[Federal Register Volume 69, Number 134 (Wednesday, July 14, 2004)]
[Notices]
[Pages 42221-42226]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 04-15855]
=======================================================================
-----------------------------------------------------------------------
POSTAL SERVICE
Privacy Act of 1974, System of Records
AGENCY: Postal Service.
ACTION: Notice of new system of records.
-----------------------------------------------------------------------
SUMMARY: The Postal Service proposes a new Privacy Act system of
records. The system of records will apply to a name and address
directory that the Postal Service plans to license from a commercial
source, in order to improve the proper barcoding and delivery of mail.
DATES: Any interested party may submit written comments on the proposed
system of records. This proposal will become effective without further
notice on August 23, 2004, unless comments received on or before that
date result in a contrary determination.
ADDRESSES: Please address your comments to the Privacy Office, United
States Postal Service, 475 L' Enfant Plaza, SW, Room 10433, Washington,
DC 20260-2200. Copies of all written comments will be available at this
address for public inspection and photocopying between 8 a.m. and 4
p.m., Monday through Friday.
FOR FURTHER INFORMATION CONTACT: Privacy Office, United States Postal
Service, Room 10433, Washington, DC 20260-2200. Phone: 202-268-5959.
SUPPLEMENTARY INFORMATION:
Introduction
This document publishes notice of a new system of records for the
Postal Service, USPS 500.100, Address Matching for Mail Processing. The
new system of records supports a Postal Service program, called the
Distribution Quality Improvement (DQI) Program, which will use a
commercially available name and address directory to improve mail
processing. The purpose of the DQI program is to increase the ability
of the Postal Service to barcode mail properly in order to ensure
delivery to the intended address. The Postal Service plans to pilot
test the program in New York State from September 2004 to Spring 2005,
then, if successful, deploy the program nationally in or after May
2005.
Described below are: (I) The need for and benefits of the DQI
program; (II) how the pilot test and national deployment will be
conducted; and (III) the extensive privacy and security controls that
have been put in place, including how the directory will and will not
be used. The Postal Service does not anticipate adverse effects on the
privacy rights of customers resulting from operation of the DQI
program.
I. Rationale for the DQI Program
Background--Privacy and Technology
Mail has always been one of the most valuable, effective, and
trusted means of communication. For more than two centuries, the
mission of the Postal Service has been the prompt, reliable, and
efficient delivery of personal and business mail to all communities in
the nation. As the delivery network has developed and expanded, the
Postal Service has continuously adapted every major innovation in
technology, transportation, and communication to provide enhanced
service to its customers. From the early transportation improvements
provided by railway Post Offices, to today's technology applications
such as USPS.com, the Postal Service has a long history of pursuing
continual improvements to the speed, accuracy, and certainty of mail
delivery.
Today, the Postal Service delivers more than 200 billion pieces of
mail each year to more than 140 million addresses, serving every
household and business in the country. Every year, approximately 1.9
million addresses--equivalent in size to the city of Chicago--are added
to the delivery network. In order to accomplish its mission of
universal service, the Postal Service operates some of the most complex
systems and equipment ever developed. The Postal Service delivers more
mail to more locations, and at a lower price, than any other post or
delivery network in the world.
The privacy and security of mail are also at the core of the Postal
Service brand. Over the course of its history, the Postal Service has
built a trusted brand with the public. New technology and processes
continue to be developed that bring added value and customer service to
the network. As always, the Postal Service will only use technology, or
adapt that technology, in a way that ensures that the privacy and
security of the mail and its customers are maintained at the highest
levels. The current proposal is no exception. The Postal Service has
carefully analyzed the need, usage, and benefits of the DQI program,
while establishing procedures that would properly address privacy and
security needs.
Mail Processing--USPS Databases, Barcodes, and Finest Depth-of-Sort
(FDOS)
In order to ensure that the billions of mailpieces it processes are
delivered accurately, promptly, and cost effectively, the Postal
Service has developed a sophisticated network and state-of-the-art
systems to process mail. This section describes the information the
Postal Service uses, including databases, ZIP CodesTM , and
barcodes. The next section describes mail processing systems, including
automation equipment.
