[Federal Register Volume 81, Number 237 (Friday, December 9, 2016)]
[Notices]
[Pages 89157-89159]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-29476]
-----------------------------------------------------------------------
POSTAL SERVICE
Privacy Act of 1974; System of Records
AGENCY: Postal Service[supreg].
ACTION: Notice of establishment of new system of records; response to
comments; establishment of new implementation date.
-----------------------------------------------------------------------
SUMMARY: The United States Postal Service[supreg] (Postal Service) is
responding to public comments regarding the establishment of a new
Customer Privacy Act System of Records (SOR) to support the Informed
DeliveryTM service. After its review and evaluation of such
comments, the Postal Service has found that no substantive changes to
the proposed system were necessary, and determined that implementation
of the system should proceed.
DATES: Originally scheduled for September 26, 2016, the implementation
of this SOR was delayed in its entirety until further notice to allow
for the consideration of public comments pursuant to a notice published
on October 3, 2016. After a review these comments, the Postal Service
has determined that no substantive changes to the SOR are required, and
that the implementation of the system should proceed, effective
December 9, 2016.
FOR FURTHER INFORMATION CONTACT: Janine Castorina, Chief Privacy
Officer, Privacy and Records Office, United States Postal Service, 475
L'Enfant Plaza SW., Room 1P830, Washington, DC 20260-0004, telephone
202-268-3069, or [email protected].
SUPPLEMENTARY INFORMATION: On August 25, 2016, the Postal Service
published notice of its intent to establish a new system of records to
support an expansion of its Informed DeliveryTM service (81
FR 58542). (Informed Delivery is a digital service that allows enrolled
users to receive an email notification that contains grayscale images
of the outside of their letter-sized mailpieces processed by USPS
automation equipment prior to delivery. This service is offered at no
cost to the consumer.)
In response to this notice, we received comments that generally
supported the concept of the new SOR, but expressed desire for more
specific information regarding the types of data to be collected by the
system, and the potential uses (or abuses) of that information. On
October 3, 2016, the Postal Service published a further notice
suspending the implementation date of the new SOR to allow
consideration of these matters (81 FR 68067).
[[Page 89158]]
The Postal Service has now completed its review of the comments
received, and has concluded that the SOR, as proposed, would not permit
the improper disclosure of records identifying a particular individual
in violation of the Privacy Act. Accordingly, we believe it is
appropriate to proceed with the implementation of the SOR.
Our responses to the comments received, as grouped and categorized
for convenience, are as follows.
Question 1: Does the Informed Delivery Service constitute a
surveillance mechanism that allows tracking at granular detail?
Answer: No. Informed Delivery is intended solely as a value-added
service for USPS customers, making physical mail more convenient and
accessible to consumers in a digital age. Informed Delivery gives
residential consumers the ability to see a daily preview of the letter-
sized mailpieces that will be arriving in their mailbox soon. Informed
Delivery is not a surveillance system. It does provide senders of mail
with insight into mail recipient interaction with digital pieces. When
a digital mailpiece is opened or clicked, an event is collected by the
Postal Service. Those event-rates are aggregated and sent to the sender
of the mailpiece so that the mailer can provide more relevant mail to
customers. Individual event-rates are not shared.
Question 2: Who are the third parties who will receive data from
the Informed Delivery service?
Answer: The mailer that sent the mailpiece will receive aggregated
information as to whether the Informed Delivery customer opened the
email containing that particular mail item. The mail image is not a
part of the aggregated information provided. A customer's individual
use of the Informed Delivery service will not be shared with mailers.
Aggregated data assists the Postal Service to provide better service
and content to its customers, along with assisting mailers to provide
better products for customers.
Question 3: What data will be collected?
Answer: The Postal Service collects eight categories of records.
1. Customer information: Name; customer ID; physical mailing
address and corresponding 11-digit delivery point ZIP Code; phone
number; email address; text message number and carrier.
2. Customer account preferences: Individual customer preferences
related to email and online communication participation level for USPS
and marketing information.
