Privacy Act of 1974; System of Records, 15275-15277 [2022-05654]

Agencies

• Postal Service

[Federal Register Volume 87, Number 52 (Thursday, March 17, 2022)]
[Notices]
[Pages 15275-15277]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-05654]


=======================================================================
-----------------------------------------------------------------------

POSTAL SERVICE


Privacy Act of 1974; System of Records

AGENCY: Postal Service\TM\.

ACTION: Notice of modified systems of records.

-----------------------------------------------------------------------

SUMMARY: The United States Postal Service[supreg] (Postal Service) is 
proposing to revise a Customer Privacy Act System of Records (SOR). 
These modifications are being made to store, send, and host emails for 
Informed Delivery on a cloud-based platform.

DATES: These revisions will become effective without further notice on 
April 18, 2022, unless in response to comments received on or before 
that date result in a contrary determination.

ADDRESSES: Comments may be submitted via email to the Privacy and 
Records Management Office, United States Postal Service Headquarters 
([email protected]). To facilitate public inspection, arrangements to 
view copies of any written comments received will be made upon request.

FOR FURTHER INFORMATION CONTACT: Janine Castorina, Chief Privacy and 
Records Management Officer, Privacy and Records Management Office, 202-
268-3069 or [email protected].

SUPPLEMENTARY INFORMATION: This notice is in accordance with the 
Privacy Act requirement that agencies publish their systems of records 
in the Federal Register when there is a revision, change, or addition, 
or when the agency establishes a new system of records. The Postal 
Service has determined that Customer Privacy Act System of Records, 
USPS 820.300 Informed Delivery, should be revised to support the 
migration of emails to a cloud-based platform.

I. Background

    The Postal Service has determined that Customer Privacy Act Systems 
of Records (SOR), USPS 820.300 Informed Delivery, should be revised to 
store, send, and host emails for Informed Delivery on a cloud-based 
platform.

II. Rationale for Changes to USPS Privacy Act Systems of Records

    The Postal Service constantly seeks to improve efficiency and 
customer satisfaction. To that end, the Postal Service seeks to 
implement a new hosting service for Informed Delivery Daily Digest 
emails through the cloud, replacing the current on-premises solutions.

III. Description of the Modified System of Records

    To implement the change to a cloud-based platform, this System of 
Records will be modified to include several new categories of records, 
numbered 11 through 21, to identify data elements associated with Daily 
Digest emails which will be collected and stored as part of this 
migration. In addition, a new purpose has been added to identify this 
new process. Finally, a retention period for the records generated in 
association with these activities has been added.
    Pursuant to 5 U.S.C. 552a (e)(11), interested persons are invited 
to submit written data, views, or arguments on this proposal. A report 
of the proposed revisions has been sent to Congress and to the Office 
of Management and Budget for their evaluations. The Postal Service does 
not expect this amended system of records to have any adverse effect on 
individual privacy rights. The notice for USPS SOR 820.300, Informed 
Delivery is provided below in its entirety, as follows:
SYSTEM NAME AND NUMBER
    USPS 820.300, Informed Delivery.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    USPS Headquarters; Contractor Sites; Cloud-based Contractor Sites; 
Wilkes-Barre Solutions Center; and Eagan, MN.

SYSTEM MANAGER(S):
    Vice President, Innovative Business Technology, United States 
Postal Service, 475 L'Enfant Plaza SW, Washington, DC 20260-1010.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    39 U.S.C. 401, 403, and 404.

PURPOSE(S) OF THE SYSTEM:
    1. To support the Informed Delivery[supreg] notification service 
which provides customers with electronic notification of physical mail 
that is intended for delivery at the customer's address.
    2. To provide daily email communication to consumers with images of 
the letter-size mailpieces that they can expect to be delivered to 
their mailbox each day.
    3. To provide an enhanced customer experience and convenience for 
mail delivery services by linking physical mail to electronic content.

[[Page 15276]]

    4. To obtain and maintain current and up-to-date address and other 
contact information to assure accurate and reliable delivery and 
fulfillment of postal products, services, and other material.
    5. To determine the outcomes of marketing or advertising campaigns 
and to guide policy and business decisions through the use of 
analytics.
    6. To identify, prevent, or mitigate the effects of fraudulent 
transactions.
    7. To demonstrate the value of Informed Delivery in enhancing the 
responsiveness to physical mail and to promote use of the mail by 
commercial mailers and other postal customers.
    8. To enhance the customer experience by improving the security of 
Change of Address (COA) and Hold Mail processes.
    9. To protect USPS customers from becoming potential victims of 
mail fraud and identity theft.
    10. To identify and mitigate potential fraud in the COA and Hold 
Mail processes.
    11. To verify a customer's identity when applying for COA and Hold 
Mail services.
    12. To support the Targeted Offers application which enables 
customers to securely share their preferences related to marketing 
content with mailers.
    13. To facilitate the in-person enrollment process for the Informed 
Delivery feature.
    14. To provide customers with the option to voluntarily scan the 
barcode on the back of government issued IDs to capture name and 
address information that will be used to confirm eligibility and 
prefill information collected during the Informed Delivery in-person 
enrollment process.
    15. To store and send Daily Digest emails through a cloud-based 
service platform.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    1. Customers who are enrolled in Informed Delivery notification 
service.
    2. Customers who are enrolled in Targeted Offers.
    3. Mailers that use Informed Delivery notification service to 
enhance the value of the physical mail sent to customers.
    4. Mailers that use Targeted Offers to conduct more targeted 
digital and physical prospecting campaigns based on consumer 
preferences.