To facilitate accurate delivery, the Postal Service maintains a
database of addresses known as the USPS Address Management System
(AMS). AMS contains valid addresses that receive postal delivery. For
each address, the AMS database includes the following elements: carrier
number; ZIP Code; city and state; street name; primary address (such as
house number); and secondary address information (such as apartment or
suite number), if applicable. Names of large firms are included. Names
of individuals are not included, except for
[[Page 42222]]
the names of certain customers on rural routes to assist the letter
carrier with delivery. AMS was developed in the early 1980s by Postal
Service personnel based on the creation and assignment of ZIP+4[reg]
codes. Postal Service personnel continue to update AMS today, based on
new delivery information.
As first developed and as used today, AMS supports mail processing
by enabling the Postal Service to barcode mail that does not have a
barcode printed on it by the mailer. The mail can then be processed on
automated sorting equipment rather than by manual or mechanized
operations. Automation improves the efficiency, accuracy, and
timeliness of mail processing and delivery.
The process works as follows: To ensure that mail contains a valid
address for delivery, the automation equipment first reads the address
on the piece and matches it to the AMS database. The equipment then
generates and prints a barcode on the mailpiece which contains the ZIP
Code associated with that address. The ZIP Code printed may be 5, 9, or
11 digits, as described below, depending on the level of match to AMS.
The goal is to print the most complete ZIP Code, a code known as the
finest depth of sort (FDOS). The FDOS ZIP Code is a code that
represents the most specific delivery point available for a particular
address. Examples are a single house or an apartment/suite in a
building. When coded to FDOS, mail can be sorted without any manual
intervention directly into the sequence in which a letter carrier
delivers mail (known as a walk sequence).
The Postal Service assigns ZIP Codes as follows. The familiar 5-
digit ZIP Code describes a geographical area, such as a small town or
section of a larger town. The ZIP+4 code, a 9-digit ZIP Code, describes
a much more specific location, often a particular block on a street of
single family houses, or a particular apartment building in a more
densely populated area. The Postal Service also uses an 11-digit code,
which adds two more digits of specificity. FDOS is generally 11 digits,
but can be 9 digits (in the case of reply mail for certain businesses)
or very rarely 5 digits, where a very large mail recipient has its own
unique ZIP Code. Buildings that contain multiple deliveries are
typically assigned a 9 digit code. If the mailpiece being processed
contains sufficient information, such as an apartment number, the
Postal Service is able to match the piece against AMS and print an 11
digit FDOS ZIP Code to the specific address. If the mailpiece has
missing or incorrect elements, the 11 digit barcode printed on the
piece will simply include a default value for the building, so it is
not coded to FDOS.
Without a match to AMS that allows an FDOS ZIP Code, the Postal
Service cannot be certain of the exact address for delivery. Minor
discrepancies, such as a single missing, mistaken, or illegible
character, can modify the address enough to prevent FDOS matching. As
described below, the Postal Service then has to take significant
additional steps to handle the mailpiece, and there is a greater
likelihood the mail will be delayed or not delivered to the intended
address.
Mail Processing--Automation Equipment, Address Recognition Systems, and
Manual Processing
Described below is an overview of the systems used to process
letters. Particular focus is given to address recognition systems,
where the DQI program will be implemented.
Each year, the Postal Service processes more than 147 billion
letters. These mailpieces enter the postal system in one of two ways.
Approximately 102 billion pieces come in through acceptance units from
business mailers, and are typically presorted and/or barcoded. This
mail is sorted on automation equipment known as barcode sorters, and
does not require processing on address recognition systems. The
remainder, approximately 45 billion pieces, enters through collection
systems such as collection boxes and local Post OfficesTM.
