[Federal Register Volume 69, Number 33 (Thursday, February 19, 2004)]
[Pages 7806-7808]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 04-3496]



Privacy Act of 1974, System of Records

AGENCY: Postal Service.

ACTION: Notice of modification to an existing system of records.


SUMMARY: This document publishes notice of modification to Privacy Act 
System of Records USPS 150.030, Records and Information Management 
Records--Computer Logon ID Records, 150.030. The proposed modification 
reflects changes to the system name, system location, categories of 
individuals covered by the system, categories of records in the system, 
purpose, storage, retrievability, safeguards, retention and disposal, 
system manager(s) and address, notification procedures, and records 
source categories.

DATES: Any interested party may submit written comments on the proposed 
modification. This proposal will become effective without further 
notice on March 30, 2004, unless comments received on or before that 
date result in a contrary determination.

ADDRESSES: Written comments on this proposal should be mailed or 
delivered to the Records Office, United States Postal Service, 475 
L'Enfant Plaza, SW., Room 5846, Washington, DC 20260-5825. Copies of 
all written comments will be available at the above address for public 
inspection and photocopying between 8 a.m. and 4 p.m., Monday through 

FOR FURTHER INFORMATION CONTACT: Rowena Dufford at (202) 268-2608.

SUPPLEMENTARY INFORMATION: The Postal ServiceTM is proposing 
to modify system of records, USPS 150.030, Records and Information 
Management Records--Computer Logon ID Records. The system contains 
identifying information about users who request access to Postal 
Service computers and information resources and the access rights 
authorized or denied, including the computer logon ID assigned to those 
users and the level of access granted to them. The computer logon ID is 
a code that identifies an individual as an authorized user, programmer, 
or operator of a computer system for use in conducting Postal Service 
business. This system of records is being modified to include an 
automated method of requesting, authorizing, denying, and/or revoking 
user access to Postal Service computers and information resources.
    Automating computer access will enable the Postal Service to more 
effectively and securely manage access to computers and information 
resources. The paper process will be phased out over time as Postal 
Service systems and computer users are registered in the automated 
    The automated method provides for the request, review, approval, 
and tracking of computer system access for Postal Service computer 
systems users nationwide and enables online access request generation 
in lieu of completing hard copies of PS Form 1357, Request for Computer 
Access, and IS Form 1357-A, Request for Inspection Service Computer ID. 
Hard copy forms will continue to be used for access to Postal Service 
computers and information resources not managed electronically. 
Eventually, user access for all Postal Service computers and 
information resources will be automated, and hard copy forms will no 
longer be generated. Hard copy forms will continue to be retained in a 
secure environment at various Postal Service facilities for 1 year 
after access privileges are cancelled and then destroyed by shredding. 
Future developments may allow the Postal Service to scan and store the 
hard copy forms in an electronic format.
    Under the automated method, a unique identifier (UID) is provided 
for each user, to be used throughout his or her Postal Service career 
or other involvement with the Postal Service as a logon ID for 
computers and information resources. User profiles contain summary 
information about all access authorizations, including both of the 
    [sbull] A complete view of all authorizations for a given user 
based on

[[Page 7807]]

multiple access request submissions over a period of time.
    [sbull] The status of access transactions in the authorization and 
approval process.
    Information from the user profile is used to formulate computer 
access requirements and assignments. Access assignments are used to 
protect against unauthorized access to Postal Service computer data and 
resources. Approval authorities are responsible for maintaining the 
currency of information in the user profile. Approved electronic 
requests are stored in a centralized, secure operating environment, 
updated as corresponding access requests are superceded or cancelled, 
and are deleted 1 year after access is cancelled.
    The Postal Service does not expect modification of this system to 
have any effect on individual privacy rights. The amendment does not 
change the kinds of personal information about employees that are 
collected and maintained. Other information maintained about the 
individual relates to his or her official duty status and level of 
access permitted. Protection of the privacy interests of individuals 
covered by the system will be enhanced by eliminating much of the hard 
copy storage and the security of the automated system.
    Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to 
submit written data, views, or arguments on the proposed part of this 
notice. A report of the proposed system change has been sent to 
Congress and to the Office of Management and Budget for their 
    Privacy Act System of Records USPS 150.030 was last published in 
its entirety in the Federal Register on October 10, 1990 (55 FR 41282-
41283) and was amended on February 23, 1999 (64 FR 8876-8892). The 
Postal Service proposes amending the system as shown below:
USPS 150.030