3. Customer feedback: Information submitted by customers related to
Informed Delivery notification service or any other Postal product or
service.
4. Subscription information: Date of customer sign-up for services
through an opt-in process; date customer opts-out of services; nature
of service provided.
5. Data on mailpieces: Destination address of mailpiece;
Intelligent Mail barcode (IMb); 11-digit delivery point ZIP Code;
delivery status; and identification number assigned to equipment used
to process mailpiece.
6. Mail Images: Electronic files containing images of mail pieces
captured during normal mail processing operations.
7. User Data associated with 11-digit ZIP Codes: Information
related to the user's interaction with Informed Delivery email
messages, including, but not limited to email open and click-through
rates, dates, times, and open rates appended to mailpiece images (user
data is not associated with personally identifiable information).
8. Data on Mailings: Intelligent Mail barcode (IMb) and its
components including the Mailer Identifier (Mailer ID or MID), Service
Type Identifier (STID) and Serial Number.
Question 4: How long are data maintained?
Answer: There are eight categories of records, as described in
response to Question No. 3. The Postal Service has three retention
periods, associated with the eight record categories. The three
retention periods are associated with the mailpiece images, records
within the subscription database and user data and are addressed as
follows:
1. The images of mailpieces (data category 6 listed in response to
Question No. 3) are maintained within customers' accounts for seven
days.
2. The Postal Service maintains records within the subscription
database (data categories 1, 2, 3, 4, 5, and 8 listed in response to
Question No. 3) the individual's email addresses, customer ID, and 11-
digit ZIP Code, for customers who have signed up for Informed Delivery
until cancellation or opting-out of the Informed Delivery service, when
the data is deleted.
3. The user data (data category 7 listed in response to Question
No. 3) is maintained for two years and eleven months.
Question 5: Will there be a link that takes the mail customer to a
third-party Web site?
Answer: There will not be a link or Quick Response (QR) code that
takes the recipient directly from the image of their mail to a third-
party Web site, but notifications could include ride-along images, or
interactive content might be included in a hyperlink that takes a user
to a third-party Web site.
Question 6: Explain the tracking that is associated with the
Informed Delivery service.
Answer: USPS monitors if and when a user opens an Informed Delivery
email and click-through rates on interactive content, as well as dates,
times and open rates appended to mailpiece images. Data is aggregated
from the 11-digit ZIP Code down to the 5-digit ZIP Code. USPS provides
this aggregated data to the sender of the mailpiece. Neither personal
nor personally identifiable data are transmitted to the mailers.
Moreover, the aggregated data are shared only with the sender of the
particular mailpiece and not with other mailers.
Question 7: Will other marketing information be contained within
the emails provided by the Informed Delivery service?
Answer: Informed Delivery email notifications could include
interactive or clickable content, which could include ride-along images
or a hyperlink related to the mailpiece from the sender of the
mailpiece. The email notification could also include a USPS banner
advertisement. No other marketing will be contained within the email
provided by the Informed Delivery service.
Question 8: Will the Postal Service's privacy policy be available
in conjunction with the Informed Delivery service and will it disclose
associated tracking and sharing?
Answer: The Postal Service terms and conditions for the Informed
Delivery service are included on the My USPS app. A link to the Postal
Service's privacy policy is provided on the Postal Service's Web site.
Moreover, a Privacy Act Notice will be provided before customers sign
up for the Informed Delivery service. This Privacy Act Notice will
disclose all tracking and sharing associated with the Informed Delivery
service.
Question 9: Can users be allowed to opt-out of the tracking and
sharing associated with the Informed Delivery service, while still
receiving the benefit of the service?
Answer: No. The Informed Delivery service is a voluntary, value-
added service provided to Postal Service customers. By agreeing to sign
up for Informed Delivery, a customer is agreeing to the terms and
conditions of Informed Delivery, which includes the provision that the
Postal Service will provide the sender of a mail item with
[[Page 89159]]
aggregated user data. If a customer is not comfortable with the terms
and conditions of Informed Delivery, he or she may choose not to
subscribe or may unsubscribe at any time.