Some of this mail is barcoded to 5, 9, or 11 digits; some of it is not
barcoded at all. This mail is processed on address recognition systems,
as follows:
1. When collection letter mail is processed, automation equipment
sends an image of the mailpiece to a recognition system known as a
remote computer reader (RCR). RCR is a completely computer-based system
that requires no human intervention to perform address matching. Pieces
already barcoded are sent to the barcode sorters. For nonbarcoded
pieces, the RCR system attempts to match the address in the image to an
address in the AMS database. If it completes a match to a sufficient
level of confidence, a barcode is printed on the mailpiece, and the
piece is routed using the barcode. If RCR cannot match the address, the
image is sent offsite to a recognition system known as a Remote
Encoding Center (REC).
2. At REC sites, employees review the image and key in information
from the mailpiece in an attempt to match the address to AMS. If the
address is matched, a barcode is printed on the mailpiece, and the
piece is processed using the barcode. If there is no match, the piece
must be sorted manually.
3. Manual processing is conducted at several places and levels,
including originating and destinating Postal Service facilities, as the
Postal Service tries to route the mailpiece for delivery to the
intended address. Employees performing manual processing use various
sources to recognize the address on the mailpiece. These sources can
include internal information, such as derivations of AMS, as well as
external information including phone books and maps. From these
sources, the mailpiece is sorted to the best estimate of the correct
letter carrier route. The letter carrier will then attempt further
sorting and delivery. If the address cannot be recognized as one of the
carrier's delivery addresses, it will go through further processing to
find the right address. If all efforts are unsuccessful, the mailpiece
is determined to be undeliverable as addressed. Undeliverable mail is
reviewed for final processing, either to be forwarded, returned to the
sender, or discarded, depending on the class of mail and level of
service requested by the mailer.
4. Once barcoded, mail is sorted through automation into the walk
sequence used by letter carriers to complete their routes. If processed
manually, the letter carrier sorts the mail into the walk sequence at
the local delivery facility. Through either process, when carriers
identify errors based on their personal knowledge, they attempt to
reroute the mailpiece to the correct address.
Each additional step in address recognition increases the time,
resources, and costs required for delivery, and the possibility that
the mail will not be delivered correctly.
The Problem: Remaining Barriers To Further Recognition Improvements
Since the Postal Service introduced address recognition systems in
the 1980s, their performance has continuously improved. For example,
the ability of RCRs to read and match addresses has improved
dramatically. From 1996 to 2004, RCR performance has improved from 35%
to 90%. This has reduced the need for REC image processing from a peak
of 24 billion to around 6 billion images per year. The error rate,
where mail is coded improperly, has also been reduced.
To date, the Postal Service has focused on improvements that could
be accomplished by technology, such as improvements in reading
characters in the address. The Postal Service has been very successful
in these efforts, but is now nearing the limits of technological
[[Page 42223]]
improvements. Some addresses can never be matched by existing systems,
even if the address is read perfectly, because there are problems with
address elements on the mailpiece. Address elements commonly include
street names, street directionals (e.g., N, S, E, or W), house numbers,
or secondary numbers (such as an apartment or suite number). Problem
addressing can include addresses with missing, incomplete, or incorrect
address elements, or address elements that are illegible. Other
problems include address inserts that are misaligned with the
envelope's window, so that parts of the address elements are hidden.
Even a single missing or incorrect address element can prevent the
Postal Service from recognizing the correct address, with potential
resulting delays, misdeliveries, or nondeliveries. Some of these
problems with address elements cannot be corrected by technology alone.
Without the use of additional information, such as the name in the
address block on the mailpiece, the Postal Service is unable to confirm
the correct address for delivery.
II. The Pilot Test and National Deployment
The goal of the Postal Service in implementing the Distribution
Quality Improvement (DQI) program is to improve its ability to barcode
mail that is not already barcoded by the mailer, and deliver it to the
correct address. The Postal Service plans to pilot test the program in
New York. The purpose of the test is to evaluate the level of
improvement achieved through the DQI program. If the test is
successful, the program will be deployed nationally. Described below
are how the pilot test will be conducted (including pilot sites),
estimated benefits, and national deployment.
How the Pilot Test Will Be Conducted
To conduct the pilot test, the Postal Service will license a name
and address directory from a commercial vendor. The directory will be a
commercial directory that is currently available in the marketplace.
The vendor will serve as a subcontractor to an existing Postal Service
contractor tasked in part to help improve recognition rates. Neither
the Postal Service nor its contractor will own the commercial
directory.