CATEGORIES OF RECORDS IN THE SYSTEM:
    1. Customer information: Name; customer ID(s); mailing (physical) 
address(es) and corresponding 11-digit delivery point ZIP Code; phone 
number(s); email address(es); text message number(s) and carrier.
    2. Customer account preferences: Individual customer preferences 
related Start Printed Page 2592 to email and online communication 
participation level for USPS and marketing information; and mail 
content preferences for Targeted Offers.
    3. Mailer Information: Mailing Categories for mailers that use 
Targeted Offers.
    4. Customer feedback: Information submitted by customers related to 
Informed Delivery notification service or any other postal product or 
service.
    5. Subscription information: Date of customer sign-up for services 
through an opt-in process; date customer opts-out of services; nature 
of service provided.
    6. Data on mailpieces: Destination address of mailpiece; 
Intelligent Mail barcode (IMb); 11-digit delivery point ZIP Code; and 
delivery status; identification number assigned to equipment used to 
process mailpiece.
    7. Mail Images: Electronic files containing images of mailpieces 
captured during normal mail processing operations.
    8. User Data associated with 11-digit ZIP Codes: Information 
related to the user's interaction with Informed Delivery email 
messages, including but not limited to, email open and click-through 
rates, dates, times, and open rates appended to mailpiece images (user 
data is not associated with personally identifiable information).
    9. Data on Mailings: Intelligent Mail barcode (IMb) and its 
components including the Mailer Identifier (Mailer ID or MID), Service 
Type Identifier (STID) Serial Number, and unique IA code.
    10. In-Person enrollment process: Name and address information 
collected from the voluntary scan of the barcode on the back of 
government issued IDs used to confirm eligibility and prefill 
enrollment information.
    11. Data associated with Informed Delivery emails: Technical 
information related to email addresses and deliveries, including emails 
sent, emails received, errors, user data, account data, data related to 
the detection and mitigation of technical issues, and any other 
information necessary to the effective and efficient administration of 
services related to the Informed Delivery feature.
    12. Cloud service Accepted Audit Log: Event, ID, Timestamp, Log 
Level, Method, Envelope Targets, Envelope Transports, Envelope Sender, 
Flags, Message Headers, Message To, Message ID, Message From Email 
Address, Message Subject, Message Attachments, Message Recipients, 
Recipient Email Address, Size, Storage URL, Storage Key, Recipient 
Domain, Campaign, Tags, User Variables.
    13. Cloud service Accepted (Routed) Audit Log: Event, ID, 
Timestamp, Log Level, Method, Route Expression, Route ID, Route Match 
Recipient, Envelope Targets, Envelope Transports, Envelope Sender, 
Flags--Is Routed, Flags--Is Authenticated, Flags--Is System Test, Flags 
Is Test Mode, Message Headers, Message To, Message ID, Message From 
Email Address, Message Subject, Message Attachments, Message 
Recipients, Recipient Email Address, Message Size, Storage URL, Storage 
Key, Recipient Domain, Campaign, Tags, User Variables.
    14. Cloud service Delivered Audit Log: Event, ID, Timestamp, Log 
Level, Method, Envelope Targets, Envelope Transports, Envelope Sender, 
Flags--Is Routed, Flags--Is Authenticated, Flags--Is System Test, Flags 
Is Test Mode Delivery Status TLS, Delivery Status MX Host, Deliver 
Status Code, Delivery Status Description, Delivery Status Session 
Seconds, Delivery Status UTF8, Delivery Status Attempt Number, Delivery 
Status Message, Delivery Status Certificated Verified, Message Headers, 
Message To, Message ID, Message From Email Address, Message Subject, 
Message Attachments, Recipient Email Address, Message Size, Storage 
URL, Storage Key, Recipient Domain, Campaign, Tags, User Variables.
    15. Cloud service Failed (Permanent) Audit Log: Flags--Event, ID, 
Timestamp, Log Level, Severity, Reason, Envelope Targets, Envelope 
Transports, Envelope Sender, Is Routed, Flags Is-Routed, Flags--Is 
Authenticated, Flags--Is System Test, Flags Is Test Mode, Delivery 
Status Attempt Number, Delivery Status Message, Delivery Status Code, 
Delivery Status Description, Delivery Status Session Seconds, Message 
Headers, Message To, Message ID, Message From Email Address, Message 
Subject, Message Attachments, Recipient Email Address, Message Size, 
Storage URL, Storage Key, Recipient Domain, Campaign, Tags, User 
Variables.
    16. Cloud service Failed (Permanent, Delayed Bounce) Audit Log: 
Event, ID, Timestamp, Log Level, Severity, Reason, Delivery Status 
Message, Delivery Status Code, Delivery Status Description, Flags Is-
Delayed-Bounce, Flags Is-Test-Mode, Message Headers, Message To, 
Message ID, Message From Email Address, Message Subject, Message 
Attachments, Message Size, Recipient Email Address, Campaigns, Tags, 
User Variables.
    17. Cloud service Failed (Temporary) Audit Log: Event, ID, 
Timestamp, Log Level, Severity, Reason, Envelope

