time Passcode
solution is to ensure the user is who
they claim to be to a stated level of
certitude. The validation and
verification of the minimum attributes
necessary is used to accomplish identity
proofing.
Pursuant to 5 U.S.C. 552a(e)(11),
interested persons are invited to submit
written data, views, or arguments on
this proposal. A report of the proposed
revisions has been sent to Congress and
to the Office of Management and Budget
for their evaluations. The Postal Service
does not expect these amended systems
of records to have any adverse effect on
individual privacy rights. The notice for
USPS 910.000, Identity and Document
Verification Services, provided below in
its entirety, is as follows:
SYSTEM NAME AND NUMBER:
USPS 910.000, Identity and Document
Verification Services.
SYSTEM CLASSIFICATION:
None.
SYSTEM LOCATION:
USPS Marketing, Headquarters;
Integrated Business Solutions Services
Centers; and contractor sites.
SYSTEM MANAGER(S)
Chief Information Officer and
Executive Vice President, United States
Postal Service, 475 L’Enfant Plaza SW,
Washington, DC 20260–1500; (202) 268–
6900.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
39 U.S.C. 401, 403, 404, and 411.
PURPOSE(S) OF THE SYSTEM:
1. To provide services related to
identity and document verification
services.
2. To issue and manage public key
certificates, user registration, email
addresses, and/or electronic postmarks.
3. To provide secure mailing services.
4. To protect business and personal
communications.
5. To enhance personal identity and
privacy protections.
6. To improve the customer
experience and facilitate the provision
of accurate and reliable delivery
information.
7. To identify, prevent, or mitigate the
effects of fraudulent transactions.
8. To support other Federal
Government Agencies by providing
authorized services.
E:\FR\FM\13DEN1.SGM
13DEN1
Federal Register / Vol. 83, No. 239 / Thursday, December 13, 2018 / Notices
9. To ensure the quality and integrity
of records.
10. To enhance the customer
experience by improving the security of
Change of Address (COA) and Hold
Mail processes.
11. To protect USPS customers from
becoming potential victims of mail
fraud and identity theft.
12. To identify and mitigate potential
fraud in the COA and Hold Mail
processes.
13. To verify a customer’s identity
when applying for COA and Hold Mail
services.
14. To provide an audit trail for COA
and Hold Mail requests (linked to the
identity of the submitter).
15. To enhance remote identity
proofing with a Phone Validation and
One-Time Passcode solution.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
1. Customers who apply for identity
and document verification services.
2. Customers who may require
identity verification for Postal products
and services.
amozie on DSK3GDR082PROD with NOTICES1
CATEGORIES OF RECORDS IN THE SYSTEM:
1. Customer information: Name,
address, customer ID(s), telephone
number, text message number and
carrier, mail and email address, date of
birth, place of birth, company name,
title, role, and employment status.
2. Customer preference information:
Preferred means of contact.
3. Authorized User Information:
Names and contact information of users
who are authorized to have access to
data.
4. Verification and payment
information: Credit and/or debit card
information or other account number,
government issued ID type and number,
verification question and answer, and
payment confirmation code. (Note:
Social Security Number and credit and/
or debit card information are collected,
but not stored, in order to verify ID.)
5. Biometric information: Fingerprint,
photograph, height, weight, and iris
scans. (Note: Information may be
collected, secured, and returned to
customer or third parties at the direction
of the customer, but not stored.)
6. Digital certificate information:
Customer’s public key(s), certificate
serial numbers, distinguished name,
effective dates of authorized certificates,
certificate algorithm, date of revocation
or expiration of certificate, and USPSauthorized digital signature.
7. Online user information: Device
identification.
8. Transaction information: Clerk
signature; transaction type, date and
VerDate Sep<11>2014
17:12 Dec 12, 2018
Jkt 247001
time, location, source of transaction;
product use and inquiries; Change of
Address (COA) and Hold Mail
transactional data.
9. Electronic information: Information
related to encrypted or hashed
documents.
10. Recipient information: Electronic
signature ID, electronic signature image,
electronic signature expiration date, and
timestamp.
RECORD SOURCE CATEGORIES:
Customers.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
Standard routine uses 1. through 7.,
10., and 11. apply.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
By customer name, customer ID(s),
distinguished name, certificate serial
number, receipt number, and
transaction date.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
1. Records related to Pending Public
Key Certificate Application Files are
added as received to an electronic
database, moved to the authorized
certificate file when they are updated
with the required data, and records not
updated within 90 days from the date of
receipt are destroyed.
