[Federal Register Volume 73, Number 90 (Thursday, May 8, 2008)]
[Notices]
[Pages 26155-26158]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E8-10183]



[[Page 26155]]

=======================================================================
-----------------------------------------------------------------------

POSTAL SERVICE


Privacy Act of 1974; System of Records

AGENCY: Postal Service.TM

ACTION: Notice of modifications to three existing systems of records.

-----------------------------------------------------------------------

SUMMARY: The Postal Service proposes to revise the following existing 
systems of records titled, ``USPS 810.100, http://www.usps.com 
Registration,'' ``USPS 810.200, http://www.usps.com Ordering, Payment 
and Fulfillment,'' and ``USPS 860.000, Financial Transactions.'' The 
modifications clarify user information in Categories of Records in the 
System, Purpose, Retention and Disposal and Systems Manager(s).
    Background: The Postal Service's commitment to universal service is 
based on a foundation of providing secure products and services to 
postal customers. As a trusted organization, the Postal Service faces a 
variety of security challenges which require investigative, preventive, 
and security responses.
    The Postal Service works collaboratively with internal and external 
groups to ensure new postal products and services are secure, thus 
maintaining customers' confidence in the mail and satisfying their 
personal and business needs.
    This includes providing postal customers with secure access to 
products and services in all channels. As online access to retail 
products and services has grown, new types of fraudulent activities 
have emerged to challenge the security of online transactions.
    The Postal Service has responded by developing fraud prevention 
initiatives designed to protect the security of financial transactions 
on usps.com. These initiatives include enhanced capabilities for 
ensuring the accuracy and security of credit card transactions 
conducted by national and international customers on usps.com. 
Modifications to the systems of records will be reflected in the 
Categories of Records in the System as it relates to business-specific 
and user information, purpose, and retention and disposal of online 
user information.

DATES: The revisions will become effective without further notice on 
June 9, 2008 unless comments received on or before that date result in 
a contrary determination.

ADDRESSES: Comments may be mailed or delivered to the Records Office, 
United States Postal Service, 475 L'Enfant Plaza, SW., Room 5821, 
Washington, DC 20260-2200. Copies of all written comments will be 
available at this address for public inspection and photocopying 
between 8 a.m. and 4 p.m., Monday through Friday.

FOR FURTHER INFORMATION CONTACT: Deborah D. Hubbard, 202-268-7119.

SUPPLEMENTARY INFORMATION: This notice is in accordance with the 
Privacy Act requirement that agencies publish their amended systems of 
records in the Federal Register when there is a revision, change, or 
addition. The Postal Service has reviewed its systems of records and 
has determined that USPS 810.100, http://www.usps.com Registration, 
should be revised to modify existing categories of records in the 
system, and retention and disposal of such records. Collection, 
retention, and disposal of user information will be added to enhance 
the understanding and fulfillment of customer needs and for ensuring 
the security of registration transactions conducted on usps.com.
    In addition, the Postal Service has reviewed its systems of records 
and has determined that USPS 810.200, http://www.usps.com Ordering, 
Payment and Fulfillment, should be revised to modify existing 
categories of records in the system, purpose, and retention and 
disposal of such records. Categories of records in the system will be 
revised to include online user information. The purpose of collection 
will be revised to support law enforcement investigations, and 
retention and disposal of this information will be added.
    The Postal Service has also determined that USPS 860.000, Financial 
Transactions, should be revised to include online user information 
within the categories of records in the system. The purpose of 
collection will be revised to support law enforcement investigations, 
and retention and disposal of this information will be added.
    Privacy Act Systems of Records USPS 810.100, USPS 810.200, and USPS 
860.000 were originally published in the Federal Register on April 29, 
2005 (70 FR 22548).
    The Postal Service proposes amending the systems as shown below:
USPS 810.100, http://www.usps.com Registration

CATEGORIES OF RECORDS IN THE SYSTEM AND RETENTION AND DISPOSAL:
    [Revise to read as follows:]
* * * * *
    Categories of Records in the System will be changed to read:
    7. Online user information: Internet Protocol (IP) address, domain 
name, operating system versions, browser version, date and time of 
connection, and geographic location.
    Retention and Disposal will be changed to read:
    4. Online user information may be retained for 6 months.
    Additionally, the System Manager(s) title has been changed to Chief 
Marketing Officer and Executive Vice President.
USPS 810.200, http://www.usps.com Ordering, Payment and Fulfillment

