Privacy Act of 1974; System of Records, 47258-47262 [2020-16956]

Agencies

• Postal Service

[Federal Register Volume 85, Number 150 (Tuesday, August 4, 2020)]
[Notices]
[Pages 47258-47262]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-16956]


=======================================================================
-----------------------------------------------------------------------

POSTAL SERVICE


Privacy Act of 1974; System of Records

AGENCY: Postal Service.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: The United States Postal Service\TM\ (USPS\TM\) is proposing 
to revise one General Privacy Act Systems of Records and one Customer 
Privacy Act Systems of Records. These updates are being made to 
facilitate the implementation of web-based collaboration and 
communication applications.

DATES: These revisions will become effective without further notice on 
September 3, 2020, unless comments received on or before that date 
result in a contrary determination.

ADDRESSES: Comments may be submitted via email to the Privacy and 
Records Management Office, United States Postal Service Headquarters 
([email protected]). Arrangements to view copies of any written comments 
received, to facilitate public inspection, will be made upon request.

FOR FURTHER INFORMATION CONTACT: Janine Castorina, Chief Privacy and 
Records Management Officer, Privacy and Records Management Office, 202-
268-3069 or [email protected].

SUPPLEMENTARY INFORMATION: This notice is in accordance with the 
Privacy Act requirement that agencies publish their systems of records 
in the Federal Register when there is a revision,

[[Page 47259]]

change, or addition, or when the agency establishes a new system of 
records.
    The Postal Service has determined that General Privacy Act Systems 
of Records (SOR), USPS 500.000, Property Management Records and 
Customer Privacy Act SOR USPS 890.000, Sales, Marketing, Events, and 
Publications should be revised to support the implementation of web-
based collaboration and communication applications with enhanced 
functionality. These applications will further encourage collaboration, 
promote meeting efficiency, and facilitate inter-team communication 
through multiple mediums.
    Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to 
submit written data, views, or arguments on this proposal. A report of 
the proposed revisions has been sent to Congress and to the Office of 
Management and Budget for their evaluations. The Postal Service does 
not expect these amended systems of records to have any adverse effect 
on individual privacy rights. The notices for USPS 500.000, Property 
Management Records and USPS 890.000, Sales, Marketing, Events, and 
Publications provided below in their entirety, are as follows:
SYSTEM NAME AND NUMBER:
    USPS 500.000, Property Management Records.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    All USPS facilities and contractor sites.

SYSTEM MANAGER(S):
    For records of accountable property, carpool membership, and use of 
USPS parking facilities: Vice President, Facilities, United States 
Postal Service, 475 L'Enfant Plaza SW, Washington, DC 20260.
    For records of building access and Postal Inspector computer access 
authorizations: Chief Postal Inspector, Inspection Service, United 
States Postal Service, 475 L'Enfant Plaza SW, Washington, DC 20260.
    For other records of computer access authorizations: Chief 
Information Officer and Executive Vice President, United States Postal 
Service, 475 L'Enfant Plaza SW, Washington, DC 20260.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    39 U.S.C. 401.

PURPOSE(S) OF THE SYSTEM:
    1. To ensure personal and building safety and security by 
controlling access to USPS facilities.
    2. To ensure accountability for property issued to persons.
    3. To assign computer logon IDs; to identify USPS computer users to 
resolve their computer access problems by telephone; and to monitor and 
audit the use of USPS information resources as necessary to ensure 
compliance with USPS regulations.
    4. To enable access to the USPS meeting and video web conferencing 
applications.
    5. To enhance your online meeting experience by utilizing enhanced 
features and functionality, including voluntary polling to gather 
responses from attendees to generate reports or the interactive chat 
feature.
    6. To facilitate team collaboration and communication through 
information sharing and cross-functional participation.
    7. To allow task allocation and tracking among team members.
    8. To allow users to communicate by telephone and instant-messaging 
through web-based applications.
    9. To facilitate and support cybersecurity investigations of 
detected or reported information security incidents.
    10. To share your personal image via your device camera during 
meetings and web conferences, if you voluntarily choose to turn the 
camera on, enabling virtual face-to-face conversations.
    11. To authenticate user identity for the purpose of accessing USPS 
information systems.
    12. To provide parking and carpooling services to individuals who 
use USPS parking facilities.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    1. Individuals who are granted regular access to USPS facilities 
through the issuance of a building access badge, or who are assigned 
accountable property.
    2. Individuals with authorized access to USPS computers and 
information resources, including USPS employees, contractors, and other 
individuals; Individuals participating in web-based meetings, video 
conferences, collaboration, and communication applications.
    3. Individuals who are members of carpools with USPS employees or 
otherwise regularly use USPS parking facilities.

