Privavy Act; System of Records, 24902-24907 [2021-09752]

Agencies

• Postal Service

[Federal Register Volume 86, Number 88 (Monday, May 10, 2021)]
[Notices]
[Pages 24902-24907]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-09752]


=======================================================================
-----------------------------------------------------------------------

POSTAL SERVICE


Privavy Act; System of Records

AGENCY: Postal Service\TM\.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: The United States Postal Service (USPS\TM\) is proposing to 
create a new General Privacy Act System of Records.

DATES: These revisions will become effective without further notice on 
June 9, 2021 unless comments received on or before that date result in 
a contrary determination.

ADDRESSES: Comments may be submitted via email to the Privacy and 
Records Management Office, United States Postal Service Headquarters 
([email protected]). Arrangements to view copies of any written comments 
received, to facilitate public inspection, will be made upon request.

FOR FURTHER INFORMATION CONTACT: Janine Castorina, Chief Privacy and 
Records Management Officer, Privacy and Records Management Office, 202-
268-3069 or [email protected].

SUPPLEMENTARY INFORMATION:

Background

    The world of commercial information technology resources (``IT'') 
is constantly changing and innovating to improve the daily lives of 
businesses, their employees, and their customers. This pace can often 
result in unanticipated obsolescence, necessitating review of an 
organization's already implemented solutions. For the Postal Service, 
legal processes and notice required by the Privacy Act present 
additional challenges, as new technologies will require further review 
for possible compliance issues to meet statutory and regulatory 
requirements.
    To better meet the changing technology world, the Postal Service 
will consolidate existing Systems of Records (``SOR''s) covering IT 
into three new, comprehensive Systems of Records. These SORs will work 
in tandem, with each individual SOR covering a specific group of 
related functions, and all three SORs working together to support a 
seamless technology experience.
    These SORs, generally, will cover the following three areas:
     Infrastructure, covering records created for use 
throughout the entirety of a particular IT resource in addition to 
covering the records created from the usage of those records by users 
and applications.
     Applications, covering records created through the regular 
use of an application.
     Administrative, covering records created for monitoring 
and administration of users and applications within an IT resource.
    In addition to covering these three areas generally, the Postal 
Service will look ahead in an effort to include possible future 
technology solutions within this System of Records. This will give the 
Postal Service flexibility to more easily adapt to the advancing pace 
of information technology and to better fulfill its service 
obligations. This will also provide transparency into the collection of 
records relating to commercial IT, allowing Postal employees, 
contractors, and the public to more easily identify what we do with 
their information.

Rationale for the Creation of a New USPS System of Records

    Currently, records relating to the implementation of IT resources 
are housed primarily in USPS 500.000, Property Management Records, with 
other IT-related components appearing in 890.000, Sales, Marketing, 
Events, and Publications, and other SORs. SOR 500.000 reflects not only 
IT access records, but also building access and related records. This 
results in a mixture of uses within SOR 500.000, which reduces 
optimization and can result in confusion.
    The creation of a new SOR to encompass commercial IT resources, 
therefore, provides a platform which is easy to understand and allows 
for greater flexibility in use and maintenance. Since the new SOR will 
house only IT resources, the public can more easily understand what 
information is collected and how it is used.
    Further, documenting IT records within one SOR provides for greater 
flexibility in adding new resources as well as maintaining existing 
resources. For example, one application may already collect and store, 
for the same purpose, data elements that a new application will use. 
With a record already documented, the implementation process of the new 
technology will be streamlined while also meeting statutory and 
regulatory mandates.

Description of New or Modified System of Records

    This new System of Records is being developed to support the 
implementation of various commercial IT resources and to provide 
support for future implementations.
    This system specifically will cover categories of records referred 
to collectively as ``Administrative.'' Categories of Records in this 
system reference data elements created from a user or application's 
interactions with other applications. Applications covered in this SOR 
reference or incorporate data elements otherwise documented in USPS 
550.000 Commercial Information Technology Resources- Infrastructure; 
therefore, they will not be specifically documented here unless this 
system references a transformative use of that element.
    This System of Records may overlap with elements appearing in other 
Systems of Records, as indicated in the Rationale for Changes to USPS 
System of Records section. This new System of Records will encompass 
commercially developed or commercially assisted IT resources. 
Applications developed in-house or by the Postal Service, such as 
Informed Delivery[supreg], will still be represented in their own SOR.