The commercial directory will be maintained in a secure location,
at a contractor site during the pilot test, and at a Postal Service
site during any national deployment. At this maintenance site, before
the directory is deployed to the field, every address in the directory
will be compared with the AMS database. Using AMS to screen the
directory before activation ensures that only valid addresses will be
used and that the directory will be compatible with postal operations
and mail processing. In order to assure accuracy, this process will be
repeated on a weekly basis to conform to the most recent AMS database.
The removal of invalid addresses will be the only result of this
procedure--no additions or any other modification will be made to the
directory used in the DQI program. Also, no data in the AMS database or
other Postal Service databases will be modified in any way through use
of the commercial directory.
After this screening, the commercial directory will be installed on
RCR systems in field processing centers. Once installed, software on
the RCR system will perform the following steps:
1. RCR first compares the address from the mailpiece with the AMS
database, looking for a match to FDOS coding. If there is an FDOS match
to a sufficient level of confidence, the mail will be processed without
use of the commercial directory.
2. If unable to perform such a match, RCR will use the commercial
directory to try to find the right address. RCR will use the results of
the insufficient AMS match to retrieve a set of potential name(s) and
delivery points from the commercial name and address databases. RCR
then compares the names with the name on the mailpiece, seeking a
match.
3. If the name and address on the mailpiece match a name and FDOS
address from the commercial directory to a sufficient level of
confidence, then the address verification process is complete.
Thereafter, the process is the same as without the directory. An FDOS
barcode is generated and applied using the identical processes for mail
coded by RCR.
4. If a match is not found with the commercial directory, the
result from the initial AMS match will be used, and the mailpiece will
be processed using existing systems without DQI.
The following is a hypothetical example of how the DQI program will
work: Mr. John Doe lives at 123 Main Street S. There is also a 123 Main
Street N in that city. The Postal Service receives a nonbarcoded
mailpiece addressed to Mr. John Doe, 123 Main Street. When the piece is
processed against AMS, the Postal Service cannot tell whether the right
address is 123 Main Street North or South. Under current processes, the
Postal Service will attempt to discover the right address through other
internal or external tools, or through personal knowledge of letter
carriers, and there is a risk the piece may be routed or delivered
incorrectly. With the DQI program, when the AMS match fails to produce
an FDOS result, the Postal Service can confirm a Mr. John Doe lives at
123 Main Street S, and can barcode and deliver the piece to that
address.
The sole purpose of the use of names in the DQI program is to
confirm delivery to the correct address. The DQI program and directory
will not be used for any purpose other than improving the barcoding of
mail that is not being recognized to an FDOS ZIP Code by existing
systems. DQI will not modify any written or printed address information
on the mailpiece. No changes will be made to the AMS database or any
other Postal Service database as a result of this process, nor will any
information be provided back to the commercial vendor or directory,
including which addresses have been removed.
Pilot Test--Scope of DQI Program and Test Sites
The pilot test of the DQI program will apply to mail that is
processed by postal stations serving New York State. The commercial
directory will contain only the names and addresses of individuals and
firms residing in New York. The directory will be installed on an RCR
system in a processing plant in Manhattan. Mail originating from the
processing plant and destinating in the State of New York will be
subject to DQI processing. During the pilot test, the only mail
eligible for the DQI program will be mailpieces with machine-printed
addresses.
New York was chosen because of the size and complexity of the New
York City area. The New York City area is not only one of the largest
in the United States, but also one of the most densely populated, with
a population of more than 7.4 million people and a total area over 300
square miles. It typifies areas that experience a higher rate of
mailpieces with unrecognized addresses. Greater rates of unrecognized
addresses are found in urban areas with densely populated high-rise
apartments, concentrations of small business firms, street names with
numeric or single characters, and street names with directionals (e.g.,
N, S, E, or W).
Projected Benefits of the DQI Program
The goal of the Postal Service is to deliver mail accurately and
securely to a specific address. For mail that is not barcoded, the
Postal Service attempts to recognize and barcode the mail so it gets to
the right address as efficiently as
[[Page 42224]]
possible. The DQI program is expected to improve the rate and accuracy
of barcoding of this mail, where there are problems with the address.