2. Records related to the Public Key
Certificate Directory are retained in an
electronic database, are consistently
updated, and records are destroyed as
they are superseded or deleted.
3. Records related to the Authorized
Public Key Certificate Master File are
retained in an electronic database for
the life of the authorized certificate.
4. When the certificate is revoked, it
is moved to the certificate revocation
file.
5. The Public Key Certificate
Revocation List is cut off at the end of
each calendar year and records are
retained 30 years from the date of cutoff.
Records may be retained longer with
customer consent or request.
6. Other records in this system are
retained 7 years, unless retained longer
by request of the customer.
7. Records related to electronic
signatures are retained in an electronic
database for 3 years.
8. Other categories of records are
retained for a period of up to 30 days.
9. Driver’s License data will be
retained for 5 years.
10. COA and Hold Mail transactional
data will be retained for 5 years.
Records existing on paper are
destroyed by burning, pulping, or
PO 00000
Frm 00069
Fmt 4703
Sfmt 4703
64165
shredding. Records existing on
computer storage media are destroyed
according to the applicable USPS media
sanitization practice.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
Paper records, computers, and
computer storage media are located in
controlled-access areas under
supervision of program personnel.
Access to these areas is limited to
authorized personnel, who must be
identified with a badge.
Access to records is limited to
individuals whose official duties require
such access. Contractors and licensees
are subject to contract controls and
unannounced on-site audits and
inspections.
Computers are protected by
mechanical locks, card key systems, or
other physical access control methods.
The use of computer systems is
regulated with installed security
software, computer logon
identifications, and operating system
controls including access controls,
terminal and transaction logging, and
file management software.
Key pairs are protected against
cryptanalysis by encrypting the private
key and by using a shared secret
algorithm to protect the encryption key,
and the certificate authority key is
stored in a separate, tamperproof,
hardware device. Activities are audited,
and archived information is protected
from corruption, deletion, and
modification.
For authentication services and
electronic postmark, electronic data is
transmitted via secure socket layer (SSL)
encryption to a secured data center.
Computer media are stored within a
secured, locked room within the facility.
Access to the database is limited to the
system administrator, database
administrator, and designated support
personnel. Paper forms are stored
within a secured area within locked
cabinets.
RECORD ACCESS PROCEDURES:
Requests for access must be made in
accordance with the Notification
Procedure above and USPS Privacy Act
regulations regarding access to records
and verification of identity under 39
CFR 266.6.
CONTESTING RECORD PROCEDURES:
See Notification Procedures below
and Record Access Procedures above.
NOTIFICATION PROCEDURES:
Customers wanting to know if other
information about them is maintained in
this system of records must address
inquiries in writing to the system
E:\FR\FM\13DEN1.SGM
13DEN1
64166
Federal Register / Vol. 83, No. 239 / Thursday, December 13, 2018 / Notices
manager, and include their name and
address.
Date of required notice:
December 13, 2018.
DATES:
FOR FURTHER INFORMATION CONTACT:
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
Elizabeth Reed, 202–268–3179.
The
United States Postal Service® hereby
gives notice that, pursuant to 39 U.S.C.
3642 and 3632(b)(3), on December 6,
2018, it filed with the Postal Regulatory
Commission a USPS Request to Add
Priority Mail Contract 487 to
Competitive Product List. Documents
are available at www.prc.gov, Docket
Nos. MC2019–38, CP2019–40.
SUPPLEMENTARY INFORMATION:
HISTORY:
December 22, 2017, 82 FR 60776;
August 29, 2014, 79 FR 51627; October
24, 2011, 76 FR 65756; April 29, 2005,
70 FR 22516.
*
*
*
*
*
Brittany M. Johnson,
Attorney, Federal Compliance.
[FR Doc. 2018–26428 Filed 12–12–18; 8:45 am]
Elizabeth Reed,
Attorney, Corporate and Postal Business Law.
BILLING CODE 7710–12–P
[FR Doc. 2018–26939 Filed 12–12–18; 8:45 am]
BILLING CODE 7710–12–P
POSTAL SERVICE
Product Change—Priority Mail
Negotiated Service Agreement
SECURITIES AND EXCHANGE
COMMISSION
Postal ServiceTM.
Notice.