SYSTEM NAME AND NUMBER:
    550.200 Commercial Information Technology Resources--
Administrative.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    All USPS facilities and contractor sites.

SYSTEM MANAGER(S) AND ADDRESS:
    Chief Information Officer and Executive Vice President, United 
States Postal Service, 475 L'Enfant Plaza SW, Washington, DC 20260.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    39 U.S.C. 401, 403, and 404.

PURPOSE(S) OF THE SYSTEM:
    1. To provide active and passive monitoring and review of 
information system applications and user activities.
    2. To generate logs and reports of information system application 
and user activities.
    3. To provide a means of auditing commercial information system 
activities across applications and users.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    1. Individuals with authorized access to USPS computers, 
information

[[Page 24903]]

resources, and facilities, including employees, contractors, business 
partners, suppliers, and third parties.
    2. Individuals participating in web-based meetings, web-based video 
conferencing, web-based communication applications, and web-based 
collaboration applications.

CATEGORIES OF RECORDS IN THE SYSTEM:
    1. General Audit Log activities: DateTime, IP Address, User 
Activity, User Item Accessed, Activity Detail, Object ID, Record Type, 
Client IP Address, CorrelationID, CreationTime, EventData, EventSource, 
ItemType, OrganizationID, UserAgent, UserKey, UserType, Version, 
Workload.
    2. File and page activities: Accessed file, Change retention label 
for a file, Deleted file marked as a record, Checked in file, Changed 
record status to locked, Changed record status to unlocked, Checked out 
file, Copied file, Discarded file checkout, Deleted file, Deleted file 
from recycle bin, Deleted file from second-stage recycle bin, Detected 
document sensitivity mismatch, Detected malware in file, Deleted file 
marked as a record, Downloaded file, Modified file, Moved file, 
Recycled all minor versions of file, Recycled all versions of file, 
Recycled version of file, Renamed file, Restored file, Uploaded file, 
Viewed page, View signaled by client, Performed search query.
    3. Folder activities: Copied folder, Created folder, Deleted 
folder, Deleted folder from recycle bin, Deleted folder from second-
stage recycle bin, Modified folder, Moved folder, Renamed folder, 
Restored folder.
    4. Cloud-based Enterprise Storage activities: Created list, Created 
list column, Created list content type, Created list item, Created site 
column, Created site content type, Deleted list, Deleted list column, 
Deleted list content type, Deleted list item, Deleted site column, 
Deleted site content type, Recycled list item, Restored list, Restored 
list item, Updated list, Updated list column, Updated list content 
type, Updated list item, Updated site column, Updated site content 
type.
    5. Sharing and access request activities: Added permission level to 
site collection, Accepted access request, Accepted sharing invitation, 
Blocked sharing invitation, Created access request, Created a company 
shareable link, Created an anonymous link, Created secure link, Deleted 
secure link, Created sharing invitation, Denied access request, Removed 
a company shareable link, Removed an anonymous link, Shared filer, 
folder, or site, Unshared file folder or site, Updated access request, 
Updated an anonymous link, Updated sharing invitation, Used a company 
shareable link, Used an anonymous link, Used secure link, User added to 
secure link, User removed from secure link, Withdrew sharing 
invitation.
    6. Synchronization activities: Allowed computer to sync files, 
Blocked computer from syncing files, Downloaded files to computer, 
Downloaded file changes to computer, Uploaded files to document 
library, Uploaded file changes to document library.
    7. Site permissions activities: Added site collection admin, Added 
user of group to Cloud-based Enterprise Storage group, Broke permission 
level inheritance, Broke sharing inheritance, Created group, Deleted 
group, Modified access request setting, Modified ``Members Can Share'' 