CATEGORIES OF RECORDS IN THE SYSTEM:
    1. Building access information: Records related to issuance of 
building access badges, including name, Social Security Number, 
Employee Identification Number, date of birth, photograph, postal 
assignment information, work contact information, finance number(s), 
duty location, and pay location.
    2. Property issuance information: Records related to issuance of 
accountable USPS property, equipment, and controlled documents, 
including name, Social Security Number, equipment description, 
equipment serial numbers, and issuance date.
    3. Computer access authorization information: Records related to 
computer users, including logon ID, Social Security Number, Employee 
Identification Number, or other assigned identifier, employment status 
information or contractor status information, and extent of access 
granted.
    4. Participant session data from web-based meetings and web 
conferences: Participant name, participant's webcam-generated image 
(including presenters), recorded participant audio, video, and shared 
meeting screen content, chat interaction, polling questions and 
associated responses, participant join time and leave time, meeting 
duration, participant location, and participant media hardware 
information.
    5. Event session data from web-based meetings and web conferences: 
Event start time, event status, event organizer, event presenter, event 
producer, event production type, event recording setting, total number 
of event media viewings.
    6. Historical device usage data from web-based meetings and web 
conferences: Device type (such as mobile, desktop, or tablet), Device 
Operating System, Number of users of related Operating Systems, 
Operating System Version, MAC address, and IP address.
    7. Historical application usage data from web-based meetings and 
web conferences: Number of active users, number of active users in 
groups, number of active group communication channels, number of 
messages sent, number of calls participated in, last activity date of a 
user, and number of guest users in a group.
    8. Web-based Public Switched Telephone Network data records: Phone 
number, time phone call started, user name, call type, phone number 
called to, phone number called from, called to location, called from 
location, telephone minutes used, telephone minutes available, charges 
for use of telephone services, currency of charged telephone services, 
call duration, call ID, conference ID, phone number type,

[[Page 47260]]

blocked phone numbers, blocking action, reason for blocking action, 
blocked phone number display name, date and time of blocking.
    9. Web-based Direct Routing Public Switched Telephone Network 
records: Call start time, user display name, SIP address, caller 
number, called to number, call type, call invite time, call failure 
time, call end time, call duration, number type, media bypass, SBC 
FQDN, data center media path, data center signaling path, event type, 
final SIP, final vendor subcode, final SIP phrase, unique customer 
support ID.
    10. Identity verification information: Question, answer, and email 
address.
    11. Carpool and parking information: Records related to membership 
in carpools with USPS employees or about individuals who otherwise 
regularly use USPS parking facilities, including name, space number, 
principal's and others' license numbers, home address, and contact 
information.

RECORD SOURCE CATEGORIES:
    Employees; contractors; subject individuals; and other systems of 
records.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Standard routine uses 1. through 9. apply.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Automated database, computer storage media, and paper.

POLICIES OF PRACTICES FOR RETRIEVAL OF RECORDS:
    1. Records about building access and issuance of accountable 
property are retrieved by name, Social Security Number, or Employee 
Identification Number.
    2. Records about authorized access to computer and information 
resources are retrieved by name, logon ID, Employee Identification 
Number, or other unique identifier of the individual.
    3. Report and tracking data created during web-based meetings and 
video conferences that pertain to individual participants, content 
shared, conference codes and other relevant session data and historical 
device usage data are retrieved by meeting ID, host name or host email 
address.
    4. Records pertaining to web-based collaboration and communication 
applications are retrieved by organizer name and other associated 
personal identifiers.
    5. Media recordings created during web-based meetings and video 
conferences are retrieved by meeting ID, host name or host email 
address.
    6. Records of carpools and parking facilities are retrieved by 
name, ZIP Code, space number, or parking license number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    1. Building access and accountable property records are retained 
until termination of access or accountability.
    2. Records of computer access privileges are retained 1 year after 
all authorizations are cancelled.
    3. Report and tracking data created during web-based meeting and 
video conferences, such as other relevant session data and historical 
device usage data, are retained for twenty-four months.
    4. Records pertaining to web-based collaboration and communication 
applications are retained for twenty-four months.
    5. Web-based meeting or video session recordings are retained for 
twenty-four months.
    6. Records of carpool membership and use of USPS parking facilities 
are retained 6 years.
    7. Records existing on paper are destroyed by burning, pulping, or 
shredding. Records existing on computer storage media are destroyed 
according to the applicable USPS media sanitization practice.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Paper records, computers, and computer storage media are located in 
controlled-access areas under supervision of program personnel. Access 
to these areas is limited to authorized personnel, who must be 
identified with a badge.
    Access to records is limited to individuals whose official duties 
require such access. Contractors and licensees are subject to contract 
controls and unannounced on-site audits and inspections. Computers are 
protected by mechanical locks, card key systems, or other physical 
access control methods. The use of computer systems is regulated with 
installed security software, computer logon identifications, and 
operating system controls including access controls, terminal and 
transaction logging, and file management software.

