[Federal Register Volume 85, Number 241 (Tuesday, December 15, 2020)]
[Notices]
[Pages 81224-81225]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-27514]


=======================================================================
-----------------------------------------------------------------------

POSTAL SERVICE


Modified System of Records

AGENCY: Postal Service.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: The United States Postal Service[supreg] (Postal Service) is 
proposing to modify a Customer Privacy Act System of Records (SOR) to 
enhance an ongoing initiative to identify, prevent and mitigate 
potentially fraudulent activity within the Change-of-Address and Hold 
Mail processes.

DATES: These revisions will become effective without further notice on 
January 14, 2021, unless, in response to comments received on or before 
that date result in a contrary determination.

ADDRESSES: Comments may be submitted via email to the Privacy and 
Records Management Office, United States Postal Service Headquarters 
([email protected]). To facilitate public inspection, arrangements to 
view copies of any written comments received will be made upon request.

FOR FURTHER INFORMATION CONTACT: Janine Castorina, Chief Privacy and 
Records Management Officer, Privacy and Records Management Office, 202-
268-3069 or [email protected].

SUPPLEMENTARY INFORMATION: This notice is in accordance with the 
Privacy Act requirement that agencies publish their systems of records 
in the Federal Register when there is a revision, change, or addition, 
or when the agency establishes a new system of records. The Postal 
Service is proposing revisions to an existing system of records (SOR) 
to support and enhance the Address Mapping Directory initiative, 
previously referred to as the Address Matching Database initiative. 
USPS SOR 800.050, was implemented on January 4, 2019, to facilitate the 
detection and prevention of fraudulent Change-of-Address and Hold Mail 
service requests.

I. Background

    In a continuing effort to enhance the security of mailing and 
shipping services, the Postal Service utilizes an Address Mapping 
Directory to identify, prevent and mitigate potentially fraudulent 
activity within the Change-of-Address and Hold Mail processes. With the 
exception of Change-of-Address requests subject to protective court 
orders, the Address Mapping Directory initiative sends an email 
notification to customers who submit a Change-of-Address request or a 
Hold Mail request. The Address Mapping Directory initiative enhances 
the confidentiality and privacy of mail and package delivery services 
by improving the security of both the Change-of-Address and Hold Mail 
processes. The Address Mapping Directory also protects Postal Service 
customers from becoming potential victims of mail fraud and identity 
theft. Other policies that ensure the security and confidentiality of 
personal information are described below in the Safeguards section of 
this SOR.

II. Rationale for Changes to USPS Privacy Act Systems of Records

    The Postal Service currently maintains the Address Mapping 
Directory (AMD), previously referred to as the Address Matching 
Database, to detect and prevent potential fraud for Change-of-Address 
(COA) and Hold Mail service requests, through address mapping 
comparisons and cross-checks between multiple Postal Service customer 
systems. In order to enhance the accuracy and functionality of address 
mapping comparisons and cross-checks, the Postal Service is proposing 
to modify SOR 800.050 Address Matching for Mail Fraud Detection and 
Prevention, to revise the System Name, include customer names, options 
selected for type of move by customers, and online user information in 
the Categories of Records, to reduce retention time for records, and to 
provide a more descriptive version of

[[Page 81225]]

existing purpose 5, to promote transparency.

III. Description of the Modified System of Records

    Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to 
submit written data, views, or arguments on this proposal. A report of 
the proposed revisions to this SOR has been sent to Congress and to the 
Office of Management and Budget for their evaluations. The Postal 
Service does not expect this modified system of records to have any 
adverse effect on individual privacy rights. Accordingly, for the 
reasons stated above, the Postal Service proposes revisions to this 
system of records as follows:

SYSTEM NAME AND NUMBER:
    USPS 800.050, Address Mapping Directory for Mail Fraud Detection 
and Prevention.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    USPS National Customer Support Center (NCSC) and USPS IT Eagan Host 
Computing Services Center.

SYSTEM MANAGER(S) AND ADDRESS:
    Vice President, Product Innovation, United States Postal Service, 
475 L'Enfant Plaza SW, Washington, DC 20260.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    18 U.S.C. 1341, 1343 and 3061; 39 U.S.C. 401, 403, 404, 3003 and 
3005.

PURPOSE(S):
    1. To enhance the customer experience by improving the security of 
Change-of-Address (COA) and Hold Mail processes.
    2. To protect USPS customers from becoming potential victims of 
mail fraud and identity theft.
    3. To identify and mitigate potential fraud in the COA and Hold 
Mail processes.
    4. To verify a customer's identity when applying for COA and Hold 
Mail services.
    5. To facilitate mail fraud detection and prevention for COA and 
Hold Mail service requests through address mapping comparisons and 
cross-checks between multiple USPS customer systems.
    6. To facilitate the provision of accurate and reliable mail and 
package delivery services.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Customers requesting Change-of-Address mail forwarding services or 
Hold Mail services.

CATEGORIES OF RECORDS IN THE SYSTEM:
    1. Customer information: For Change-of-Address requests, customer 
name(s), including first name, middle name or initial, last name and 
suffix, old and new address, email address(es), options selected for 
type of move (individual, family, or business) and (permanent), 
telephone numbers and device identification; for Hold Mail requests, 
customer name(s), including first name, middle name or initial, last 
name and suffix, address, email address(es), and telephone numbers.
    2. Online user information: Device identification, internet 
Protocol (IP) address.

RECORD SOURCE CATEGORIES:
    Individual customers requesting Change-of-Address, mail forwarding, 
or Hold Mail services and other USPS Products, Services and features 
from USPS customer systems.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Standard routine uses 1. through 7, 10 and 11. apply.

STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN 
THE SYSTEM:
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Automated databases.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Retrieval is accomplished by a computer-based system, using one or 
more of the following elements: By customer name(s), ZIP Code(s), 
address, telephone number, email address, device identification and/or 
IP address.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    COA and Hold Mail records are retained in an electronic database 
for 5 years from the effective date.
    Electronic records existing on computer storage media are destroyed 
according to the applicable USPS media sanitization practice.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Electronic records, computers, and computer storage media are 
located in controlled-access areas under supervision of program 
personnel. Access to records is limited to individuals whose official 
duties require such access. Contractors and licensees are subject to 
contract controls and unannounced on-site audits and inspections.
    Computers are protected by mechanical locks, card key systems, or 
other physical access control methods. The use of computer systems is 
regulated with installed security software, computer logon 
identifications, and operating system controls including access 
controls, terminal and transaction logging, and file management 
software.
    Online data transmission and storage is protected by encryption, 
dedicated lines, and authorized access codes.

RECORD ACCESS PROCEDURES:
    Requests for access must be made in accordance with the 
Notification Procedure above and the USPS Privacy Act regulations 
regarding access to records and verification of identity under 39 CFR 
266.5.

CONTESTING RECORD PROCEDURES:
    See Notification Procedure and Record Access Procedures above.

NOTIFICATION PROCEDURES:
    Customers wanting to know if information about them is maintained 
in this system of records must address inquiries in writing to the 
system manager. Inquiries must contain name, address, email, and other 
identifying information.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    December 4, 2018, 83 FR 62631.
* * * * *

Joshua J. Hofer,
Attorney, Federal Compliance.
[FR Doc. 2020-27514 Filed 12-14-20; 8:45 am]
BILLING CODE 7710-12-P