setting, Modified permission level on site collection, Modified site 
permissions, Removed site collection admin, Removed permission level 
from site collection, Removed user or group from Cloud-based Enterprise 
Storage group, Requested site admin permissions, Restored sharing 
inheritance, Updated group.
    8. Site administration activities: Added allowed data location, 
Added exempt user agent, Added geo location admin, Allowed user to 
create groups, Cancelled site geo move, Changed a sharing policy, 
Changed deice access policy, Changed exempt user agents, Changed 
network access policy, Completed site geo move, Created Sent To 
connection, Created site collection, Deleted orphaned hub site, Deleted 
Sent To connection, Deleted site, Enabled document preview, Enabled 
legacy workflow, Enabled service applications on Demand, Enabled result 
source for People Searched, Enabled RSS feeds, Failed site swap, Joined 
site to hub site, Registered hub site, Removed allowed data location, 
Removed geo location admin, Renamed site, Scheduled site rename, 
Scheduled site swap, Scheduled site geo move, Set host site, Set 
storage quota for geo location, Swapped site, Unjoined site from hub 
site, Unregistered hub site.
    9. Cloud-based Email Server mailbox activities: Created mailbox 
item, Copied messages to another folder, User signed in to mailbox, 
Accessed mailbox items, Sent message using Send On Behalf permissions, 
Purged messages from mailbox, Moved messages to Deleted Items folder, 
Moved messages to another folder, Sent message using Send As 
permissions, Sent message, Updated message, Deleted messages from 
Deleted Items folder, New-Inbox Rule Create-Inbox Rule from email web 
application, Set-Inbox Rule Modify inbox rule from email web 
application, Update inbox rules from email web application, Added 
delegate mailbox permissions, Removed delegate mailbox permissions, 
Added permissions to folder, Modified permissions of folder, Removed 
permissions from folder, Added or removed user with delegate access to 
calendar folder, Labeled message as a record.
    10. Retention policy and retention level activities: Created 
retention label, Created retention policy, Configured settings for a 
retention policy, Deleted retention label, Deleted retention policy, 
Deleted settings from a retention policy, Updated retention label, 
Updated retention policy, Updated settings for a retention policy, 
Enabled regulatory record option for retention labels.
    11. User administration activities: Added user, Deleted user, Set 
license properties, Reset user password, Changed user password, Changed 
user license, Updated user, Set property that forces user to change 
password.
    12. Enterprise User Administration group administration activities: 
Added group, Updated group, Deleted group, Added member to group, 
Removed member from group.
    13. Application Administration Activities: Added service principal, 
Removed a service principal from the directory, Set delegation entry, 
Removed credentials from a service principal, Added delegation entry, 
Added credentials to a service principal, Removed delegation entry.
    14. Role administration activities: Added member to Role, Removed a 
user from a directory role, Set company contact information.
    15. Directory administration activities: Added a partner to the 
directory, Removed a partner from the directory, Added domain to 
company, Removed domain from company, Updated domain, Set domain 
authentication, Verified domain, Updated the federation settings for a 
domain, Verified email verified domain, Turned on Enterprise 
Information Technology Account Administration sync, Set password 
policy, Set company information.
    16. eDiscovery activities: Created content search, Deleted content 
search, Changed content search, Started content search, Stopped content 
search, Started export of content search, Started export report, 
Previewed results of content search, Purged results of content search, 
Started analysis of content search, Removed export of content search, 
Removed preview results of content search, Removed purse action