System Name:

    Computer Access Records, 150.030.
* * * * *

System Location:

    All Postal Service facilities; Information System Service Centers; 
Accounting Service Centers; Inspection Service facilities; and 
contractor sites.
* * * * *

Categories of Individuals Covered by the System:

    Individuals who have access to Postal Service computers and 
information resources, including Postal Service employees, contractor 
employees, and non-Postal Service individuals.
* * * * *

Categories of Records in the System: [CHANGE TO READ:]

    This system contains identifying information about computer users 
and the corresponding authorizing managers such as name; logon ID; 
employee identification number, unique identifier, and/or Social 
Security number; work-related information such as job title, BA Code, 
finance number, and work telephone number and address; the 
application(s) that the user may access; and the level(s) of access 
granted. Additionally, the system contains information related to 
contractors such as verification of status of contractor employee, 
screening, and/or security clearances.
* * * * *

    To ensure access to data and/or files of computer systems is 
limited to authorized individuals through the use of computer security 
access control systems. Used by computer security officers in 
maintaining access controls, and by postal inspectors and authorized 
personnel in monitoring compliance with access rules. The logon IDs are 
also used as a positive user identifier in resolving access problems by 
* * * * *

Policies and Practices for Storing, Retrieving, Accessing, Retaining, 
and Disposing of Records in the System:
    Automated databases, computer storage media, and paper.
* * * * *

    Name, logon ID, employee ID, and unique identifier.
* * * * *

    Paper records, computers, and computer storage tapes and disks are 
maintained in controlled-access areas or under general supervision of 
program personnel. Computers are protected by a cipher lock system, 
card key system, or other physical access control methods. Computer 
systems and electronic records are also protected with security 
software and operating system controls, including logon and password 
identifications, firewalls, terminal and use identifications, and file 
management. Online data transmissions are protected by encryption. 
Access to these records is limited to authorized personnel. Contractors 
must provide similar protection subject to a security compliance review 
by the Postal Inspection Service.
* * * * *

Retention and Disposal:
    Paper records are retained for 1 year after computer access 
privileges are cancelled and then destroyed by shredding. Electronic 
records are updated as corresponding access requests are superceded or 
cancelled, and are deleted 1 year after access is cancelled.
* * * * *

System Manager(s) and Address:
* * * * *

Notification Procedure:
    Individuals wishing to know whether information about them is 
maintained in this system of records should address inquiries 
containing full name and logon ID, employee identification number, 
unique identifier and/or Social Security number to the following:
    For hard copy PS Form 1357, Request for Computer Access: 
Individuals assigned to Headquarters should submit requests to the 
Manager, Headquarters Computing Infrastructure Services, 475 L'Enfant 
Plaza, SW, Washington, DC 20260.
    Individuals assigned to other facilities should submit requests to 
the head of the facility that manages the information systems.
    For electronic records to access Postal Service computers: Address 
requests to the Manager, Information Security Services, 4200 Wake 
Forest Rd., Raleigh, NC 27668-9500.
    For U.S. Inspection Service computer access records: Address 
requests to the Inspector in Charge, Information Technology Division, 
2111 Wilson

[[Page 7808]]

Blvd., Suite 500, Arlington, VA 22201-3036
* * * * *

Records Source Categories:
    Individuals requesting and/or approving access to Postal Service 
computers or information resources and Postal Service personnel charged 
with information systems security responsibilities.
* * * * *

Neva Watson,
[FR Doc. 04-3496 Filed 2-18-04; 8:45 am]