Privacy Act of 1974; System of Records, 20506-20509 [2024-06108]
Download as PDF
<![CDATA[
20506
Federal Register / Vol. 89, No. 57 / Friday, March 22, 2024 / Notices
Volunteers build after they return to the
United States from Peace Corps service.
The online survey was previously
administered in 2020 and 2022. Peace
Corps is seeking approval to administer
the survey to a new subset of RPCVs in
Fall 2024.
Request for Comment: The Peace
Corps invites comments on whether the
proposed collections of information are
necessary for proper performance of the
functions of the Peace Corps, including
whether the information will have
practical use; the accuracy of the
agency’s estimate of the burden of the
proposed collection of information,
including the validity of the information
to be collected; and ways to minimize
the burden of the collection of
information on those who are to
respond, including through the use of
automated collection techniques, when
appropriate, and other forms of
information technology.
This notice is issued in Washington, DC,
on March 19, 2024.
James Olin,
FOIA/Privacy Act Officer.
[FR Doc. 2024–06089 Filed 3–21–24; 8:45 am]
BILLING CODE 6051–01–P
POSTAL REGULATORY COMMISSION
[Docket Nos. MC2024–208 and CP2024–214]
New Postal Products
Postal Regulatory Commission.
Notice.
AGENCY:
ACTION:
The Commission is noticing a
recent Postal Service filing for the
Commission’s consideration concerning
a negotiated service agreement. This
notice informs the public of the filing,
invites public comment, and takes other
administrative steps.
DATES: Comments are due: March 26,
2024.
SUMMARY:
Submit comments
electronically via the Commission’s
Filing Online system at https://
www.prc.gov. Those who cannot submit
comments electronically should contact
the person identified in the FOR FURTHER
INFORMATION CONTACT section by
telephone for advice on filing
alternatives.
ddrumheller on DSK120RN23PROD with NOTICES1
ADDRESSES:
FOR FURTHER INFORMATION CONTACT:
David A. Trissell, General Counsel, at
202–789–6820.
SUPPLEMENTARY INFORMATION:
Table of Contents
19:15 Mar 21, 2024
II. Docketed Proceeding(s)
1. Docket No(s).: MC2024–208 and
CP2024–214; Filing Title: USPS Request
to Add Priority Mail & Ground
Advantage Contract 202 to Competitive
Product List and Notice of Filing
Materials Under Seal; Filing Acceptance
Date: March 18, 2024; Filing Authority:
39 U.S.C. 3642, 39 CFR 3040.130
through 3040.135, and 39 CFR 3035.105;
Public Representative: Kenneth R.
1 See Docket No. RM2018–3, Order Adopting
Final Rules Relating to Non-Public Information,
June 27, 2018, Attachment A at 19–22 (Order No.
4679).
I. Introduction
II. Docketed Proceeding(s)
VerDate Sep<11>2014
I. Introduction
The Commission gives notice that the
Postal Service filed request(s) for the
Commission to consider matters related
to negotiated service agreement(s). The
request(s) may propose the addition or
removal of a negotiated service
agreement from the Market Dominant or
the Competitive product list, or the
modification of an existing product
currently appearing on the Market
Dominant or the Competitive product
list.
Section II identifies the docket
number(s) associated with each Postal
Service request, the title of each Postal
Service request, the request’s acceptance
date, and the authority cited by the
Postal Service for each request. For each
request, the Commission appoints an
officer of the Commission to represent
the interests of the general public in the
proceeding, pursuant to 39 U.S.C. 505
(Public Representative). Section II also
establishes comment deadline(s)
pertaining to each request.
The public portions of the Postal
Service’s request(s) can be accessed via
the Commission’s website (https://
www.prc.gov). Non-public portions of
the Postal Service’s request(s), if any,
can be accessed through compliance
with the requirements of 39 CFR
3011.301.1
The Commission invites comments on
whether the Postal Service’s request(s)
in the captioned docket(s) are consistent
with the policies of title 39. For
request(s) that the Postal Service states
concern Market Dominant product(s),
applicable statutory and regulatory
requirements include 39 U.S.C. 3622, 39
U.S.C. 3642, 39 CFR part 3030, and 39
CFR part 3040, subpart B. For request(s)
that the Postal Service states concern
Competitive product(s), applicable
statutory and regulatory requirements
include 39 U.S.C. 3632, 39 U.S.C. 3633,
39 U.S.C. 3642, 39 CFR part 3035, and
39 CFR part 3040, subpart B. Comment
deadline(s) for each request appear in
section II.
