[Federal Register Volume 88, Number 66 (Thursday, April 6, 2023)]
[Notices]
[Pages 20564-20567]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-07138]


-----------------------------------------------------------------------

POSTAL SERVICE


Privacy Act of 1974; System of Records

AGENCY: Postal Service[supreg].

ACTION: Notice of modified systems of records.

-----------------------------------------------------------------------

SUMMARY: The United States Postal Service[supreg] (USPS) is proposing 
to revise two Customer Privacy Act Systems of Records (SORs). These 
modifications are being proposed to promote transparency and to support 
the administration and enforcement of regulations pertaining to 
articles found in the mail bearing counterfeit postage.

DATES: These revisions will become effective without further notice on 
May 8, 2023 unless responses to comments received on or before that 
date result in a contrary determination.

ADDRESSES: Comments may be submitted via email to the Privacy and 
Records Management Office, United States Postal Service Headquarters 
([email protected]). To facilitate public inspection, 
arrangements to view copies of written comments received will be made 
upon request.

FOR FURTHER INFORMATION CONTACT: Janine Castorina, Chief Privacy and 
Records Management Officer, Privacy and Records Management Office, at 
[email protected] or 202-268-2000.

SUPPLEMENTARY INFORMATION: This notice is in accordance with the 
Privacy Act requirement that agencies publish their systems of records 
in the Federal Register when there is a revision, change, or addition, 
or when the agency establishes a new system of records. The Postal 
Service has determined that Customer Privacy Act Systems of Records, 
USPS SOR 820.200, Mail Management and Tracking Activity and USPS SOR 
870.200, Postage Validation Imprint (PVI), Electronic Verification 
System (eVS), Postage Meter, and PC Postage Customer Data and 
Transaction Records, should be revised to support the detection and 
handling of articles found in the mail bearing counterfeit

[[Page 20565]]

postage. Counterfeit postage is any marking or indicia that has been 
made, printed, or otherwise created without authorization from the 
Postal Service that is printed or applied, or otherwise affixed, on an 
article placed in the mails that indicates or represents that valid 
postage has been paid to mail the article.

I. Background

    The Postal Service is implementing an initiative to identify and 
mitigate the use of counterfeit postage on articles found in the mail, 
including packages. The knowing use of counterfeit postage is a crime 
that reflects an intentional effort to defraud the Postal Service. As 
information, the Postal Service is providing public notice of amended 
regulations in a separate Federal Register notice regarding articles 
found in the mail with counterfeit postage (Document Citation: 88 FR 
10068, Publication Date: February 16, 2023).

II. Rationale for Changes to USPS Privacy Act Systems of Records

    Items found in the mail bearing counterfeit postage will be 
considered abandoned and disposed of at the discretion of the Postal 
Service, rather than be returned to the sender as the affixing of 
counterfeit postage reflects the non-payment of postage or an 
intentional effort to avoid paying postage. Upon detection, a record of 
the mailpiece or package displaying counterfeit postage will be created 
to facilitate the administration and enforcement of counterfeit postage 
regulations and the disposition of those articles.