AGENCY:
ACTION:
[Release No. 34–84761; File No. SR–NYSE–
2011–55]
The Postal Service gives
notice of filing a request with the Postal
Regulatory Commission to add a
domestic shipping services contract to
the list of Negotiated Service
Agreements in the Mail Classification
Schedule’s Competitive Products List.
DATES: Date of required notice:
December 13, 2018.
FOR FURTHER INFORMATION CONTACT:
Elizabeth Reed, 202–268–3179.
SUPPLEMENTARY INFORMATION: The
United States Postal Service® hereby
gives notice that, pursuant to 39 U.S.C.
3642 and 3632(b)(3), on December 6,
2018, it filed with the Postal Regulatory
Commission a USPS Request to Add
Priority Mail Contract 489 to
Competitive Product List. Documents
are available at www.prc.gov, Docket
Nos. MC2019–40, CP2019–42.
SUMMARY:
Elizabeth Reed,
Attorney, Corporate and Postal Business Law.
[FR Doc. 2018–26941 Filed 12–12–18; 8:45 am]
BILLING CODE 7710–12–P
Self-Regulatory Organizations; New
York Stock Exchange LLC; Order
Granting an Extension to Limited
Exemptions From Rule 612(c) of
Regulation NMS in Connection With
the Exchange’s Retail Liquidity
Program Until June 30, 2019
December 10, 2018.
On July 3, 2012, the Securities and
Exchange Commission (‘‘Commission’’)
issued an order pursuant to its authority
under Rule 612(c) of Regulation NMS
(‘‘Sub-Penny Rule’’) 1 that granted the
New York Stock Exchange LLC
(‘‘NYSE’’) a limited exemption from the
Sub-Penny Rule in connection with the
operation of the Exchange’s Retail
Liquidity Program (‘‘Program’’).2 The
limited exemption was granted
concurrently with the Commission’s
approval of the Exchange’s proposal to
adopt its Program for a one-year pilot
term.3 The exemption was granted
coterminous with the effectiveness of
the pilot Program; both the pilot
Program and exemption are scheduled
to expire on December 31, 2018.4
POSTAL SERVICE
1 17
Product Change—Priority Mail
Negotiated Service Agreement
Postal ServiceTM.
ACTION: Notice.
amozie on DSK3GDR082PROD with NOTICES1
AGENCY:
The Postal Service gives
notice of filing a request with the Postal
Regulatory Commission to add a
domestic shipping services contract to
the list of Negotiated Service
Agreements in the Mail Classification
Schedule’s Competitive Products List.
SUMMARY:
VerDate Sep<11>2014
17:12 Dec 12, 2018
Jkt 247001
CFR 242.612(c).
Securities Exchange Act Release No. 67347
(July 3, 2012), 77 FR 40673 (July 10, 2012) (SR–
NYSE–2011–55; SR–NYSEAmex–2011–84)
(‘‘Order’’).
3 See id.
4 On July 30, 2013, the Exchange requested an
extension of the exemption for the Program. See
Letter from Janet McGinness, SVP and Corporate
Secretary, NYSE Euronext, to Elizabeth M. Murphy,
Secretary, Commission, dated July 30, 2013. The
pilot period for the Program was extended until July
31, 2014. See Securities Exchange Act Release No.
70096 (August 2, 2013), 78 FR 48520 (August 8,
2013) (SR–NYSE–2013–48). On July 30, 2014, the
Exchange requested another extension of the
2 See
PO 00000
Frm 00070
Fmt 4703
Sfmt 4703
The Exchange now seeks a six month
extension of the exemption, which
would be until June 30, 2019.5 The
Exchange’s request was made in
exemption for the Program. See Letter from Martha
Redding, Chief Counsel, NYSE, to Kevin M O’Neill,
Deputy Secretary, Commission, dated July 30, 2014.
The pilot period for the Program was extended until
March 31, 2015. See Securities Exchange Act
Release No. 72629 (July 16, 2014), 79 FR 42564
(July 22, 2014) (SR–NYSE–2014–35). On February
27, 2015, the Exchange requested another extension
of the exemption for the Program. See Letter from
Martha Redding, Senior Counsel, NYSE, to Brent J.
Fields, Secretary, Commission, dated February 27,
2015. The pilot period for the Program was
extended until September 30, 2015. See Securities
Exchange Act Release No. 74454 (March 6, 2015),
80 FR 13054 (March 12, 2015) (SR–NYSE–2015–10).
On September 17, 2015, the Exchange requested
another extension of the exemption for the Program.