[[Page 15277]]

Transport, Envelope Sender, Envelope Sending IP Address, Envelope 
Targets, Flags Id-Routed, Flags Is-Authenticated, Flags Is-System-Test, 
Flags Is-Test-Mode, Delivery Status TLS, Deliver Status MX Host, 
Delivery Status Code, Delivery Status Description, Delivery Status 
Session Seconds, Delivery Status Retry Seconds, Delivery Status Attempt 
Number, Delivery Status Message, Delivery Status Certificate Verified, 
Message Headers, Message To, Message ID, Message From Email Address, 
Message Subject, Message Attachments, Message Size, Storage URL, 
Storage Key, Recipient Email Address, Recipient Domain, Campaigns, 
Tags, User Variables.
    18. Cloud service Unsubscribed Audit Log: Event, ID, Timestamp, Log 
Level, Recipient Email Address, Geolocation Country, Geolocation 
Region, Geolocation City, Campaigns, Tags, User Variables, IP Address, 
Client Info Client Type, Client Info Client Operating System, Client 
Info Device Type, Client Info Client Name, Client Info User Agent, 
Message Headers, Message ID.
    19. Cloud service Complained Audit Log: Event, ID, Timestamp, Log 
Level, Recipient Email Address, Tags, Campaigns, User Variables, Flags 
Is-Test-Mode, Message Headers, Message To, Message ID, Message From, 
Message Subject, Message Attachments, Message Size.
    20. Cloud service Stored Audit Log: Event, ID, Timestamp, Log 
Level, Flags Is-Test-Mode, Message Headers, Message To, Message ID, 
Message From, Message Subject, Message Attachments, Message Recipients, 
Message Size, Storage URL, Storage Key, Campaigns, Tags, User 
Variables.
    21. Cloud service Rejected Audit Log: Event, ID, Timestamp, Log 
Level, Flags Is-Test-Mode, Reject Reason, Reject Description, Message 
Headers, Message To, Message ID, Message From, Message Subject, Message 
Attachments, Message Size, Campaigns, Tags, User Variables.

RECORD SOURCE CATEGORIES:
    Individual customers who request to enroll in the Informed Delivery 
feature notification service; usps.com account holders; other USPS 
systems and applications including those that support online change of 
address, mail hold services, Premium Forwarding Service, or P.O. Boxes 
Online; commercial entities, including commercial mailers or other 
Postal Service business partners and third-party mailing list 
providers.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    Standard routine uses 1. through 7., 10., and 11. apply.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Automated database and computer storage media.

POLICIES OF PRACTICES FOR RETRIEVAL OF RECORDS:
    By customer email address, 11-Digit ZIP Code and/or the Mailer ID 
component of the Intelligent Mail Barcode.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    1. Mailpiece images will be retained up to 7 days (mailpiece images 
are not associated with personally identifiable information). Records 
stored in the subscription database are retained until the customer 
cancels or opts out of the service.
    2. User data is retained for 2 years, 11 months.
    3. Records relating to Cloud Storage Audit Logs are retained for 13 
months.
    Records existing on computer storage media are destroyed according 
to the applicable USPS media sanitization practice. Any records 
existing on paper will be destroyed by burning, pulping, or shredding.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Computers and computer storage media are located in controlled-
access areas under supervision of program personnel. Access to these 
areas is limited to authorized personnel, who must be identified with a 
badge. Access to records is limited to individuals whose official 
duties require such access. Contractors and licensees are subject to 
contract controls and unannounced on-site audits and inspections. 
Computers are protected by mechanical locks, card key systems, or other 
physical access control methods. The use of computer systems is 
regulated with installed security software, computer logon 
identifications, and operating system controls including access 
controls, terminal and transaction logging, and file management 
software. Online data transmissions are protected by encryption. Access 
is controlled by logon ID and password. Online data transmissions are 
protected by encryption.

RECORD ACCESS PROCEDURES:
    Requests for access must be made in accordance with the 
Notification Procedure above and USPS Privacy Act regulations regarding 
access to records and verification of identity under 39 CFR 266.5.

CONTESTING RECORD PROCEDURES:
    See Notification Procedures below or Record Access Procedures 
above.

NOTIFICATION PROCEDURES:
    Customers who want to know if information about them is maintained 
in this system of records must address inquiries in writing to the 
system manager. Inquiries must contain name, address, email, and other 
identifying information.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    December 15, 2021, 86 FR 71299; December 27, 2018, 83 FR 66768; 
August 25, 2016, 81 FR 58542.
* * * * *

Joshua J. Hofer,
Attorney, Ethics and Legal Compliance.
[FR Doc. 2022-05654 Filed 3-16-22; 8:45 am]
BILLING CODE 7710-12-P