[[Page 24904]]

performed on content search, Removed analysis of content search, 
Removed search report, Content search preview item listed, Content 
search preview item viewed, Content search preview item downloaded, 
Downloaded export of content search, Created search permissions filter, 
Deleted search permissions filter, Changed search permissions filter, 
Created hold in eDiscovery case, Deleted hold in eDiscovery case, 
Changed hold in eDiscovery case, Created eDiscovery case, Deleted hold 
in eDiscovery case, Changed hold in eDiscovery case, Created eDiscovery 
case, Deleted eDiscovery data, Changed hold in eDiscovery case, Added 
member to eDiscovery case, Removed member from eDiscovery case, Changed 
eDiscovery case membership, Created eDiscovery administrator, Deleted 
eDiscovery administrator, Changed eDiscovery administrator membership, 
Remediation action created, Item deleted using Remediation, Created 
workingset search, Updated workingset search, Deleted workingset 
search, Previewed workingset search, Document viewed, Document 
annotated, Document downloaded, Tag created, Tag edited, Tag deleted, 
Tag files, Tag job, Created review set, Added Cloud-based productivity 
software data, Added non-service application data, Added data to 
another workingset, Added remediated data, Run algo job, Run export 
job, Run burn job, Run error remediation job, Run load comparison job, 
Updated case settings.
    17. eDiscovery system command activities: Created content search, 
Deleted content search, Changed content search, Started content search, 
Stopped content search, created content search action, Deleted content 
search action, Created search permissions filter, Deleted search 
permissions filter, Changed search permissions filter, Created hold in 
eDiscovery case, Deleted hold in eDiscovery case, Changed hold in 
eDiscovery case, Created search query for eDiscovery case hold, Deleted 
search query for eDiscovery case hold, Changed search query for 
eDiscovery case hold, Created eDiscovery case, Deleted eDiscovery case, 
Changed eDiscovery case, Added member to eDiscovery case, Removed 
member from eDiscovery case, Changed eDiscovery case membership, 
Created eDiscovery administrator, Deleted eDiscovery administrator, 
Changed eDiscovery administrator membership.
    18. Data Analysis application activities: Viewed program dashboard, 
Created program dashboard, Edited program dashboard, Deleted program 
dashboard, Shared program dashboard, Printed program dashboard, Copied 
program dashboard, Viewed program tile, Exported program tile data, 
Viewed program report, Deleted program report, Printed program report 
page, Created program report, Edited program report, Copied program 
report, Exported program artifact to another file format, Export 
program activity events, Updated program workspace access, Restored 
program workspace, Updated program workspace, Viewed program metadata, 
Created program dataset, Deleted program dataset, Created program 
group, Deleted program group, Added program group members, Retrieved 
program groups, Retrieved program dashboard, Retrieved data sources 
from program dataset, Retrieved upstream data flows from program 
dataflow, Retrieved data sources from program dataflow, Removed program 
group members, Retrieved links between datasets and dataflows, Created 
organizational program content pack, Created program app, Installed 
program app, Updated program app, Updated organization's program 
settings, Started program trial, Started program extended trial, 
Analyzed program dataset, Created program gateway, Deleted program 
gateway, Added data source to program gateway, Removed data source from 
program gateway, Changed program gateway admins, Changed program 
gateway data source users, Set scheduled refresh on program dataset, 
Unpublished program app, Deleted organizational program content pack, 
Renamed program dashboard, Edited program dataset, Updated capacity 
display name, Changed capacity state, Updated capacity admin, Changed 
capacity user assignment, Migrated workspace to a capacity, Removed 
workspace from a capacity, Retrieved program workspaces, Shared program 
report, Generated program Embed Token, Discover program dataset data 
sources, Updated program dataset data sources, Requested program 
dataset refresh, Binded program dataset to gateway, Changed program 
dataset data sources, Requested program dataset refresh, Binded program 
dataset to gateway, Changed program dataset connections, Took over 
program dataset, Updated program gateway data source credentials, 
Imported file to program, Updated program dataset parameters, Generated 
program dataflow SAS token, Created program dataflow, Updated program 
dataflow, Deleted program dataflow, Viewed program dataflow, Exported 
program dataflow, Set scheduled refresh on program dataflow, Requested 
program dataflow refresh, Received program dataflow secret from Key 
Vault, Attached dataflow storage account, Migrated dataflow storage 
location, Updated dataflow storage assignment permissions, Set dataflow 
storage location for workspace, Took ownership of program dataflow, 
Canceled program dataflow refresh, Created program email subscription, 
Updated program email subscription, Deleted program email subscription, 
Created program folder, Deleted program folder, Updated program folder, 
Added program folder access, Deleted program folder access, Updated 
program folder access, Posted program comment, Deleted program comment, 
Analyzed program report, Viewed program usage metrics, Edited program 
dataset endorsement, Edited program dataflow endorsement, Edited 
program report endorsement, Edited program app endorsement, Retrieved 
list of modified worksapces in program tenant, Sent a scan request in 
program tenant, Retrieve scan result in program tenant, Inserted 
snapshot for user in program tenant, Updated snapshot for user in 
program tenant, Deleted snapshot for user in program tenant, Inserted 
snapshot for user in program tenant, Updated snapshot for user in 
program tenant, Deleted snapshot for user in program tenant, Retrieved 
snapshots for user in program tenant, Edited program certification 
permission, Took over a program data source, Updated capacity custom 
settings, Created workspace for program template app, Deleted workspace 
for program template app, Updated settings for program template app, 
Updated testing permissions for program template app, Created program 
template app, Deleted program template app, Promoted program template 
app, Installed program template app, Updated parameters for installed 
program template app, Created install ticker for installing program 
template app, Updated an organizational custom visual, Created an 
organizational custom visual, Deleted an organizational custom visual, 
Custom visual requested Enterprise Information Technology Account 
Administration access token, Customer visual requested Cloud-based 
productivity software access token, Connected to program dataset from 
external app, Created program dataset from external app, Deleted 
program dataset from external app, Edited program dataset from external 
app, Requested program dataset refresh from external app, Requested SAS 
token for program storage, Requested account key for program storage, 
Assigned a workspace to a deployment pipeline, Removed a workspace from 
a deployment pipeline, Deleted