See Letter from Martha Redding, Senior Counsel,
NYSE, to Brent J. Fields, Secretary, Commission,
dated September 17, 2015. The pilot period for the
Program was extended until March 31, 2016. See
Securities Exchange Act Release No. 75993
(September 28, 2015), 80 FR 59844 (October 2,
2015) (SR–NYSE–2015–41). On March 17, 2016, the
Exchange requested another extension of the
exemption for the Program. See Letter from Martha
Redding, Senior Counsel, NYSE, to Brent J. Fields,
Secretary, Commission, dated March 17, 2016. The
pilot period for the Program was extended until
August 31, 2016. See Securities Exchange Act
Release No. 77426 (March 23, 2016), 81 FR 17533
(March 29, 2016) (SR–NYSE–2016–25). On August
8, 2016, the Exchange requested another extension
of the exemption for the Program. See Letter from
Martha Redding, Associate General Counsel, NYSE,
to Brent J. Fields, Secretary, Commission, dated
August 8, 2016. The pilot period for the Program
was extended until December 31, 2016. See
Securities Exchange Act Release No. 78600 (August
17, 2016), 81 FR 57642 (August 23, 2016) (SR–
NYSE–2016–54). On November 28, 2016, the
Exchange requested another extension of the
exemption for the Program. See Letter from Martha
Redding, Associate General Counsel, NYSE, to
Brent J. Fields, Secretary, Commission, dated
November 28, 2016. The pilot period for the
Program was extended until June 30, 2017. See
Securities Exchange Act Release No.79493
(December 7, 2016), 81 FR 90019 (December 13,
2016) (SR–NYSE–2016–82). On May 23, 2017, the
Exchange requested another extension of the
exemption for the Program. See Letter from Martha
Redding, Associate General Counsel, NYSE, to
Brent J. Fields, Secretary, Commission, dated May
23, 2017. The pilot period for the Program was
extended until December 31, 2017. See Securities
Exchange Act Release No. 80844 (June 1, 2017), 82
FR 26562 (June 7, 2017) (SR–NYSE–2017–26). On
November 30, 2017, the Exchange requested
another extension of the exemption for the Program.
See Letter from Martha Redding, Assistant
Secretary, NYSE, to Brent J. Fields, Secretary,
Commission, dated November 30, 2017. The pilot
period for the Program was extended until June 30,
2018. See Securities Exchange Act Release No.
82230 (December 7, 2017), 82 FR 58667 (December
13, 2017) (SR–NYSE–2017–64). On June 14, 2018,
the Exchange requested another extension of the
exemption for the Program. See Letter from Martha
Redding, Associate General Counsel and Assistant
Secretary, NYSE to Brent J. Fields, Secretary,
Commission, dated June 14, 2018. The pilot period
for the Program was extended until December 31,
2018. See Securities Exchange Act Release No.
83540 (June 28, 2018), 83 FR 31234 (July 3, 2018)
(SR–NYSE–2018–29).
5 See Letter from Martha Redding, Associate
General Counsel and Assistant Secretary, NYSE to
Brent J. Fields, Secretary, Commission, dated
November 30, 2018, at 1.
E:\FR\FM\13DEN1.SGM
13DEN1
]]>Agencies
[Federal Register Volume 83, Number 239 (Thursday, December 13, 2018)]
[Notices]
[Pages 64164-64166]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-26428]
-----------------------------------------------------------------------
POSTAL SERVICE
Privacy Act of 1974; System of Records
AGENCY: Postal Service TM.
ACTION: Notice of a modified system of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the Privacy Act of 1974, the United States
Postal Service[supreg] (Postal Service) is revising the notice for
Privacy Act System of Records USPS 910.000, Identity and Document
Verification Services.
DATES: These revisions will become effective without further notice on
January 14, 2019 unless comments received on or before that date result
in a contrary determination.
ADDRESSES: Comments may be mailed or delivered to the Privacy and
Records Management Office, United States Postal Service, 475 L'Enfant
Plaza SW, Room 1P830, Washington, DC 20260-1101. Copies of all written
comments will be available at this address for public inspection and
photocopying between 8 a.m. and 4 p.m., Monday through Friday.
FOR FURTHER INFORMATION CONTACT: Janine Castorina, Chief Privacy and
Records Management Officer, Privacy and Records Management Office, 202-
268-3069 or [email protected].