RECORD ACCESS PROCEDURES:
    Requests for access must be made in accordance with the 
Notification Procedure above and USPS Privacy Act regulations regarding 
access to records and verification of identity under 39 CFR 266.5.

CONTESTING RECORD PROCEDURES
    See Notification Procedure and Record Access Procedures above.

NOTIFICATION PROCEDURES:
    Inquiries for records about building access, accountable property, 
carpool membership, and use of USPS parking facilities must be 
addressed to the facility head. Inquiries about computer access 
authorization records must be directed to the Manager, Corporate 
Information Security, 475 L'Enfant Plaza SW, Suite 2141, Washington, DC 
20260. For Inspection Service computer access records, inquiries must 
be submitted to the Inspector in Charge, Information Technology 
Division, 2111 Wilson Blvd., Suite 500, Arlington, VA 22201. Inquiries 
must include full name, Social Security Number or Employee 
Identification Number, and period of employment or residency at the 
location.

EXEMPTIONS PROMULGATED FROM THIS SYSTEM:
    None.

HISTORY:
    June 1, 2020, 85 FR 33210; April 11, 2014, 79 FR 20249; June 27, 
2012, 77 FR 38342; June 17, 2011, 76 FR 35483; April 29, 2005, 70 FR 
22516.
SYSTEM NAME AND NUMBER:
    USPS 890.000, Sales, Marketing, Events, and Publications.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    USPS Headquarters Marketing and Public Policy; Integrated Business 
Solutions Services Centers; National Customer Service Center; Area and 
District USPS facilities; Post Offices; and contractor sites.

SYSTEM MANAGER(S) AND ADDRESS:
    Chief Customer and Marketing Officer and Executive Vice President, 
United States Postal Service, 475 L'Enfant Plaza SW, Washington, DC 
20260.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    39 U.S.C. 401, 403, 404.

PURPOSE(S) OF THE SYSTEM:
    1. To understand the needs of customers and improve USPS sales and 
marketing efforts.
    2. To provide appropriate materials and publications to customers.
    3. To conduct registration for USPS and related events.
    4. To enable access to the USPS meeting and video web conferencing 
application.
    5. To enhance your online meeting experience by utilizing enhanced

[[Page 47261]]

features and functionality, including voluntary polling to gather 
responses from attendees to generate reports or the interactive chat 
feature.
    6. To facilitate team collaboration and communication through 
information sharing and cross-functional participation.
    7. To allow task allocation and tracking among team members.
    8. To allow users to communicate by telephone and instant-messaging 
through web-based applications.
    9. To provide users outside of the USPS limited collaboration and 
communication capabilities through guest account access.
    10. To facilitate and support cybersecurity investigations of 
detected or reported information security incidents.
    11. To share your personal image via your device camera during 
meetings and web conferences, if you voluntarily choose to turn the 
camera on, enabling virtual face-to-face conversations.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    1. Customers who interact with USPS sales personnel, respond to 
direct marketing messages, request publications, respond to contests 
and surveys, and attend USPS events.
    2. Customers and other individuals who participate in web-based 
meeting, video conference, collaboration, and communication 
applications sponsored by the USPS.

CATEGORIES OF RECORDS IN THE SYSTEM:
    1. Customer information: Customer and key contacts' names, mail and 
email addresses, phone, fax and pager numbers; job descriptions, 
titles, and roles; other names and emails provided by customers.
    2. Identifying information: Customer ID(s), D-U-N-S Numbers, USPS 
account numbers, meter numbers, and signatures.
    3. Business specific information: Firm name, size, and years in 
business; number of employees; sales and revenue information; business 
sites and locations; URLs; company age; industrial classification 
numbers; use of USPS and competitor's products and services; types of 
customers served; customer equipment and services; advertising agency 
and spending; names of USPS employees serving the firm; and calls made.
    4. Information specific to companies that act as suppliers to USPS: 
Contract start and end dates, contract award number, contract value, 
products and/or services sold under contract.
    5. Information provided by customers as part of a survey or 
contest.
    6. Payment information: Credit and/or debit card number, type, 
expiration date, and check information; and ACH information.
    7. Event information: Name of event; role at event; itinerary; and 
membership in a PCC.
    8. Customer preferences: Preferences for badge name and 
accommodations.
    9. Participant session data from web-based meetings and web 
conferences: Participant name, participant's webcam-generated image 
(including presenters), recorded participant audio, video, and shared 
meeting screen content, chat interaction, polling questions and 
associated responses, participant join time and leave time, meeting 
duration, participant location, and participant media hardware 
information.
    10. Event session data from web-based meetings and web conferences: 
Event start time, event status, event organizer, event presenter, event 
producer, event production type, event recording setting, total number 
of event media viewings.
    11. Historical device usage data from web-based meetings and web 
conferences: Device type (such as mobile, desktop, or tablet), Device 
Operating System, Number of users of related Operating Systems, 
Operating System Version, MAC address, and IP address.
    12. Historical application usage data from web-based meetings and 
web conferences: Number of active users, number of active users in 
groups, number of active group communication channels, number of 
messages sent, number of calls participated in, last activity date of a 
user, and number of guest users in a group.
    13. Web-based Public Switched Telephone Network data records: Phone 
number, time phone call started, user name, call type, phone number 
called to, phone number called from, called to location, called from 
location, telephone minutes used, telephone minutes available, charges 
for use of telephone services, currency of charged telephone services, 
call duration, call ID, conference ID, phone number type, blocked phone 
numbers, blocking action, reason for blocking action, blocked phone 
number display name, date and time of blocking.
    14. Web-based Direct Routing Public Switched Telephone Network 
records: Call start time, user display name, SIP address, caller 
number, called to number, call type, call invite time, call failure 
time, call end time, call duration, number type, media bypass, SBC 
FQDN, data center media path, data center signaling path, event type, 
final SIP, final vendor subcode, final SIP phrase, unique customer 
support ID.