[[Page 24905]]

deployment pipeline, Created deployment pipeline, Deployed to a 
pipeline stage, Updated deployment pipeline configuration, Updated 
deployment pipeline access, Added external resource, Added link to 
external resource, Deleted link to external resource, Updated featured 
tables, Applied sensitivity label to program artifact, Changed 
sensitivity label for program artifact, Deleted sensitivity label from 
program artifact.
    19. Productivity Analysis activities: Updated privacy setting, 
Updated data access setting, Uploaded organization data, Created 
meeting exclusion, Updated preferred meeting exclusion, Execute query, 
Canceled query, Deleted result, Downloaded report, Accessed Odata link, 
Viewed query visualization, Viewed explore, Created partition, Updated 
partition, Deleted partition, User logged in, User logged out.
    20. Briefing email activities: Updated user privacy settings, 
Updated organization privacy settings.
    21. Cloud-based Collaboration Application activities: Created team, 
Deleted team, Added channel, Deleted channel, Changed organization 
setting, Changed team setting, Changed channel setting, User signed in 
to Cloud-based Collaboration Application, Added members, Changed role 
of members, Removed members, Added bot to team, Removed bot from team, 
Added tab, Removed tab, Updated tab, Added connector, Removed 
connector, Updated connector, Downloaded analytics report, Upgraded 
Cloud-based Collaboration Application device, Blocked Cloud-based 
Collaboration Application device, Unblocked Cloud-based Collaboration 
Application device, Changed configuration of Cloud-based Collaboration 
Application device, Enrolled Cloud-based Collaboration Application 
device, Installed app, Upgraded app, Uninstalled app, Published app, 
Updated app, Deleted app, Deleted all organization apps, Performed 
action on card, Added scheduling group, Edited scheduling group, 
Deleted scheduling group, Added shift, Edited shift, Deleted shift, 
Added time off, Edited time off, Deleted time off, Added open shift, 
Edited open shift, Deleted open shift, Shared schedule, Clocked in 
using Time clock, Clocked out using Time clock, Started break using 
Time clock, Ended break using Time clock, Added Time clock entry, 
Edited Time clock entry, Deleted Time clock entry, Added shift request, 
Responded to shift request, Canceled shift request, Changed schedule 
setting, Added workforce integration, Accepted off shift message.
    22. Cloud-based Collaboration Application approvals activities: 
Created new approval request, Viewed approval request details, Approved 
approval request, Rejected approval request, Canceled approval request, 
Shared approval request, File attached to approval request, Reassigned 
approval request, Added e-signature to approval request.
    23. Enterprise Social Network activities: Changed data retention 
policy, Changed network configuration, Changed network profile 
settings, Changed private content mode, Changed security configuration, 
Created file, Created group, Deleted group, Deleted message, Downloaded 
file, Exported data, Shared file, Suspended network user, Suspended 
user, Updated file description, Updated file name, Viewed file.
    24. Enterprise Customer Relationship Management activities: 
Accessed out-of-box entity (deprecated), Accessed custom entity 
(deprecated), Accessed admin entity (deprecated), Performed bulk 
actions (deprecated), All Enterprise Customer Relationship Management 
activities, Accessed Enterprise Customer Relationship Management admin 
center (deprecated), Accessed internal management tool (deprecated), 
Signed in or out (deprecated), Activated process or plug-in 
(deprecated).
    25. Information Systems Infrastructure Automation activities: 
Created flow, Edited flow, Deleted flow, Edited flow permissions, 
Deleted flow permissions, Started a Flow paid trial, Renewed a Flow 
paid trial.
    26. Application authoring program activities: Created app, Edited 
app, Deleted app, Launched app, Published app, Marked app as Hero, 
Marked app as Featured, Edited app permission, Restored app version.
    27. Enterprise Automation DLP activities: Created DLP Policy, 
Updated DLP Policy, Deleted DLP Policy.
    28. Video platform activities: Created video, Edited video, Deleted 
video, Uploaded video, Downloaded video, Edited video permission, 
Viewed video, Shared video, Liked video, Unliked video, Commented on 
video, Deleted video comment, Uploaded video text track, Deleted video 
text track, Uploaded video thumbnail, Deleted video thumbnail, Replaced 
video permissions and channel links, Marked video public, Marked video 
private, Created Video platform group, Edited Video platform group, 
Deleted Video platform group, Edited Video platform group memberships, 
Created Video platform channel, Edited Video platform channel, Deleted 
a Video platform channel, Replaced Video platform channel thumbnails, 
Edited Video platform user settings, Edited tenant settings, Edited 
global role members, Deleted Video platform user, Deleted Video 
platform user's data report, Edited Video platform user, Exported Video 
platform user's data report, Downloaded Video platform user's data 
report.
    29. Content explorer activities: Accessed item
    30. Quarantine activities: Previewed Quarantine message, Deleted 
Quarantine message, Released Quarantine message, Exported Quarantine 
message, Viewed Quarantine Message's header.
    31. Customer Key Service Encryption activities: Fallback to 
Availability Key
    32. Form application activities: Created form, Edited form, Moved 
form, Deleted form, Viewed form, Previewed form, Exported form, Allowed 
share form for copy, Added form co-author, Removed form co-author, 
Viewed response page, Created response, Updated response, Deleted all 
responses, Deleted response, Viewed responses, Viewed response, Created 
summary link, Deleted summary link, Updated from phishing status, 
Updated user phishing status, Sent premium form product invitation, 
Updated form setting, Updated user setting, Listed forms.
    33. Sensitivity label activities: Applied sensitivity label to 
site, Removed sensitivity label from site, Applied sensitivity label to 
file, Changed sensitivity label applied to file, Removed sensitivity 
label from file.
    34. Local machine communications platform system command 
activities: Set tenant federation.
    35. Search activities: Performed email search, Performed Cloud-
based Enterprise Storage search.
    36. Security analytics activities: Attempted to compromise 
accounts.
    37. Device activities: Printed file, Deleted file, Renamed file, 
Created file, Modified file, Read file, Captured screen, Copied file to 
removable media, Copied file to network share, Copied file to 
clipboard, Uploaded file to cloud, File accessed by an unallowed 
application.
    38. Information barrier activities: Removed segment from site, 
Changed segment of site, Applied segment to site.
    39. On-premises DLP scanning activities: Matched DLP rule, Enforced 
DLP rule.
    40. Individual Productivity Analytics activities: Updated user 
settings, Updated organization settings.
    41. Exact Data Match (EDM) activities: Created EDM schema, Modified 
EDM schema, Removed EDM scheme,