This will enhance the certainty, timeliness, and accuracy of mail
delivery. More mail will be recognized and barcoded to a specific
intended address, which increases the certainty and speed of delivery.
The volume of mail that is coded incorrectly should also be reduced.
This mail may otherwise have been misdelivered unless the letter
carrier corrects the error from personal knowledge.
In 2003, the Postal Service processed more than 45 billion letters
through its address recognition systems. With the DQI program, the
Postal Service expects to properly code at least a billion more
mailpieces than it can under current processes, as well as reduce the
rate of miscoding.
Proper barcoding increases the certainty that mail will be
delivered to the correct and intended address. This decreases the
likelihood of misdelivered mail, which protects the privacy of Postal
Service customers. By developing and implementing substantial
safeguards, the Postal Service seeks to improve mail delivery and
privacy for its customers, while minimizing privacy risks or
vulnerabilities.
National Deployment
The pilot test is planned to start in September 2004 and conclude
in the Spring of 2005. The Postal Service will thoroughly analyze
results from the pilot test for operational accuracy and performance
improvements. The test will be considered successful if it raises the
encoding rate while reducing the error rate. If the expected
improvements are achieved, the Postal Service plans to deploy the DQI
program in other regions or nationally in or after May 2005.
If the pilot is successful, national deployment will occur in
several stages. First, the program will become national in scope. The
directory licensed will include names and addresses of firms and
individuals throughout the country, and will be deployed to RCRs
nationally. Second, DQI will be expanded from letters to other types of
mail, including flats and parcels, so the directory will be installed
on recognition equipment for those mail types. Third, the directory may
be used on more levels of recognition equipment, not just the initial
readers. An example is deployment at the Remote Encoding Centers. As
deployment proceeds, the Postal Service will carefully evaluate the
success of each stage, and will monitor privacy and system safeguards.
III. Privacy Act System of Records--Safeguards for the DQI Program
The Postal Service has established a comprehensive system of
safeguards to protect the privacy and security of the DQI Program and
commercial directory. The following describes key aspects of the
Privacy Act system, including controls and limitations over the
directory, security controls and safeguards, and limitations on
external disclosures. The notice of the system of records covers both
the pilot test and any national deployment.
Controls and Limitations for the Commercial Directory
The commercial directory will be used only for the purposes
described in this notice and not for any other purpose. The directory
will only be used to properly recognize and code mail if it cannot be
successfully recognized to FDOS by existing systems.
The Postal Service has limited the type of information that will be
licensed from the commercial source to the minimum necessary to achieve
its operational goals. The only information contained in the commercial
directory are the names and addresses of individuals and businesses.
The Postal Service has established strict controls to limit how
data will be compared or shared between the commercial directory and
Postal Service systems. There will be limited interfaces between the
directory and Postal Service databases. At the maintenance site, the
directory will be matched against the AMS database to remove invalid
addresses before deployment. During mail processing, mailpieces will be
matched against the directory if the match to AMS is less than to FDOS.
No data will be exchanged as a result of these comparisons. The
directory will not be used for updating AMS or any other Postal Service
database. Likewise, no name or address information from any Postal
Service database, including information about items removed from the
directory, will be provided back to the commercial directory or vendor.
Security Controls and Safeguards
The Postal Service will implement the DQI program in a secure
fashion. The commercial vendor will supply the directory to the
contractor during the pilot test, and to the Postal Service during any
national deployment, where it will be kept in a secure maintenance
facility. Access to information in the directory will be limited to the
following circumstances and purposes: At the maintenance facility, the
Postal Service or contractor will access the directory to remove non-
AMS data as described above, as well as to allow the Postal Service to
respond to requests by individuals for access to information maintained
about them as required by the Privacy Act. The Postal Service will also
access the directory in its Engineering Headquarters facility in order
to test the success of the program. The maintenance and engineering
facilities are the only two locations where information contained in
the directory can be accessed by Postal Service or contractor
employees.