RECORD SOURCE CATEGORIES:
    Customers, USPS personnel, and list providers.

ROUTINE USES OF RECORDS IN THE SYSTEM, INCLUDING CATEGORIES OF USERS 
AND THE PURPOSES OF SUCH USES:
    Standard routine uses 1. through 7., 10., and 11. apply.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Automated databases, computer storage media, and paper.

POLICIES OF PRACTICES FOR RETRIEVAL OF RECORDS:
    1. For sales, events, and publications, information is retrieved by 
customer name or customer ID(s), mail or email address, and phone 
number.
    2. For direct marketing, information is retrieved by Standard 
Industry Code (SIC) or North American Industry Classification System 
(NAISC) number, and company name.
    3. Report and tracking data created during web-based meetings and 
video conferences that pertain to individual participants, content 
shared, conference codes and other relevant session data and historical 
device usage data, are retrieved by meeting ID, host name or host email 
address.
    4. Records pertaining to web-based collaboration and communication 
applications are retrieved by organizer name and other associated 
personal identifiers.
    5. Media recordings created during web-based meetings and video 
conferences are retrieved by meeting ID, host name or host email 
address.
    6. Web-based meeting and video session recordings are retrieved by 
meeting ID, host name or host email address.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    1. Records relating to organizations and publication mailing lists 
are retained until the customer ceases to participate.
    2. ACH records are retained up to 2 years. Records relating to 
direct marketing, advertising, and promotions are retained 5 years.
    3. Other records are retained 3 years after the relationship ends.
    4. Report and tracking data created during web-based meeting and 
video conferences, such as session data and historical device usage 
data, are retained for twenty-four months.
    5. Records pertaining to web-based collaboration and communication

[[Page 47262]]

applications are retained for twenty-four months.
    6. Web-based meeting and video session recordings are retained for 
twenty-four months.
    7. Records existing on paper are destroyed by burning, pulping, or 
shredding. Records existing on computer storage media are destroyed 
according to the applicable USPS media sanitization practice.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Paper records, computers, and computer storage media are located in 
controlled-access areas under supervision of program personnel. Access 
to these areas is limited to authorized personnel, who must be 
identified with a badge.
    Access to records is limited to individuals whose official duties 
require such access. Contractors and licensees are subject to contract 
controls and unannounced on-site audits and inspections.
    Computers are protected by mechanical locks, card key systems, or 
other physical access control methods. The use of computer systems is 
regulated with installed security software, computer logon 
identifications, and operating system controls including access 
controls, terminal and transaction logging, and file management 
software. Online data transmission is protected by encryption.

RECORD ACCESS PROCEDURES:
    Requests for access must be made in accordance with the 
Notification Procedure above and USPS Privacy Act regulations regarding 
access to records and verification of identity under 39 CFR 266.5.

CONTESTING RECORD PROCEDURES:
    See Notification Procedure and Record Access Procedures above.

NOTIFICATION PROCEDURE:
    For information pertaining to sales, inquiries should be addressed 
to: Sales and Customer Relations 475 L'Enfant Plaza SW, Washington, DC 
20260.
    Customers wanting to know if other information about them is 
maintained in this system of records must address inquiries in writing 
to the Chief Customer and Marketing Officer and Executive Vice 
President, and include their name and address.

EXEMPTIONS PROMULGATED FROM THIS SYSTEM:
    None.

HISTORY:
    June 1, 2020, 85 FR 33208; October 24, 2011, 76 FR 65756; April 29, 
2005, 70 FR 22516.

Brittany Johnson,
Attorney, Federal Compliance.
[FR Doc. 2020-16956 Filed 8-3-20; 8:45 am]
BILLING CODE 7710-12-P