CATEGORIES OF RECORDS IN THE SYSTEM, PURPOSE, RETENTION AND DISPOSAL, 
AND SYSTEM MANAGER:
    [Revise to read as follows:]
* * * * *
    Categories of Records in the System will be changed to read:
    5. Online user information: Internet Protocol (IP) address, domain 
name, operating system version, browser version, date and time of 
connection, and geographic location.
    Purpose will be changed to read:
    5. To support investigations related to law enforcement for 
fraudulent financial transactions.
    Retention and Disposal will be changed to read:
    3. Online user information may be retained for 6 months.
    Additionally, the System Manager(s) and Address will reflect the 
following addition:
    Chief Financial Officer and Executive Vice President, 475 L'Enfant 
Plaza, SW., Washington, DC 20260.
    Also, the existing System Manager's title has been changed to Chief 
Marketing Officer and Executive Vice President.
USPS 860.000, Financial Transactions

CATEGORIES OF RECORDS IN THE SYSTEM, PURPOSE AND RETENTION AND DISPOSAL 
AND SYSTEM MANAGER:
    [Revise to read as follows:]
* * * * *
    Categories of Records in the System will be changed to read:
    7. Online user information: Internet Protocol (IP) address, domain 
name, operating system version, browser version, date and time of 
connection, and geographic location.
    Purpose will be changed to read:
    4. To support investigations related to law enforcement for 
fraudulent financial transactions.
    Retention and Disposal will be changed to read:
    8. Online user information may be retained for 6 months.
    Additionally, the System Manager(s) title has been changed to Chief

[[Page 26156]]

Marketing Officer and Executive Vice President.
* * * * *
USPS 810.100, http://www.usps.com Registration

System Location:
    Computer Operations Service Centers.

Categories of Individuals Covered by the System:
    Customers who register via the USPS Web site at http://www.usps.com.

Categories of Records in the System:
    1. Customer information: Name; customer ID(s); company name; job 
title and role; home, business, and billing address; home and business 
phone and fax number; e-mail; URL; and Automated Clearing House (ACH) 
information.
    2. Identity verification information: Question, answer, username, 
user ID, and password.
    3. Business-specific information: Business type and location, 
business IDs, annual revenue, number of employees, industry, nonprofit 
rate status, product usage information, annual and/or monthly shipping 
budget, payment method and information, planned use of product, and age 
of Web site.
    4. Customer preferences: Preferences to receive USPS marketing 
information, preferences to receive marketing information from USPS 
partners, preferred means of contact, preferred e-mail format, product 
and/or service marketing preference.
    5. Customer feedback: Method of referral to Web site.
    6. Registration information: Date of registration.
    7. Online user Information: Internet Protocol (IP) address, domain 
name, operating system versions, browser version, date and time of 
connection, and geographic location.

Authority for Maintenance of the System:
    39 U.S.C. 401, 403, and 404.

Purpose(s):
    1. To provide online registration with single sign on services for 
customers.
    2. To obtain accurate contact information in order to deliver 
requested products, services, and other material.
    3. To authenticate customer logon information for http://www.usps.com.
    4. To permit customer feedback in order to improve http://www.usps.com or USPS products and services.
    5. To enhance understanding and fulfillment of customer needs.

Routine Uses of Records in the System, Including Categories of Users 
and the Purposes of Such Uses:
    Standard routine uses 1 through 7, 10, and 11 apply.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, 
and Disposing of Records in the System:
Storage:
    Automated database, computer storage media, and paper.

Retrievability:
    By customer name, customer ID(s), phone number, or mail or e-mail 
address.

Safeguards:
    Paper records, computers, and computer storage media are located in 
controlled-access areas under supervision of program personnel. Access 
to these areas is limited to authorized personnel, who must be 
identified with a badge.
    Access to records is limited to individuals whose official duties 
require such access. Contractors and licensees are subject to contract 
controls and unannounced on-site audits and inspections.
    Computers are protected by mechanical locks, card key systems, or 
other physical access control methods. The use of computer systems is 
regulated with installed security software, computer logon 
identifications, and operating system controls including access 
controls, terminal and transaction logging, and file management 
software. Online data transmissions are protected by encryption.
    For small business registration, computer storage tapes and disks 
are maintained in controlled-access areas or under general scrutiny of 
program personnel. Access is controlled by logon ID and password as 
authorized by the Marketing organization via secure Web site. Online 
data transmissions are protected by encryption.