[[Page 24906]]

Completed EDM data upload, Failed EDM data upload.
    42. Enterprise Information System Information Protection 
activities: Accessed file, Discovered file, Applied sensitivity label, 
Updated sensitivity label, Removed sensitivity label, Removed file, 
Applied protection, Changed protection, Removed protection, Received 
AIP heartbeat.
    43. Data Repository Team Discussion Post Actions: Team Discussion 
Post Updated, Team Discussion Post Destroyed.
    44. Data Repository Team Discussion Post Reply Actions: Team 
Discussion Post Reply Updated, Team Discussion Post Reply Destroyed.
    45. Data Repository Enterprise Actions: Self-Hosted Runner Removed, 
Self-Hosted Runner Registered, Self-Hosted Runner Group Created, Self-
Hosted Runner Group Removed, Self-Hosted Runner Removed From Group, 
Self-Hosted Runner Added To Group, Self-Hosted Runner Group Member List 
Updated, Self-Hosted Runner Group Configuration Changed, Self-Hosted 
Runner Updated.
    46. Data Repository Hook Actions: Hook Created, Hook Configuration 
Changed, Hook Destroyed, Hook Events Altered.
    47. Data Repository Integration Installation Request Actions: 
Integration Installation Request Created, Integration Installation 
Request Closed.
    48. Data Repository Issue Action: Issue Destroyed.
    49. Data Repository Org Actions: Secret Action Created, Member 
Creation Disabled, Two Factor Authentication Requirement Disabled, 
Member Creation Enabled, Two Factor Authentication Enabled, Member 
Invited, Self-Hosted Runner Registered, Secret Action Removed, Member 
Removed, Outside Collaborator Removed, Self-Hosted Runner Removed, 
Self-Hosted Runner Group Created, Self-Hosted Runner Group Removed, 
Self-Hosted Runner Group Updated, Secret Action Updated, Repository 
Default Branch Named Updated, Default Repository Permission Updated, 
Member Role Updated, Member Repository Creation Permission Updated.
    50. Data Repository Organization Label Actions: Default Label 
Created, Default Label Updated, Default Label Destroyed.
    51. Data Repository Oauth Application Actions: Oauth Application 
Created, Oauth Application Destroyed, Oauth Application Secret Reset, 
Oauth Application Token Revoked, Oauth Application Transferred.
    52. Data Repository Profile Picture Actions: Organization Profile 
Picture Updated.
    53. Data Repository Project Actions: Project Board Created, Project 
Board Linked, Project Board Renamed, Project Board Updated, Project 
Board Deleted, Project Board Unlinked, Project Board Permissions 
Updated, Project Board Team Permissions Updated, Project Board User 
Permission Updated.
    54. Data Repository Protected Branch Actions: Branch Protection 
Enabled, Branch Protection Destroyed, Branch Protection Enforced For 
Administrators, Branch Enforcement Of Required Code Owner Enforced, 
Stale Pull Request Dismissal Enforced, Branch Commit Signing Updated, 
Pull Request Review Updated, Required Status Check Updated, Requirement 
For Branch To Be Up To Date Before Merging Changed, Branch Update 
Attempt Rejected, Branch Protection Requirement Overridden, Force Push 
Enabled, Force Push Disabled, Branch Deletion Enabled, Branch Deletion 
Disabled, Linear Commit History Enabled, Linear Commit History 
Disabled.
    55. Data Repository Repo Actions: User Visibility Changed, Actions 
Enabled For Repository, Collaboration Member Added, Topic Added To 
Repository, Repository Archived, Anonymous Git Read Access Disabled, 