Jkt 262001
PO 00000
Frm 00084
Fmt 4703
Sfmt 4703
Moeller; Comments Due: March 26,
2024.
This Notice will be published in the
Federal Register.
Erica A. Barker,
Secretary.
[FR Doc. 2024–06121 Filed 3–21–24; 8:45 am]
BILLING CODE 7710–FW–P
POSTAL SERVICE
Privacy Act of 1974; System of
Records
U.S. Postal Service®.
ACTION: Notice of a modified system of
records.
AGENCY:
The United States Postal
Service® (USPS®) is proposing to revise
a Customer Privacy Act Systems of
Records (SOR). These modifications are
being made to extend the availability of
identity verification services to
government agencies.
DATES: These revisions will become
effective without further notice on April
22, 2024 unless responses to comments
received on or before that date result in
a contrary determination.
ADDRESSES: Comments may be
submitted via email to the Privacy and
Records Management Office, United
States Postal Service Headquarters
(uspsprivacyfedregnotice@usps.gov). To
facilitate public inspection,
arrangements to view copies of any
written comments received will be
made upon request.
FOR FURTHER INFORMATION CONTACT:
Janine Castorina, Chief Privacy and
Records Management Officer, Privacy
and Records Management Office, 202–
268–3069 or uspsprivacyfedregnotice@
usps.gov.
SUMMARY:
This
notice is in accordance with the Privacy
Act requirement that agencies publish
their systems of records in the Federal
Register when there is a revision,
change, or addition, or when the agency
establishes a new system of records. The
Postal Service has determined that
Customer Privacy Act System of
Records USPS 910.000 Identity and
Document Verification Services, should
be revised to extend the availability of
identity verification services to
government agencies.
SUPPLEMENTARY INFORMATION:
I. Background
The Postal Service seeks to expand
their ability to provide identification
verification services to other
government agencies. The Postal Service
will therefore leverage its existing
E:\FR\FM\22MRN1.SGM
22MRN1
Federal Register / Vol. 89, No. 57 / Friday, March 22, 2024 / Notices
identity verification processes and
controls, combined with existing and
new identity validation documents, to
further support government agencies in
preventing and detecting fraud,
increasing security, and providing
stronger validation efforts as they fulfill
their obligations to the American
people.
II. Rationale for Changes to USPS
Privacy Act Systems of Records
The Postal Service will modify USPS
910.000 Identity and Document
Verification Services as follows in order
to expand its services:
Æ One new purpose, 22.
Æ One new Category of Records, 13.
III. Description of the Modified System
of Records
Pursuant to 5 U.S.C. 552a(e)(11),
interested persons are invited to submit
written data, views, or arguments on
this proposal. A report of the proposed
revisions to this SOR has been sent to
Congress and to the Office of
Management and Budget for their
evaluations. The Postal Service does not
expect this modified system of records
to have any adverse effect on individual
privacy rights. Accordingly, for the
reasons stated above, the Postal Service
proposes revisions to this system of
records. SOR 910.000 Identity and
Document Verification is provided
below in its entirety.
SYSTEM NAME AND NUMBER:
USPS 910.000, Identity and Document
Verification Services.
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
USPS Marketing, Headquarters;
Integrated Business Solutions Services
Centers; and contractor sites.
SYSTEM MANAGER(S):
Chief Information Officer and
Executive Vice President, United States
Postal Service, 475 L’Enfant Plaza SW,
Washington, DC 20260–1500.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
39 U.S.C. 401, 403, 404, and 411.
ddrumheller on DSK120RN23PROD with NOTICES1
PURPOSE(S) OF THE SYSTEM:
1. To provide services related to
identity and document verification
services.
2. To issue and manage public key
certificates, user registration, email
addresses, and/or electronic postmarks.
3. To provide secure mailing services.
4. To protect business and personal
communications.
5. To enhance personal identity and
privacy protections.
VerDate Sep<11>2014
19:15 Mar 21, 2024
Jkt 262001
6. To improve the customer
experience and facilitate the provision
of accurate and reliable delivery
information.
7. To identify, prevent, or mitigate the
effects of fraudulent transactions.
8. To support other Federal
Government Agencies by providing
authorized services.
9. To ensure the quality and integrity
of records.
10. To enhance the customer
experience by improving the security of
Change-of-Address (COA) and Hold
Mail processes, along with other
products, services and features that
require identity proofing and document
verification.
11. To protect USPS customers from
becoming potential victims of mail
fraud and identity theft.
12. To identify and mitigate potential
fraud in the COA and Hold Mail
processes, along with other products,
services and features that require
identity proofing and document
verification.