Retention and Disposal:
    1. ACH records are retained up to 2 years.
    2. Records stored in the registration database are retained until 
the customer cancels the profile record, 3 years after the customer 
last accesses records, or until the relationship ends.
    3. For small business registration, records are retained 5 years 
after the relationship ends.
    4. Online user information may be retained for 6 months.
    Records existing on paper are destroyed by burning, pulping, or 
shredding. Records existing on computer storage media are destroyed 
according to the applicable USPS media sanitization practice.

System Manager(s) and Address:
    Chief Marketing Officer and Executive Vice President, United States 
Postal Service, 475 L'Enfant Plaza SW., Washington, DC 20260.

Notification Procedure:
    Customers wanting to know if information about them is maintained 
in this system of records must address inquiries in writing to the 
system manager. Inquiries must contain name, address, and other 
identifying information.

Record Access Procedures:
    Requests for access must be made in accordance with the 
Notification Procedure above and USPS Privacy Act regulations regarding 
access to records and verification of identity under 39 CFR 266.6.

Contesting Record Procedures:
    See Notification Procedure and Record Access Procedures above.

Record Source Categories:
    Customers.
USPS 810.200, http://www.usps.com Ordering, Payment, and Fulfillment

System Location:
    Computer Operations Service Centers.

Categories of Individuals Covered by the System:
    Customers who place orders and/or make payment for USPS products 
and services through http://www.usps.com.

Categories of Records in the System:
    1. Customer information: Name, customer ID(s), phone and/or fax 
number, mail address and e-mail address.
    2. Payment information: Credit and/or debit card number, type, and 
expiration date, billing information, ACH information.
    3. Shipping and transaction information: Product and/or service ID 
numbers, descriptions, and prices; name and address(es) of recipients; 
order number and delivery status; electronic address lists; electronic 
documents or images; job number.
    4. Claims submitted for defective merchandise.
    5. Online user information: Internet Protocol (IP) address, domain 
name, operating system versions, browser version, date and time of 
connection, and geographic location.

[[Page 26157]]

Authority for Maintenance of the System:
    39 U.S.C. 401, 403, and 404.

Purpose(s):
    1. To fulfill orders for USPS products and services.
    2. To promote increased use of the mail by providing electronic 
document preparation and mailing services for customers.
    3. To provide shipping supplies and services, including return 
receipts and labels.
    4. To provide recurring ordering and payment services for products 
and services.
    5. To support investigations related to law enforcement for 
fraudulent financial transactions.

Routine Uses of Records in the System, Including Categories of Users 
and the Purposes of Such Uses:
    Standard routine uses 1 through 7, 10, and 11 apply. In addition:
    a. Customs declaration records may be disclosed to domestic and 
foreign customs officials pursuant to 19 U.S.C. 2071 (note) and 
international agreements or regulations.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, 
and Disposing of Records in the System:
Storage:
    Automated databases, computer storage media, and paper.

Retrievability:
    By customer name, customer ID(s), phone number, mail or e-mail 
address, or job number.

Safeguards:
    Paper records, computers, and computer storage media are located in 
controlled-access areas under supervision of program personnel. Access 
to these areas is limited to authorized personnel, who must be 
identified with a badge.
    Access to records is limited to individuals whose official duties 
require such access. Contractors and licensees are subject to contract 
controls and unannounced on-site audits and inspections.
    Computers are protected by mechanical locks, card key systems, or 
other physical access control methods. The use of computer systems is 
regulated with installed security software, computer logon 
identifications, and operating system controls including access 
controls, terminal and transaction logging, and file management 
software.
    Online data transmission is protected by encryption, dedicated 
lines, and authorized access codes. For shipping supplies, data is 
protected within a stand-alone system within a controlled-access 
facility.