Anonymous Git Read Access Enabled, Anonymous Git Read Access Setting 
Locked, Anonymous Git Read Access Setting Unlocked, New Repository 
Created, Secret Created For Repository, Repository Deleted, Repository 
Enabled, Secret Removed, User Removed, Self-Hosted Runner Registered, 
Topic Removed From Repository, Repository Renamed, Self-Hosted Runner 
Updated, Repository Transferred, Repository Transfer Started, 
Repository Unarchived, Secret Action Updated.
    56. Data Repository Dependency Graph Actions: Dependency Graph 
Disabled, Dependency Graph Disabled for New Repository, Dependency 
Graph Enabled, Dependency Graph Enabled for New Repository.
    57. Data Repository Secret Scanning Actions: Secret Scanning 
Disabled for Individual Repository, Secret Scanning Disabled for All 
Repositories, Secret Scanning Disabled for New Repositories, Secret 
Scanning Enabled for Individual Repository, Secret Scanning Enabled for 
All Repositories, Secret Scanning Enabled for New Repositories.
    58. Data Repository Vulnerability Alert Actions: Vulnerable 
Dependency Alert Created, Vulnerable Dependency Alert Dismissed, 
Vulnerable Dependency Alert Resolved.
    59. Data Repository Team Actions: Member Added To Team, Repository 
Added To Team, Team Parent Changed, Team Privacy Level Changed, Team 
Created, Member Demoted In Team, Team Destroyed, Member Promoted In 
Team, Member Removed From Team, Repository Removed From Team.
    60. Data Repository Team Discussion Actions: Team Discussion 
Disabled, Team Discussion Enabled.
    61. Data Repository Workflow Actions: Workflow Run Cancelled, 
Workflow Run Completed, Workflow Run Created, Workflow Run Deleted, 
Workflow Run Rerun, Workflow Job Prepared.
    62. Data Repository Account Actions: Billing Plan Change, Plan 
Change, Pending Plan Change, Pending Subscription Change.
    63. Data Repository Advisory Credit Actions: Accept Credit, Create 
Credit, Decline Credit, Destroy Credit.
    64. Data Repository Billing Actions: Change Billing Type, Change 
Email.
    65. Data Repository Bot Alerts Actions: Disable Bot, Enable Bot.
    66. Data Repository Bot Alerts for New Repository Actions: Disable 
Alerts, Enable Alerts.
    67. Data Repository Bot Security Alerts for Update Actions: Disable 
Security Update Alerts, Enable Security Update Alerts.
    68. Data Repository Bot Security Alerts for New Repository Actions: 
Disable New Repository Security Alerts, Enable New Repository Security 
Alerts.
    69. Data Repository Environment Actions: Create Actions Secret, 
Delete, Remove Actions Secret, Update Actions Secret.
    70. Data Repository Git Actions: Clone, Fetch, Push.
    71. Data Repository Marketplace Agreement Signature Actions: 
Create.
    72. Data Repository Marketplace Listing Actions: Approve, Create, 
Delist, Redraft, Reject
    73. Data Repository Members Can Create Pages Actions: Enable, 
Disable
    74. Data Repository Organization Credential Authorization Actions: 
Security Assertion Markup Language Single-Sign On Authorized, Security 
Assertion Markup Language Single-Sign On Deauthorized, Authorized 
Credentials Revoked.
    75. Data Repository Package Actions: Package Version Published, 
Package Version Deleted, Package Deleted, Package Version Restored, 
Package Restored.
    76. Data Repository Payment Method Actions: Payment Method Cleared, 
Payment Method Created, Payment Method Updated.
    77. Data Repository Advisory Actions: Security Advisory Closed, 
Common