13. To verify a customer’s identity
when applying for COA and Hold Mail
services, along with other products,
services and features that require
identity proofing and document
verification.
14. To provide an audit trail for COA
and Hold Mail requests (linked to the
identity of the submitter).
15. To enhance remote identity
proofing with a Phone Verification and
One-Time Passcode solution.
16. To enhance remote identity
proofing, improve fraud detection and
customer’s ability to complete identity
proofing online with a Device
Reputation Remote Identity Verification
solution.
17. To verify a customer’s Identity
using methods and Identity Proofing
standards that voluntarily align with
NIST Special Publication 800.63 and
support other Federal Agency partner
security requirements.
18. To enhance In-Person identity
proofing, improve Identity Document
fraud detection and enable a customer
to successfully complete identity
proofing activities required for access to
Postal Service products, services and
features.
19. To enhance In-Person identity
proofing, improve Identity Document
fraud detection and enable a customer
to successfully complete identity
proofing activities as required by
partnering Federal Agencies to
authorize or allow individual customer
access to a privilege, system, or role.
20. To facilitate the In-Person
enrollment process for the Informed
Delivery® feature.
PO 00000
Frm 00085
Fmt 4703
Sfmt 4703
20507
21. To provide customers with the
option to voluntarily scan the barcode
on the back of government issued IDs to
capture name and address information
that will be used to confirm eligibility
and prefill information collected during
the In-Person Informed Delivery
enrollment process.
22. To provide identity verification
documents to United States government
agencies and third parties, with
customer consent, for validation and
security.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
1. Customers who apply for identity
and document verification services.
2. Customers who may require
identity verification for Postal products,
services and features.
3. USPS customers who sign-up,
register or enroll to participate as users
in programs, request features, or obtain
products and/or services that require
document or identity verification.
4. Individual applicants and users
that require identity verification or
document verification services
furnished by the Postal Service in
cooperation with other Government
agencies.
CATEGORIES OF RECORDS IN THE SYSTEM:
1. Customer information: Name,
address, customer ID(s), telephone
number, text message number and
carrier, mail and email address, date of
birth, place of birth, company name,
title, role, and employment status.
2. Customer preference information:
Preferred means of contact.
3. Authorized User Information:
Names and contact information of users
who are authorized to have access to
data.
4. Verification and payment
information: Credit or debit card
information or other account number,
government issued ID type and number,
verification question and answer, and
payment confirmation code. (Note:
Social Security Number and credit or
debit card information may be collected,
but not stored, in order to verify ID.)
5. Biometric information: Fingerprint,
photograph, height, weight, and iris
scans. (Note: Information may be
collected, secured, and returned to
customer or third parties at the request
of the customer, but not stored.)
6. Digital certificate information:
Customer’s public key(s), certificate
serial numbers, distinguished name,
effective dates of authorized certificates,
certificate algorithm, date of revocation
or expiration of certificate, and USPSauthorized digital signature.
E:\FR\FM\22MRN1.SGM
22MRN1
20508
Federal Register / Vol. 89, No. 57 / Friday, March 22, 2024 / Notices
7. Online user information: Device
identification, device reputation risk
and confidence scores.
8. Transaction information: Clerk
signature; transaction type, date and
time, location, source of transaction;
product use and inquiries; Change of
Address (COA) and Hold Mail
transactional data.
9. Electronic information: Information
related to encrypted or hashed
documents.
10. Recipient information: Electronic
signature ID, electronic signature image,
electronic signature expiration date, and
timestamp.
11. In-Person Proofing and Enhanced
Identity Verification Attributes:
Contents of Valid Identification (ID)
Documents; High resolution images of
front and back of ID documents, bar
code on ID Document and the content
of displayed and encoded fields on ID
documents that may be collected and
stored in order to facilitate security
validation and Identity Proofing of an
applicant, participant or customer’s ID;
Facial Image; Name, Address, and
Unique ID Document number; Birthdate,
Eye Color, Height and Weight;
Signature; Organ donation preference.
12. Strong ID Documents used for InPerson Identity Proofing: Photo ID,
unique ID Number and the name of the
Individual being identified; Passports,
Passport cards; State ID Cards, State
Driver’s Licenses: Uniformed Service
ID’s, and Government ID documents.
13. Fair ID Documents used for InPerson Identity Proofing: Residential
Lease, Real Estate Deed of Trust, Voter
Registration Card, Vehicle Registration
Card, Home Insurance Policy
Documents, Vehicle Insurance Policy
Documents.