Question 10: Will the Informed Delivery service create phishing
opportunities?
Answer: All emails originate from a Postal Service address and are
branded with official USPS graphics, images, logos, etc. All legitimate
USPS Informed Delivery emails will include an unsubscribe option. While
there is always the possibility--as there is with any email from any
source--that some phishers may attempt to take advantage, the Postal
Service protects its brand and unbranded items should be recognizable
as spam. Moreover, the Postal Service takes cybersecurity seriously and
will safeguard all of its products to the best of its ability.
Question 11: Is the Informed Delivery service available for
businesses, corporations and other government agencies that do not have
11-digit Zip Codes?
Answer: The Informed Delivery service is available only for
residential customers with unique 11-digit ZIP Codes.
Question 12: Who can sign up for the Informed Delivery service?
Answer: Each customer in a household over the age of 18 may enroll
in the Informed Delivery service. The Postal Service uses various
methods to verify identities including internal data and data provided
by third parties, such as the requirement of opening a usps.com
account, to eliminate those under the age of 18 from enrolling in the
Informed Delivery service. Because all interested consumers must
successfully complete online or in person address verification to
confirm that they live at the address to be enrolled in the Informed
Delivery service, the Postal Service is confident that it has measures
in place to protect customers interested in the Informed Delivery
service. The Informed Delivery service allows recipients to get an
advanced view of the outside of a mailpiece. In that respect, it is no
different than household members viewing that same mailpiece in the
household mailbox.
Question 13: Is the 11-Digit ZIP Code or a Mail Image Personally
Identifiable Information?
Answer: The Privacy Act does not permit the disclosure of a record,
within a system of records, except pursuant to certain exceptions.
Under the Privacy Act, records include information that contains a
name, identifying number, symbol or something else that identifies a
particular individual. Neither the mail image nor the 11-digit ZIP Code
classify as records under the Privacy Act.
The mail image is not a record under the Privacy Act because the
mail images are just images. The printed information on the mailpiece
is not stored with the image. Only the image is stored and as such, it
is not associated with any other information that would cause it to be
personally identifiable. The Postal Service does not examine, or allow
others to examine, mailpiece images unless a customer specifically
requests an investigation into something related to the delivery of
that mailpiece.
The 11-digit ZIP Code is not a record under the Privacy Act because
it includes address information for a physical location,\1\ without
personal identifiers or recipient information, and is not associated
with any particular individual. This is evidenced by the 37 million
mail forwarding and change-of-address requests the Postal Service
receives yearly. Address locations change and are not unique
identifiers in and of themselves.
---------------------------------------------------------------------------
\1\ The 11-digit ZIP Code contains the ZIP+4 Code, which is a
nine-digit number, the first five of which represent the 5-digit ZIP
Code or postal district/zone; the sixth and seventh digits identify
a sector; the eighth and ninth digits identify a smaller area known
as a segment. Together, the final four digits identify geographic
units such as a side of a street between intersections, both sides
of a street between intersections, a building, a floor or group of
floors in a building, a firm within a building, a span of boxes on a
rural route, or a group of Post Office boxes to which a single
Postal Service employee makes delivery. The last two digits of an
11-digit ZIP Code are the Delivery Point Code that allows ordering
of mail in preparation for delivery.
---------------------------------------------------------------------------
Question 14: Application of Routine Use 10.
Answer: The Informed Delivery service System of Records aligns with
the System of Records used for Customer Registration because Customer
Registration is the vehicle under which customers enroll in the
Informed Delivery service. As a result, the Routine Uses must align in
order for the systems to operate transparently.
Question 15: Application of Routine Use 11.
Answer: The Informed Delivery service System of Records aligns with
the System of Records used for Customer Registration because Customer
Registration is the vehicle under which customers enroll in the
Informed Delivery service. As a result, the Routine Uses must align in
order for the systems to operate transparently.
Stanley F. Mires,
Attorney, Federal Compliance.
[FR Doc. 2016-29476 Filed 12-8-16; 8:45 am]
BILLING CODE 7710-12-P