SUPPLEMENTARY INFORMATION: This notice is in accordance with the
Privacy Act requirement that agencies publish their systems of records
in the Federal Register when there is a revision, change, or addition,
or when the agency establishes a new system of records. As detailed
below, the Postal Service has determined that USPS 910.000, Identity
and Document Verification Services should be revised to modify
Categories of Individuals Covered by the System, Categories of Records
in the System, Purpose(s), and Retention and Disposal.
The changes are being made to:
a. Support the new Address Matching Database, which will be used to
identify, prevent and mitigate fraudulent activity within the Change of
Address and Hold Mail processes.
b. Allow for the scanning of Government issued IDs at retail
locations for the purposes of verifying identity for customers who need
postal products and services.
c. To enhance the Postal Service's existing remote identity
proofing with a Phone Validation and One-Time Passcode solution.
The new Address Matching Database is being implemented to identify,
prevent and mitigate fraudulent activity within the Change of Address
and Hold Mail processes. The Postal Service is establishing a dataflow
between existing customer systems and the Address Matching Database.
This dataflow will allow the Address Matching Database to: confirm if
there is an address match when a new Hold Mail request is submitted;
confirm the presence of a Change of Address request when a Hold Mail
request is submitted during a 30 day time frame; and confirm the
presence of a Hold Mail request when a Change of Address request is
submitted during a 30 day time frame. The Address Matching Database
will also send confirmation notifications to customers who submit a
Hold Mail request.
The capability to scan Government issued IDs is being implemented
to verify identity when requesting government-issued ID to reduce
fraudulent cases surrounding USPS programs and the disposition of
certain customer mail services. This will provide the Postal Service
the ability to capture and store information provided in the 2-
Dimensional barcode on government issued photo IDs (e.g. State-issued
driver or non-driver licenses and military IDs).
The Phone Validation and One-Time Passcode solution is being
implemented to enhance the Postal Service's existing remote identity
proofing solution and to detect, to the best extent possible, the
presentation of fraudulent identities by a malicious user. The Postal
Service's objective in implementing the Phone Validation and One-Time
Passcode solution is to ensure the user is who they claim to be to a
stated level of certitude. The validation and verification of the
minimum attributes necessary is used to accomplish identity proofing.
Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to
submit written data, views, or arguments on this proposal. A report of
the proposed revisions has been sent to Congress and to the Office of
Management and Budget for their evaluations. The Postal Service does
not expect these amended systems of records to have any adverse effect
on individual privacy rights. The notice for USPS 910.000, Identity and
Document Verification Services, provided below in its entirety, is as
follows:
SYSTEM NAME AND NUMBER:
USPS 910.000, Identity and Document Verification Services.
SYSTEM CLASSIFICATION:
None.
SYSTEM LOCATION:
USPS Marketing, Headquarters; Integrated Business Solutions
Services Centers; and contractor sites.
SYSTEM MANAGER(S)
Chief Information Officer and Executive Vice President, United
States Postal Service, 475 L'Enfant Plaza SW, Washington, DC 20260-
1500; (202) 268-6900.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
39 U.S.C. 401, 403, 404, and 411.
PURPOSE(S) OF THE SYSTEM:
1. To provide services related to identity and document
verification services.
2. To issue and manage public key certificates, user registration,
email addresses, and/or electronic postmarks.
3. To provide secure mailing services.
4. To protect business and personal communications.
5. To enhance personal identity and privacy protections.
6. To improve the customer experience and facilitate the provision
of accurate and reliable delivery information.
7. To identify, prevent, or mitigate the effects of fraudulent
transactions.
8. To support other Federal Government Agencies by providing
authorized services.
[[Page 64165]]
9. To ensure the quality and integrity of records.
10. To enhance the customer experience by improving the security of
Change of Address (COA) and Hold Mail processes.
11. To protect USPS customers from becoming potential victims of
mail fraud and identity theft.
12. To identify and mitigate potential fraud in the COA and Hold
Mail processes.
13. To verify a customer's identity when applying for COA and Hold
Mail services.
14. To provide an audit trail for COA and Hold Mail requests
(linked to the identity of the submitter).
15. To enhance remote identity proofing with a Phone Validation and
One-Time Passcode solution.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
1. Customers who apply for identity and document verification
services.
2. Customers who may require identity verification for Postal
products and services.
CATEGORIES OF RECORDS IN THE SYSTEM:
1. Customer information: Name, address, customer ID(s), telephone
number, text message number and carrier, mail and email address, date
of birth, place of birth, company name, title, role, and employment
status.