RECORD SOURCE CATEGORIES:
Individual Customers, Users,
Participants and Applicants.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
ddrumheller on DSK120RN23PROD with NOTICES1
Standard routine uses 1. through 7.,
10., and 11. apply.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
1. Records related to Pending Public
Key Certificate Application Files are
added as received to an electronic
database, moved to the authorized
certificate file when they are updated
with the required data, and records not
updated within 90 days from the date of
receipt are destroyed.
2. Records related to the Public Key
Certificate Directory are retained in an
electronic database, are consistently
updated, and records are destroyed as
they are superseded or deleted.
3. Records related to the Authorized
Public Key Certificate Master File are
retained in an electronic database for
the life of the authorized certificate.
4. When the certificate is revoked, it
is moved to the certificate revocation
file.
5. The Public Key Certificate
Revocation List is cut off at the end of
each calendar year and records are
retained 30 years from the date of cutoff.
Records may be retained longer with
customer consent or request.
6. Other records in this system are
retained 7 years, unless retained longer
by request of the customer.
7. Records related to electronic
signatures are retained in an electronic
database for 3 years.
8. Other categories of records are
retained for a period of up to 30 days.
9. Driver’s License data will be
retained for 5 years.
10. COA and Hold Mail transactional
data will be retained for 5 years.
11. Records related to Phone
Verification/One-Time Passcode and
Device Reputation assessment will be
retained for 7 years.
12. Records collected for Identity
Proofing at the Identity Assurance Level
2 (IAL–2), including ID document
images, Identity Verification Attributes,
and associated data will be retained up
to 5 years, or as stipulated within
Interagency Agreements (IAAs) with
partnering Federal Agencies. Records
existing on paper are destroyed by
burning, pulping, or shredding. Records
existing on computer storage media are
destroyed according to the applicable
USPS media sanitization practice.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
Automated databases, computer
storage media, and paper.
Paper records, computers, and
computer storage media are located in
controlled-access areas under
supervision of program personnel.
Access to these areas is limited to
authorized personnel, who must be
identified with a badge.
Access to records is limited to
individuals who need the information to
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
By customer name, customer ID(s),
distinguished name, certificate serial
number, receipt number, transaction
date, and email addresses.
VerDate Sep<11>2014
19:15 Mar 21, 2024
Jkt 262001
PO 00000
Frm 00086
Fmt 4703
Sfmt 4703
perform their job and whose official
duties require such access.
Contractors and licensees are subject
to contract controls and unannounced
on-site audits and inspections.
Computers are protected by
mechanical locks, card key systems, or
other physical access control methods.
The use of computer systems is
regulated with installed security
software, computer logon
identifications, and operating system
controls including access controls,
terminal and transaction logging, and
file management software.
Key pairs are protected against
cryptanalysis by encrypting the private
key and by using a shared secret
algorithm to protect the encryption key,
and the certificate authority key is
stored in a separate, tamperproof,
hardware device. Activities are audited,
and archived information is protected
from corruption, deletion, and
modification. For authentication
services and electronic postmark,
electronic data is transmitted via secure
socket layer (SSL) encryption to a
secured data center. Computer media
are stored within a secured, locked
room within the facility. Access to the
database is limited to the system
administrator, database administrator,
and designated support personnel.
Paper forms are stored within a secured
area within locked cabinets.
RECORD ACCESS PROCEDURES:
Requests for access must be made in
accordance with the Notification
Procedure above and USPS Privacy Act
regulations regarding access to records
and verification of identity under 39
CFR 266.5.
CONTESTING RECORD PROCEDURES:
See Notification Procedure and
Record Access Procedures above.
NOTIFICATION PROCEDURES:
Customers wanting to know if other
information about them is maintained in
this system of records must address
inquiries in writing to the system
manager. Inquiries must contain name,
address, email, and other identifying
information.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
December 15, 2021; 86 FR 71294;
March 16, 2020, 85 FR 14982; December
13, 2018, 83 FR 64164; December 22,
2017, 82 FR 60776; August 29, 2014, 79
E:\FR\FM\22MRN1.SGM
22MRN1
Federal Register / Vol. 89, No. 57 / Friday, March 22, 2024 / Notices
Dated: March 20, 2024.
Vanessa A. Countryman,
Secretary.
FR 51627; October 24, 2011, 76 FR
65756; April 29, 2005, 70 FR 22516.
Christopher Doyle,
Attorney, Ethics and Compliance.