Retention and Disposal:
    1. Records related to mailing online and online tracking and/or 
confirmation services supporting a customer order are retained for up 
to 30 days from completion of fulfillment of the order, unless retained 
longer by request of the customer. Records related to shipping services 
and domestic and international labels are retained up to 90 days. 
Delivery Confirmation and return receipt records are retained for 6 
months. Signature Confirmation records are retained for 1 year. ACH 
records are retained for up to 2 years.
    2. Other customer records are retained for 3 years after the 
customer relationship ends.
    3. Online user information may be retained for 6 months.
    Records existing on paper are destroyed by burning, pulping, or 
shredding. Records existing on computer storage media are destroyed 
according to the applicable USPS media sanitization practice.

System Manager(s) and Address:
    Chief Financial Officer and Executive Vice President, 475 L'Enfant 
Plaza, SW., Washington, DC 20260.
    Chief Marketing Officer and Executive Vice President, United States 
Postal Service, 475 L'Enfant Plaza SW., Washington, DC 20260.

Notification Procedure:
    Customers wanting to know if information about them is maintained 
in this system of records must address inquiries in writing to the 
system manager. Inquiries must contain name, address, customer ID(s), 
and order number, if known.

Record Access Procedures:
    Requests for access must be made in accordance with the 
Notification Procedure above and USPS Privacy Act regulations regarding 
access to records and verification of identity under 39 CFR 266.6.

Contesting Record Procedures:
    See Notification Procedure and Record Access Procedures above.

Record Source Categories:
    Customers.
USPS 860.000, Financial Transactions

System Location:
    USPS Headquarters; Integrated Business Solutions Services Centers; 
Accounting Service Centers; anti-money laundering support group; and 
contractor sites.

Categories of Individuals Covered by the System:
    1. Customers who use online payment or funds transfer services.
    2. Customers who file claims or make inquiries related to online 
payment services, funds transfers, money orders, and stored-value 
cards.
    3. Customers who purchase funds transfers or stored-value cards in 
an amount of $1000 or more per day, or money orders in an amount of 
$3000 or more per day, or who purchase or redeem any such services in a 
manner requiring collection of information as potential suspicious 
activities under anti-money laundering requirements. Recipients of 
funds transfers and the beneficiaries of funds from money orders 
totaling $10,000 in 1 day.

Categories of Records in the System:
    1. Customer information: Name, customer ID(s), mail and e-mail 
address, telephone number, occupation, type of business, and customer 
history.
    2. Identity verification information: Date of birth, username and/
or ID, password, Social Security Number (SSN) or tax ID number, and 
driver's license number (or other type of ID if driver's license is not 
available, such as Alien Registration Number, Passport Number, Military 
ID, Tax ID Number).

    (Note: For online payment services, SSNs are collected, but not 
retained, in order to verify ID.)

    3. Billers registered for online payment services: Biller name and 
contact information, bill detail, and bill summaries.
    4. Transaction information: Name, address, and phone number of 
purchaser, payee, and biller; amount, date, and location; credit and/or 
debit card number, type, and expiration; sales, refunds, and fees; type 
of service selected and status; sender and recipient bank account and 
routing number; bill detail and summaries; transaction number, serial 
number, and/or reference number or other identifying number, pay out 
agent name and address; type of payment, currency, and exchange rate; 
Post Office information such as location, phone number, and terminal; 
employee ID numbers, license number and state, and employee comments.
    5. Information to determine credit worthiness: Period at current 
residence, previous address, and period of time with same phone number.
    6. Information related to claims and inquiries: Name, address, 
phone number, signature, SSN, location where product was purchased, 
date of issue,

[[Page 26158]]

amount, serial number, and claim number.
    7. Online user information: Internet Protocol (IP) address, domain 
name, operating system versions, browser version, date and time of 
connection, and geographic location.

Authority for Maintenance of the System:
    39 U.S.C. 401, 403, and 404; 31 U.S.C. 5318, 5325, 5331, and 7701.

Purpose(s):
    1. To provide financial products and services.
    2. To respond to inquiries and claims related to financial products 
and services.
    3. To fulfill requirements of anti-money laundering statutes and 
regulations.
    4. To support investigations related to law enforcement for 
fraudulent financial transactions.