[[Page 24907]]

Vulnerabilities And Exposures Advisory Requested, Data Repository 
Security Advisory Made Public, Data Repository Security Advisory 
Withdrawn, Security Advisory Opened, Security Advisory Published, 
Security Advisory Reopened, Security Advisory Updated.
    78. Data Repository Content Analysis: Data Use Settings Enabled, 
Data Use Settings Disabled.
    79. Data Repository Sponsors Actions: Repo Funding Link Button 
Toggle, Repo Funding Links File Action, Sponsor Sponsorship Cancelled, 
Sponsor Sponsorship Created, Sponsor Sponsorship Preference Changed, 
Sponsor Sponsorship Tier Changed, Sponsored Developer Approved, 
Sponsored Developer Created, Sponsored Developer Profile Updated, 
Sponsored Developer Request Submitted For Approval, Sponsored Developer 
Tier Description Updated, Sponsored Developer Newsletter Sent, 
Sponsored Developer Invited From Waitlist, Sponsored Developer Joined 
From Waitlist.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Standard routine uses 1. through 9. apply. In addition:
    (a) Disclosure of records to appropriate agencies, entities, and 
persons when (1) the Postal Service suspects or has confirmed that 
there has been a breach of the system of records; (2) the Postal 
Service has determined that as a result of the suspected or confirmed 
breach there is a risk of harm to individuals, the Postal Service 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the Postal Service's efforts to respond to 
the suspected or confirmed breach or to prevent, minimize, or remedy 
such harm.

RECORD SOURCE CATEGORIES:
    Employees; contractors; suppliers; customers.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Automated database, computer storage media, and paper.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records relating to system administration are retrievable by user 
ID.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records relating to system administration are retained for twenty-
four months.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Paper records, computers, and computer storage media are located in 
controlled-access areas under supervision of program personnel. 
Computer access is limited to authorized personnel with a current 
security clearance, and physical access is limited to authorized 
personnel who must be identified with a badge.
    Access to records is limited to individuals whose official duties 
require such access. Contractors and licensees are subject to contract 
controls and unannounced on-site audits and inspections.
    Computers are protected by encryption, mechanical locks, card key 
systems, or other physical access control methods. The use of computer 
systems is regulated with installed security software, computer logon 
identifications, and operating system controls including access 
controls, terminal and transaction logging, and file management 
software.

RECORD ACCESS PROCEDURES:
    Requests for access must be made in accordance with the 
Notification Procedure above and USPS Privacy Act regulations regarding 
access to records and verification of identity under 39 CFR 266.5.

CONTESTING RECORD PROCEDURES:
    See Notification Procedure and Record Access Procedures above.

NOTIFICATION PROCEDURE:
    Customers wanting to know if other information about them is 
maintained in this system of records must address inquiries in writing 
to the Chief Information Officer and Executive Vice President and 
include their name and address.

EXEMPTION(S) PROMULGATED FROM THIS SYSTEM:
    None.

HISTORY:
    None.

Joshua J. Hofer,
Attorney, Ethics & Legal Compliance.
[FR Doc. 2021-09752 Filed 5-7-21; 8:45 am]
BILLING CODE P