[FR Doc. 2024–06296 Filed 3–20–24; 4:15 pm]
BILLING CODE 8011–01–P
[FR Doc. 2024–06108 Filed 3–21–24; 8:45 am]
BILLING CODE 7710–12–P
SECURITIES AND EXCHANGE
COMMISSION
[Release No. 6576/March 18, 2024]
SECURITIES AND EXCHANGE
COMMISSION
Sunshine Act Meetings
Notice is hereby given,
pursuant to the provisions of the
Government in the Sunshine Act, Public
Law 94–409, that the Securities and
Exchange Commission will hold the
SEC–NASAA–Georgia Secretary of State
Joint Investor Roundtables on
Wednesday and Thursday, March 27,
and 28, 2024. The events will begin at
10 a.m. (ET) and will be open to the
public.
TIME AND DATE:
The meeting will be conducted
in-person at: Wednesday, March 27,
2024, University of North Georgia, Mike
Cottrell College of Business, 265 S
Chestatee St., Dahlonega, GA 30597, 10
a.m. to 4:30 p.m. (EST) and Thursday,
March 28, 2024, Dalton State College,
Wright School of Business, 650 College
Dr., Dalton, GA 30720, 10 a.m. to 4:30
p.m. (EST) and by remote means.
Members of the public may attend inperson or watch the webcast of the
events beginning at 1 p.m. each day on
the Commission’s website at
www.sec.gov.
PLACE:
This Sunshine Act notice is
being issued because a majority of the
Commission may attend the meeting.
STATUS:
These
public roundtables will be an
opportunity for investors, regulators,
and members of the investment
community to share their experiences
with SEC staff and discuss topics that
are important to them, such as securities
fraud and feedback on SEC rulemaking.
These events are designed to listen to
investors and better understand their
needs in future policy and practice.
Questions and feedback may be
submitted in advance to
InvestorEngagement@sec.gov.
ddrumheller on DSK120RN23PROD with NOTICES1
MATTERS TO BE CONSIDERED:
CONTACT PERSON FOR MORE INFORMATION:
For further information and to ascertain
what, if any, matters have been added,
deleted or postponed; please contact
Vanessa A. Countryman from the Office
of the Secretary at (202) 551–5400.
Authority: 5 U.S.C. 552b.
VerDate Sep<11>2014
19:15 Mar 21, 2024
Jkt 262001
Notice of Intention To Cancel
Registration Pursuant to Section
203(h) of the Investment Advisers Act
of 1940
Notice is given that the Securities and
Exchange Commission (the
‘‘Commission’’) intends to issue an
order, pursuant to Section 203(h) of the
Investment Advisers Act of 1940 (the
‘‘Act’’), cancelling the registration of
Hennii Investment Advisory Services,
Inc., File No. 801–120518, hereinafter
referred to as the ‘‘registrant.’’
Section 203(h) provides, in pertinent
part, that if the Commission finds that
any person registered under section 203,
or who has pending an application for
registration filed under that section, is
no longer in existence, is not engaged in
business as an investment adviser, or is
prohibited from registering as an
investment adviser under section 203A,
the Commission shall by order, cancel
the registration of such person.
The registrant, since March of 2021,
has not filed a Form ADV amendment
with the Commission as required by
rule 204–1 under the Act and appears to
be no longer in business as an
investment adviser or is otherwise not
engaged in business as an investment
adviser.1 Accordingly, the Commission
believes that reasonable grounds exist
for a finding that this registrant is no
longer in existence and is no longer
eligible to be registered with the
Commission as an investment adviser
and that the registration should be
cancelled pursuant to section 203(h) of
the Act.
Notice is also given that any
interested person may, by April 12,
2024, at 5:30 p.m., submit to the
Commission in writing a request for a
hearing on the cancellation,
accompanied by a statement as to the
nature of his or her interest, the reason
for such request, and the issues, if any,
of fact or law proposed to be
controverted, and he or she may request
that he or she be notified if the
1 Rule 204–1 under the Act requires any adviser
that is required to complete Form ADV to amend
the form at least annually and to submit the
amendments electronically through the Investment
Adviser Registration Depository.
PO 00000
Frm 00087
Fmt 4703
Sfmt 4703
20509
Commission should order a hearing
thereon. Any such communication
should be emailed to the Commission’s
Secretary at Secretarys-Office@sec.gov.
At any time after April 12, 2024, the
Commission may issue an order
cancelling the registration, upon the
basis of the information stated above,
unless an order for a hearing on the
cancellation shall be issued upon
request or upon the Commission’s own
motion. Persons who requested a
hearing, or who requested to be advised
as to whether a hearing is ordered, will
receive any notices and orders issued in
this matter, including the date of the
hearing (if ordered) and any
postponements thereof. Any adviser
whose registration is cancelled under
delegated authority may appeal that
decision directly to the Commission in
accordance with rules 430 and 431 of
the Commission’s rules of practice (17
CFR 201.430 and 431).