Routine Uses of Records in the System, Including Categories of Users 
and the Purposes of Such Uses:
    Standard routine uses 1 through 7, 10, and 11 apply. Legally 
required disclosures to agencies for law enforcement purposes include 
disclosures of information relating to money orders, funds transfers, 
and stored-value cards as required by anti-money laundering statutes 
and regulations.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, 
and Disposing of Records in the System:
Storage:
    Automated database, computer storage media, microfiche, and paper.

Retrievability:
    For online payment and funds transfer services, information is 
retrieved by customer name, customer ID(s), transaction number, or 
address.
    Claim information is retrieved by name of purchaser or payee, claim 
number, serial number, transaction number, check number, customer 
ID(s), or ZIP Code.
    Information related to anti-money laundering is retrieved by 
customer name; SSN; alien registration, passport, or driver's license 
number; serial number; transaction number; ZIP Code; transaction date; 
data entry operator number; and employee comments.

Safeguards:
    Paper records, computers, and computer storage media are located in 
controlled-access areas under supervision of program personnel. Access 
to these areas is limited to authorized personnel, who must be 
identified with a badge.
    Access to records is limited to individuals whose official duties 
require such access. Contractors and licensees are subject to contract 
controls and unannounced on-site audits and inspections.
    Computers are protected by mechanical locks, card key systems, or 
other physical access control methods. The use of computer systems is 
regulated with installed security software, computer logon 
identifications, and operating system controls including access 
controls, terminal and transaction logging, and file management 
software. Online data transmissions are protected by encryption.

Retention and Disposal:
    1. Summary records, including bill due date, bill amount, biller 
information, biller representation of account number, and the various 
status indicators, are retained 2 years from the date of processing.
    2. For funds transfers, transaction records are retained 3 years.
    3. Records related to claims are retained up to 3 years from date 
of final action on the claim.
    4. Forms related to fulfillment of anti-money laundering 
requirements are retained 5 years from the end of the calendar quarter 
in which they were created.
    5. Related automated records are retained the same 5-year period 
and purged from the system quarterly after the date of creation.
    6. Enrollment records related to online payment services are 
retained 7 years after the subscriber's account ceases to be active or 
the service is cancelled.
    7. Account banking records, including payment history, Demand 
Deposit Account (DDA) number, and routing number, are retained 7 years 
from the date of processing.
    8. Online user information may be retained for 6 months.
    Records existing on paper are destroyed by burning, pulping, or 
shredding.
    Records existing on computer storage media are destroyed according 
to the applicable USPS media sanitization practice.

System Manager(s) and Address:
    Chief Financial Officer and Executive Vice President, 475 L'Enfant 
Plaza, SW., Washington DC 20260.
    Chief Marketing Officer and Executive Vice President, United States 
Postal Service, 475 L'Enfant Plaza, SW., Washington, DC 20260.

Notification Procedure:
    For online payment services, funds transfers, and stored-value 
cards, individuals wanting to know if information about them is 
maintained in this system must address inquiries in writing to the 
Chief Marketing Officer. Inquiries must contain name, address, and 
other identifying information, as well as the transaction number for 
funds transfers.
    For money order claims and anti-money laundering documentation, 
inquiries should be addressed to the Chief Financial Officer. Inquiries 
must include name, address, or other identifying information of the 
purchaser (such as driver's license, Alien Registration Number, 
Passport Number, etc.), and serial or transaction number. Information 
collected for anti-money laundering purposes will only be provided in 
accordance with Federal anti-money laundering laws and regulations.

Record Access Procedures:
    Requests for access must be made in accordance with the 
Notification Procedure above and USPS Privacy Act regulations regarding 
access to records and verification of identity under 39 CFR 266.6.

Contesting Record Procedures:
    See Notification Procedure and Record Access Procedures above.

Record Source Categories:
    Customers, recipients, financial institutions, and USPS employees.

Systems Exempted From Certain Provisions of the Act:
    USPS has established regulations at 39 CFR 266.9 that exempt 
information contained in this system of records from various provisions 
of the Privacy Act in order to conform to the prohibition in the Bank 
Secrecy Act, 31 U.S.C. 5318(g)(2), against notification of the 
individual that a suspicious transaction has been reported.

Neva R. Watson,
Attorney, Legislative.
[FR Doc. E8-10183 Filed 5-7-08; 8:45 am]
BILLING CODE 7710-12-P