When the directory is distributed to Postal Service field sites,
both name and address information will be encrypted. There will be no
ability to view, query, or modify records in the directory. At all
times, the directory will be stored in a separate file from Postal
Service databases. In addition, the directory's name information will
be stored in a separate file from its address information.
The directory will only operate on secure systems. Electronic
transmissions of updates to the directory will be protected by
encryption and secure access authorization codes.
To keep information current as well as secure, the Postal Service
will receive an updated commercial directory periodically, no less
frequently than every 90 days. The Postal Service will match the
directory against the AMS database every week to remove invalid
addresses. The Postal Service will maintain two versions of the
directory representing 2 weeks of data--the directory for the current
week, and the directory for the prior week. Every week, when the next
directory is created, the Postal Service will destroy the older version
in accordance with its information security policies. The policies
require degaussing for computer tapes, using zero-bit formatting for
computer hard drives, and physically destroying floppy disks, CDs, and
DVD data disks. After these procedures are conducted, previous versions
will not be retained in any form.
Disclosures
The Postal Service does not anticipate adverse privacy effects
resulting from Postal Service disclosures of information from the
commercial directory. First, such information is commercially
available. Any entity can obtain information contained in the directory
from the commercial source. Second, the Postal Service has limited the
external disclosures, or routine uses, of information from the
directory.
For this system of records, the Postal Service will only employ
seven of the
[[Page 42225]]
nine standard routine uses that it has issued for systems of records
containing customer information. These customer systems and routine
uses were published in the Federal Register on December 16, 2002 (67 FR
77088-77090). The seven routine uses that apply to this system relate
to the following: (1) Disclosure incident to legal proceedings; (2)
disclosure to agents, contractors, and partners; (3) disclosure to
auditors; (4) disclosure for customer service purposes; (5) disclosures
related to congressional inquiries; (6) disclosure to labor
organizations; and (7) disclosure for law enforcement purposes. The
Postal Service may only disclose information from the directory to
appropriate law enforcement agencies if there are suspected illegal
activities against the Postal Service, or as required by law. The
standard routine uses that will not apply concern disclosures related
to financial transactions, and disclosures to government agencies
relating to personnel or contractor matters.
The Postal Service has also added a special routine use for this
system. The routine use applies when a mailpiece containing a barcode
applied using the commercial directory is returned to the mailer. This
may occur if the mailpiece is still not delivered to an address after
all Postal Service efforts have been exhausted--for instance, if the
person does not live at that address--and the mailer is entitled to
return service because the mailpiece was sent First-Class Mail[reg] or
the mailer otherwise paid for return service. If the mailer has access
to the Postal Service ZIP+4 database and is familiar with Postal
Service rules and algorithms for FDOS coding, the mailer may be able to
determine the specific FDOS ZIP Code from the barcode. The Postal
Service ZIP+4 database and rules for coding are available to mailers
for a fee. ZIP Code information, including ZIP+4 codes and FDOS ZIP
Codes for houses, is also available as part of the ZIP Code lookup Web
site available on USPS.com, but only on a specific query basis, not as
a database.
The Postal Service considers that disclosure of a barcode that
contains a ZIP Code for an address may not be a disclosure under the
Privacy Act. However, in the interests of full notice and transparency,
the Postal Service is issuing a routine use to account for this
occurrence. The Postal Service considers this an appropriate routine
use because the Postal Service must honor return service requests.
Moreover, the Postal Service considers the value of the information to
be minimal in this circumstance, and the likelihood of such decoding to
be remote. The information, which is a specific address, not name, is
likely to be incorrect, since the mailpiece could not be delivered as
addressed. Also, the mailer would need to train personnel to identify
DQI mailpieces, and set up processes or equipment to conduct the
algorithms needed to extract the address from the barcode. These
processes are not technically practical, and are likely more costly
than purchasing the same information directly from one of several
available commercial sources.
Notice of Use of Information From a Third-Party Source
The system of records described by this notice entails a third-
party source, as the Postal Service has determined that obtaining this
information directly from the subject individuals is not practical.