ADDRESSES: The Commission:
Secretarys-Office@sec.gov.
FOR FURTHER INFORMATION CONTACT: Asaf
Barouk, Senior Counsel at 202–551–
6999; SEC, Division of Investment
Management, Office of Chief Counsel,
100 F Street NE, Washington, DC
20549–8549.
For the Commission, by the Division of
Investment Management, pursuant to
delegated authority.2
Sherry R. Haywood,
Assistant Secretary.
[FR Doc. 2024–06052 Filed 3–21–24; 8:45 am]
BILLING CODE 8011–01–P
SECURITIES AND EXCHANGE
COMMISSION
[Release No. 34–99762; File No. SR–CBOE–
2024–013]
Self-Regulatory Organizations; Cboe
Exchange, Inc.; Notice of Filing and
Immediate Effectiveness of a Proposed
Rule Change To Amend Its Fees
Schedule
March 18, 2024.
Pursuant to Section 19(b)(1) of the
Securities Exchange Act of 1934
(‘‘Act’’) 1 and Rule 19b–4 thereunder,2
notice is hereby given that on March 7,
2024, Cboe Exchange, Inc. (‘‘Exchange’’
or ‘‘Cboe Options’’) filed with the
Securities and Exchange Commission
(‘‘Commission’’) the proposed rule
change as described in Items I and II
below, which Items have been prepared
by the self-regulatory organization. The
2 17
CFR 200.30–5(e)(2).
U.S.C. 78s(b)(1).
2 17 CFR 240.19b–4.
1 15
E:\FR\FM\22MRN1.SGM
22MRN1
]]>Agencies
[Federal Register Volume 89, Number 57 (Friday, March 22, 2024)]
[Notices]
[Pages 20506-20509]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-06108]
=======================================================================
-----------------------------------------------------------------------
POSTAL SERVICE
Privacy Act of 1974; System of Records
AGENCY: U.S. Postal Service[supreg].
ACTION: Notice of a modified system of records.
-----------------------------------------------------------------------
SUMMARY: The United States Postal Service[supreg] (USPS[supreg]) is
proposing to revise a Customer Privacy Act Systems of Records (SOR).
These modifications are being made to extend the availability of
identity verification services to government agencies.
DATES: These revisions will become effective without further notice on
April 22, 2024 unless responses to comments received on or before that
date result in a contrary determination.
ADDRESSES: Comments may be submitted via email to the Privacy and
Records Management Office, United States Postal Service Headquarters
([email protected]). To facilitate public inspection,
arrangements to view copies of any written comments received will be
made upon request.
FOR FURTHER INFORMATION CONTACT: Janine Castorina, Chief Privacy and
Records Management Officer, Privacy and Records Management Office, 202-
268-3069 or [email protected].
SUPPLEMENTARY INFORMATION: This notice is in accordance with the
Privacy Act requirement that agencies publish their systems of records
in the Federal Register when there is a revision, change, or addition,
or when the agency establishes a new system of records. The Postal
Service has determined that Customer Privacy Act System of Records USPS
910.000 Identity and Document Verification Services, should be revised
to extend the availability of identity verification services to
government agencies.
I. Background
The Postal Service seeks to expand their ability to provide
identification verification services to other government agencies. The
Postal Service will therefore leverage its existing
[[Page 20507]]
identity verification processes and controls, combined with existing
and new identity validation documents, to further support government
agencies in preventing and detecting fraud, increasing security, and
providing stronger validation efforts as they fulfill their obligations
to the American people.
II. Rationale for Changes to USPS Privacy Act Systems of Records
The Postal Service will modify USPS 910.000 Identity and Document
Verification Services as follows in order to expand its services:
[cir] One new purpose, 22.
[cir] One new Category of Records, 13.
III. Description of the Modified System of Records
Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to
submit written data, views, or arguments on this proposal. A report of
the proposed revisions to this SOR has been sent to Congress and to the
Office of Management and Budget for their evaluations. The Postal
Service does not expect this modified system of records to have any
adverse effect on individual privacy rights. Accordingly, for the
reasons stated above, the Postal Service proposes revisions to this
system of records. SOR 910.000 Identity and Document Verification is
provided below in its entirety.
SYSTEM NAME AND NUMBER:
USPS 910.000, Identity and Document Verification Services.
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
USPS Marketing, Headquarters; Integrated Business Solutions
Services Centers; and contractor sites.