2. Customer preference information: Preferred means of contact.
3. Authorized User Information: Names and contact information of
users who are authorized to have access to data.
4. Verification and payment information: Credit and/or debit card
information or other account number, government issued ID type and
number, verification question and answer, and payment confirmation
code. (Note: Social Security Number and credit and/or debit card
information are collected, but not stored, in order to verify ID.)
5. Biometric information: Fingerprint, photograph, height, weight,
and iris scans. (Note: Information may be collected, secured, and
returned to customer or third parties at the direction of the customer,
but not stored.)
6. Digital certificate information: Customer's public key(s),
certificate serial numbers, distinguished name, effective dates of
authorized certificates, certificate algorithm, date of revocation or
expiration of certificate, and USPS-authorized digital signature.
7. Online user information: Device identification.
8. Transaction information: Clerk signature; transaction type, date
and time, location, source of transaction; product use and inquiries;
Change of Address (COA) and Hold Mail transactional data.
9. Electronic information: Information related to encrypted or
hashed documents.
10. Recipient information: Electronic signature ID, electronic
signature image, electronic signature expiration date, and timestamp.
RECORD SOURCE CATEGORIES:
Customers.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
Standard routine uses 1. through 7., 10., and 11. apply.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
By customer name, customer ID(s), distinguished name, certificate
serial number, receipt number, and transaction date.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
1. Records related to Pending Public Key Certificate Application
Files are added as received to an electronic database, moved to the
authorized certificate file when they are updated with the required
data, and records not updated within 90 days from the date of receipt
are destroyed.
2. Records related to the Public Key Certificate Directory are
retained in an electronic database, are consistently updated, and
records are destroyed as they are superseded or deleted.
3. Records related to the Authorized Public Key Certificate Master
File are retained in an electronic database for the life of the
authorized certificate.
4. When the certificate is revoked, it is moved to the certificate
revocation file.
5. The Public Key Certificate Revocation List is cut off at the end
of each calendar year and records are retained 30 years from the date
of cutoff. Records may be retained longer with customer consent or
request.
6. Other records in this system are retained 7 years, unless
retained longer by request of the customer.
7. Records related to electronic signatures are retained in an
electronic database for 3 years.
8. Other categories of records are retained for a period of up to
30 days.
9. Driver's License data will be retained for 5 years.
10. COA and Hold Mail transactional data will be retained for 5
years.
Records existing on paper are destroyed by burning, pulping, or
shredding. Records existing on computer storage media are destroyed
according to the applicable USPS media sanitization practice.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Paper records, computers, and computer storage media are located in
controlled-access areas under supervision of program personnel. Access
to these areas is limited to authorized personnel, who must be
identified with a badge.
Access to records is limited to individuals whose official duties
require such access. Contractors and licensees are subject to contract
controls and unannounced on-site audits and inspections.
Computers are protected by mechanical locks, card key systems, or
other physical access control methods. The use of computer systems is
regulated with installed security software, computer logon
identifications, and operating system controls including access
controls, terminal and transaction logging, and file management
software.
Key pairs are protected against cryptanalysis by encrypting the
private key and by using a shared secret algorithm to protect the
encryption key, and the certificate authority key is stored in a
separate, tamperproof, hardware device. Activities are audited, and
archived information is protected from corruption, deletion, and
modification.
For authentication services and electronic postmark, electronic
data is transmitted via secure socket layer (SSL) encryption to a
secured data center. Computer media are stored within a secured, locked
room within the facility. Access to the database is limited to the
system administrator, database administrator, and designated support
personnel. Paper forms are stored within a secured area within locked
cabinets.
RECORD ACCESS PROCEDURES:
Requests for access must be made in accordance with the
Notification Procedure above and USPS Privacy Act regulations regarding
access to records and verification of identity under 39 CFR 266.6.
CONTESTING RECORD PROCEDURES:
See Notification Procedures below and Record Access Procedures
above.
NOTIFICATION PROCEDURES:
Customers wanting to know if other information about them is
maintained in this system of records must address inquiries in writing
to the system
[[Page 64166]]
manager, and include their name and address.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
December 22, 2017, 82 FR 60776; August 29, 2014, 79 FR 51627;
October 24, 2011, 76 FR 65756; April 29, 2005, 70 FR 22516.
* * * * *
Brittany M. Johnson,
Attorney, Federal Compliance.
[FR Doc. 2018-26428 Filed 12-12-18; 8:45 am]
BILLING CODE 7710-12-P