However, the information collected from the third-party source for this
system shall in no case result in any adverse determination to
individuals. The Postal Service will ensure that the third-party source
is informed of the purposes for which the name and address records will
be used. This is consistent with OMB Guidelines and Privacy Protection
Study Commission recommendations related to 5 U.S.C. 552a (e)(3).
Summary
The Postal Service seeks to improve the accuracy and certainty of
mail delivery. The Postal Service has developed a very sophisticated
network and equipment to accomplish this result. Based on its extensive
experience, the Postal Service considers that use of a commercially
available name and address database, such as proposed for the DQI
program, is the best method to achieve higher barcoding rates and more
certain delivery. The Postal Service proposes use of the directory for
this sole purpose, and has established effective safeguards to protect
the information and prevent any other use.
USPS 500.100
System Name:
Address Matching for Mail Processing.
System Location:
Computer Operations Service Center; Engineering; Processing and
Distribution Centers; and contractor site(s).
Categories of Individuals Covered by the System:
USPS customers, including individual and business customers.
Categories of Records in the System:
Names and mailing addresses of individuals and businesses.
Authority for Maintenance of the System:
39 U.S.C. 401, 403, 404.
PURPOSE:
To improve the speed, accuracy, and certainty of mail delivery.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
The standard routine uses for customer-related systems apply,
except that routine uses 3 and 6 do not apply. The following additional
routine use also applies:
A mailpiece containing a barcode that is encoded with the address,
but not name, of a customer derived from this system may be disclosed
to a mailer if the Postal Service is unable to deliver the mailpiece,
and returns it to the mailer as part of a requested return service.
Policies and Practices for Storing, Retrieving, Accessing, Retaining,
and Disposing of Records in the System:
Storage:
Automated databases, electronic and computer storage media, with
names and addresses stored separately.
Retrievability:
Retrieval is accomplished by a computer-based system, using one or
more of the following elements: name, ZIP Code(s), street name, primary
number, secondary number, delivery point, and/or carrier route
identification.
SAFEGUARDS:
The name and address database will be obtained from a commercial
vendor under strict contract and security controls. The database will
be maintained separately from Postal Service databases. Name data and
address data within the commercial database will also be stored
separate from each other. In field deployment, name and address data
will be stored in an encrypted fashion. The database will not be
commingled with any agency records or databases, and will not be used
to update any agency record or database. No information will be
provided from the Postal Service into the commercial database or back
to the vendor.
The database will only operate on secure systems. Electronic
transmissions of records are protected by encryption and access
authorization codes. Records are kept on computers in controlled-access
areas, with access limited to
[[Page 42226]]
authorized personnel. Computers are protected by a cipher lock system,
card key system, or other physical access control methods. The use of
computer systems is regulated with installed security software,
computer logon identifications, and operating system controls including
access controls, terminal and use identifications, and file management.
Contractors are subject to contract controls regarding security, as
well as security compliance reviews by the Postal Service and Postal
Inspection Service.
Retention and Disposal:
The database will be maintained until 90 days after termination of
the contract or program, and then destroyed. During contract
performance, the database will be replaced by the vendor in its
entirety no less frequently than every 90 days. To destroy the replaced
version, the Postal Service will employ sanitization procedures that
will ensure the complete destruction of information as specified by its
information security policies.
System Manager(s) and Address:
Senior Vice President for Operations, United States Postal Service,
475 L'Enfant, Plaza, SW., Washington, DC 20260.
Notification Procedure:
Customers wanting to know if information about them is kept in this
system of records should address inquiries in writing to the Manager,
Image Recognition Processing, 8403 Lee Highway, Merrifield VA 22082.
Record Access Procedures:
Requests for access must be made in accordance with the
Notification Procedure above and the Postal Service Privacy Act
regulations regarding access to records and verification of identity
under 39 CFR 266.6.
Contesting Record Procedures:
See Notification Procedure and Record Access Procedures above.
Record Source Categories:
Commercially available source of names and mailing addresses.
Neva Watson,
Attorney, Legislative.
[FR Doc. 04-15855 Filed 7-13-04; 8:45 am]
BILLING CODE 7710-12-P