SYSTEM MANAGER(S):
Chief Information Officer and Executive Vice President, United
States Postal Service, 475 L'Enfant Plaza SW, Washington, DC 20260-
1500.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
39 U.S.C. 401, 403, 404, and 411.
PURPOSE(S) OF THE SYSTEM:
1. To provide services related to identity and document
verification services.
2. To issue and manage public key certificates, user registration,
email addresses, and/or electronic postmarks.
3. To provide secure mailing services.
4. To protect business and personal communications.
5. To enhance personal identity and privacy protections.
6. To improve the customer experience and facilitate the provision
of accurate and reliable delivery information.
7. To identify, prevent, or mitigate the effects of fraudulent
transactions.
8. To support other Federal Government Agencies by providing
authorized services.
9. To ensure the quality and integrity of records.
10. To enhance the customer experience by improving the security of
Change-of-Address (COA) and Hold Mail processes, along with other
products, services and features that require identity proofing and
document verification.
11. To protect USPS customers from becoming potential victims of
mail fraud and identity theft.
12. To identify and mitigate potential fraud in the COA and Hold
Mail processes, along with other products, services and features that
require identity proofing and document verification.
13. To verify a customer's identity when applying for COA and Hold
Mail services, along with other products, services and features that
require identity proofing and document verification.
14. To provide an audit trail for COA and Hold Mail requests
(linked to the identity of the submitter).
15. To enhance remote identity proofing with a Phone Verification
and One-Time Passcode solution.
16. To enhance remote identity proofing, improve fraud detection
and customer's ability to complete identity proofing online with a
Device Reputation Remote Identity Verification solution.
17. To verify a customer's Identity using methods and Identity
Proofing standards that voluntarily align with NIST Special Publication
800.63 and support other Federal Agency partner security requirements.
18. To enhance In-Person identity proofing, improve Identity
Document fraud detection and enable a customer to successfully complete
identity proofing activities required for access to Postal Service
products, services and features.
19. To enhance In-Person identity proofing, improve Identity
Document fraud detection and enable a customer to successfully complete
identity proofing activities as required by partnering Federal Agencies
to authorize or allow individual customer access to a privilege,
system, or role.
20. To facilitate the In-Person enrollment process for the Informed
Delivery[supreg] feature.
21. To provide customers with the option to voluntarily scan the
barcode on the back of government issued IDs to capture name and
address information that will be used to confirm eligibility and
prefill information collected during the In-Person Informed Delivery
enrollment process.
22. To provide identity verification documents to United States
government agencies and third parties, with customer consent, for
validation and security.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
1. Customers who apply for identity and document verification
services.
2. Customers who may require identity verification for Postal
products, services and features.
3. USPS customers who sign-up, register or enroll to participate as
users in programs, request features, or obtain products and/or services
that require document or identity verification.
4. Individual applicants and users that require identity
verification or document verification services furnished by the Postal
Service in cooperation with other Government agencies.
CATEGORIES OF RECORDS IN THE SYSTEM:
1. Customer information: Name, address, customer ID(s), telephone
number, text message number and carrier, mail and email address, date
of birth, place of birth, company name, title, role, and employment
status.
2. Customer preference information: Preferred means of contact.
3. Authorized User Information: Names and contact information of
users who are authorized to have access to data.
4. Verification and payment information: Credit or debit card
information or other account number, government issued ID type and
number, verification question and answer, and payment confirmation
code. (Note: Social Security Number and credit or debit card
information may be collected, but not stored, in order to verify ID.)
5. Biometric information: Fingerprint, photograph, height, weight,
and iris scans. (Note: Information may be collected, secured, and
returned to customer or third parties at the request of the customer,
but not stored.)
6. Digital certificate information: Customer's public key(s),
certificate serial numbers, distinguished name, effective dates of
authorized certificates, certificate algorithm, date of revocation or
expiration of certificate, and USPS-authorized digital signature.
[[Page 20508]]
7. Online user information: Device identification, device
reputation risk and confidence scores.
8. Transaction information: Clerk signature; transaction type, date
and time, location, source of transaction; product use and inquiries;
Change of Address (COA) and Hold Mail transactional data.
9. Electronic information: Information related to encrypted or
hashed documents.
10. Recipient information: Electronic signature ID, electronic
signature image, electronic signature expiration date, and timestamp.
11. In-Person Proofing and Enhanced Identity Verification
Attributes: Contents of Valid Identification (ID) Documents; High
resolution images of front and back of ID documents, bar code on ID
Document and the content of displayed and encoded fields on ID
documents that may be collected and stored in order to facilitate
security validation and Identity Proofing of an applicant, participant
or customer's ID; Facial Image; Name, Address, and Unique ID Document
number; Birthdate, Eye Color, Height and Weight; Signature; Organ
donation preference.
