[Federal Register Volume 76, Number 238 (Monday, December 12, 2011)]
[Rules and Regulations]
[Pages 77149-77150]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2011-31726]


-----------------------------------------------------------------------

POSTAL SERVICE

39 CFR Part 501


Authority To Manufacture and Distribute Postage Evidencing 
Systems

AGENCY: Postal Service\TM\.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: This rule clarifies the responsibility of the providers of 
Postage Evidencing Systems (PES) to safeguard customer information and 
maintain regulatory controls over agents operating third-party 
locations at domestic or international (off shore) facilities.

DATES: This rule is effective January 11, 2012.

ADDRESSES: Mail or deliver written comments to the Manager, Payment 
Technology, U.S. Postal Service, 475 L'Enfant Plaza SW., Room 3660, 
Washington, DC 20260-0911. Copies of all written comments will be 
available for inspection and photocopying between 9 a.m. and 4 p.m., 
Monday through Friday, at the Payment Technology office.

FOR FURTHER INFORMATION CONTACT: Hank Heren, Business Programs 
Specialist, Payment Technology, U.S. Postal Service, at (309) 671-8926.

SUPPLEMENTARY INFORMATION: This final rule is intended to assure that 
the same general rules apply to third-party organizations as apply to 
the PES providers. The PES providers must ensure that any third party 
acting on their behalf performing any function maintains the same 
facilities, records, and procedures to safeguard the security of the 
PES.

List of Subjects in 39 CFR Part 501

    Postal Service.

    Accordingly, for the reasons stated, 39 CFR part 501 is amended as 
follows:

PART 501--AUTHORIZATION TO MANUFACTURE AND DISTRIBUTE POSTAGE 
EVIDENCING SYSTEMS

0
1. The authority citation for 39 CFR part 501 continues to read as 
follows:

    Authority: 5 U.S.C. 552(a); 39 U.S.C. 101, 401, 403, 404, 410, 
2601, 2605, Inspector General Act of 1978, as amended (Pub. L. 95-
452, as amended); 5 U.S.C. App. 3.


0
2. Section 501.3 is amended by revising paragraph (d) and adding 
paragraph (e) as follows:


Sec.  501.3  Postage Evidencing System provider qualification.

* * * * *
    (d) As the provider bears the ultimate responsibility to ensure 
customer information will not be compromised at any domestic or off 
shore locations, the provider (as well as its agent operating domestic 
or off shore locations) will not cause or permit data to be released 
other than for the operation of the third-party location. The provider 
shall notify its customer that data relating to its systems is being 
housed by a third-party location, and shall provide a copy thereof to 
the Postal Service of such notice to its customers. To the extent that 
any unauthorized release takes

[[Page 77150]]

place, the vendor shall notify the Postal Service immediately upon 
discovery of any unauthorized use or disclosure of data or any other 
breach or improper disclosure of data of this agreement by the provider 
(as well as its agent operating the third-party location) and will 
cooperate with the Postal Service in every reasonable way to help the 
Postal Service regain possession of the data and prevent its further 
unauthorized use or disclosure. In the event that the Postal Service 
cannot regain possession of the data or prevent its further 
unauthorized use or disclosure, the provider shall indemnify the Postal 
Service from damages resulting from its (or such third-party) actions.
    (e) Have, or establish, and keep under its active supervision and 
control adequate facilities for the control, distribution, and 
maintenance of PES and their replacement or secure disposal or 
destruction when necessary and appropriate.

Stanley F. Mires,
Attorney, Legal Policy & Legislative Advice.
[FR Doc. 2011-31726 Filed 12-9-11; 8:45 am]
BILLING CODE 7710-12-P