12. Strong ID Documents used for In-Person Identity Proofing: Photo
ID, unique ID Number and the name of the Individual being identified;
Passports, Passport cards; State ID Cards, State Driver's Licenses:
Uniformed Service ID's, and Government ID documents.
13. Fair ID Documents used for In-Person Identity Proofing:
Residential Lease, Real Estate Deed of Trust, Voter Registration Card,
Vehicle Registration Card, Home Insurance Policy Documents, Vehicle
Insurance Policy Documents.
RECORD SOURCE CATEGORIES:
Individual Customers, Users, Participants and Applicants.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
Standard routine uses 1. through 7., 10., and 11. apply.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Automated databases, computer storage media, and paper.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
By customer name, customer ID(s), distinguished name, certificate
serial number, receipt number, transaction date, and email addresses.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
1. Records related to Pending Public Key Certificate Application
Files are added as received to an electronic database, moved to the
authorized certificate file when they are updated with the required
data, and records not updated within 90 days from the date of receipt
are destroyed.
2. Records related to the Public Key Certificate Directory are
retained in an electronic database, are consistently updated, and
records are destroyed as they are superseded or deleted.
3. Records related to the Authorized Public Key Certificate Master
File are retained in an electronic database for the life of the
authorized certificate.
4. When the certificate is revoked, it is moved to the certificate
revocation file.
5. The Public Key Certificate Revocation List is cut off at the end
of each calendar year and records are retained 30 years from the date
of cutoff. Records may be retained longer with customer consent or
request.
6. Other records in this system are retained 7 years, unless
retained longer by request of the customer.
7. Records related to electronic signatures are retained in an
electronic database for 3 years.
8. Other categories of records are retained for a period of up to
30 days.
9. Driver's License data will be retained for 5 years.
10. COA and Hold Mail transactional data will be retained for 5
years.
11. Records related to Phone Verification/One-Time Passcode and
Device Reputation assessment will be retained for 7 years.
12. Records collected for Identity Proofing at the Identity
Assurance Level 2 (IAL-2), including ID document images, Identity
Verification Attributes, and associated data will be retained up to 5
years, or as stipulated within Interagency Agreements (IAAs) with
partnering Federal Agencies. Records existing on paper are destroyed by
burning, pulping, or shredding. Records existing on computer storage
media are destroyed according to the applicable USPS media sanitization
practice.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Paper records, computers, and computer storage media are located in
controlled-access areas under supervision of program personnel. Access
to these areas is limited to authorized personnel, who must be
identified with a badge.
Access to records is limited to individuals who need the
information to perform their job and whose official duties require such
access.
Contractors and licensees are subject to contract controls and
unannounced on-site audits and inspections.
Computers are protected by mechanical locks, card key systems, or
other physical access control methods. The use of computer systems is
regulated with installed security software, computer logon
identifications, and operating system controls including access
controls, terminal and transaction logging, and file management
software.
Key pairs are protected against cryptanalysis by encrypting the
private key and by using a shared secret algorithm to protect the
encryption key, and the certificate authority key is stored in a
separate, tamperproof, hardware device. Activities are audited, and
archived information is protected from corruption, deletion, and
modification. For authentication services and electronic postmark,
electronic data is transmitted via secure socket layer (SSL) encryption
to a secured data center. Computer media are stored within a secured,
locked room within the facility. Access to the database is limited to
the system administrator, database administrator, and designated
support personnel. Paper forms are stored within a secured area within
locked cabinets.
RECORD ACCESS PROCEDURES:
Requests for access must be made in accordance with the
Notification Procedure above and USPS Privacy Act regulations regarding
access to records and verification of identity under 39 CFR 266.5.
CONTESTING RECORD PROCEDURES:
See Notification Procedure and Record Access Procedures above.
NOTIFICATION PROCEDURES:
Customers wanting to know if other information about them is
maintained in this system of records must address inquiries in writing
to the system manager. Inquiries must contain name, address, email, and
other identifying information.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
December 15, 2021; 86 FR 71294; March 16, 2020, 85 FR 14982;
December 13, 2018, 83 FR 64164; December 22, 2017, 82 FR 60776; August
29, 2014, 79
[[Page 20509]]
FR 51627; October 24, 2011, 76 FR 65756; April 29, 2005, 70 FR 22516.
Christopher Doyle,
Attorney, Ethics and Compliance.
[FR Doc. 2024-06108 Filed 3-21-24; 8:45 am]
BILLING CODE 7710-12-P