III. Description of the Modified System of Records

    The Postal Service is proposing modifications to USPS SOR 820.200, 
Mail Management and Tracking Activity, as indicated in the summary of 
changes below:
    [cir] Added PURPOSE(S) #12 and #13.
    [cir] Added new CATEGORIES OF RECORDS IN THE SYSTEM #8.
    [cir] Added Tracking number, Mailer Identification (MID) Number, 
Intelligent Mail barcode (IMb), and Intelligent Mail Package barcode 
(IMPb) to POLICIES AND PRACTICES FOR RETRIEVAL OF RECORD.
    [cir] Added new retention period #8 to POLICIES AND PRACTICES FOR 
RETENTION AND DISPOSAL OF RECORDS.
    The Postal Service is also proposing modifications to USPS SOR 
870.200, Postage Validation Imprint (PVI), Electronic Verification 
System (eVS), Postage Meter, and PC Postage Customer Data and 
Transaction Records, as indicated in the summary of changes listed 
below:
    [cir] Added PURPOSE(S) #3 and #4
    [cir] Added new CATEGORIES OF RECORDS IN THE SYSTEM as #4
    [cir] Added Tracking number, Mailer Identification (MID) Number, 
Intelligent Mail barcode (IMb), and Intelligent Mail Package barcode 
(IMPb) to POLICIES AND PRACTICES FOR RETRIEVAL OF RECORD.
    [cir] Added new retention period #4 to POLICIES AND PRACTICES FOR 
RETENTION AND DISPOSAL OF RECORDS.
    Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to 
submit written data, views, or arguments on this proposal. A report of 
the proposed revisions has been sent to Congress and to the Office of 
Management and Budget for their evaluations. The Postal Service does 
not expect these amended systems of records to have any adverse effect 
on individual privacy rights. The notices for USPS SOR 820.200, Mail 
Management and Tracking Activity and SOR 870.200 Postage Validation 
Imprint (PVI), Electronic Verification System (eVS), Postage Meter, and 
PC Postage Customer Data and Transaction Records are provided below in 
their entirety:

SYSTEM NAME AND NUMBER:
    USPS 820.200, Mail Management and Tracking Activity.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    USPS Headquarters; Integrated Business Solutions Services Centers; 
USPS IT Eagan Host Computing Services Center; and Mail Transportation 
Equipment Service Centers.

SYSTEM MANAGER(S):
    Chief Information Officer and Executive Vice President, United 
States Postal Service, 475 L'Enfant Plaza SW, Washington, DC 20260-
1500.
    Chief Customer and Marketing Officer and Executive Vice President, 
United States Postal Service, 475 L'Enfant Plaza SW, Washington, DC 
20260-4016.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    39 U.S.C. 401, 403, and 404.

PURPOSE(S) OF THE SYSTEM:
    1. To provide mail acceptance, induction, and scheduling services.
    2. To fulfill orders for mail transportation equipment.
    3. To provide customers with information about the status of 
mailings within the USPS network or other carrier networks.
    4. To provide customers with mail or package delivery options.
    5. To provide business mailers with information about the status of 
mailings within the USPS mail processing network.
    6. To help mailers identify performance issues regarding their 
mail.
    7. To provide delivery units with information needed to fulfill 
requests for mail redelivery and hold mail service at the address and 
for the dates specified by the customer.
    8. To enhance the customer experience by improving the security of 
Change of Address (COA) and Hold Mail processes.
    9. To protect USPS customers from becoming potential victims of 
mail fraud and identity theft.
    10. To identify and mitigate potential fraud in the COA and Hold 
Mail processes.
    11. To verify a customer's identity when applying for COA and Hold 
Mail services.
    12. To support the administration and enforcement of regulations 
pertaining to articles found in the mail bearing counterfeit postage.
    13. To identify and mitigate potential fraud related to the payment 
of postage used for shipping and mailing services.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Customers who use USPS mail management and tracking services.

CATEGORIES OF RECORDS IN THE SYSTEM:
    1. Customer information: Customer or contact name, mail and email 
address(es), title or role, phone number(s), text message number, and 
cell phone carrier.
    2. Identification information: Customer ID(s), last four digits of 
Social Security Number (SSN), D-U-N-S Number; mailer and mailing ID, 
advertiser name/ID, username, and password.
    3. Data on mailings: Paper and electronic data on mailings, 
including postage statement data (such as volume, class, rate, postage 
amount, date and time of delivery, mailpiece count), destination of 
mailing, delivery status, mailing problems, presort information, reply 
mailpiece information, container label numbers, package label, Special 
Services label, article number, and permit numbers.
    4. Payment information: Credit and/or debit card number, type, and 
expiration date; ACH information.
    5. Customer preference data: Hold mail begin and end date, 
redelivery date, delivery options, shipping and pickup preferences, 
drop ship codes,

[[Page 20566]]

comments and instructions, mailing frequency, preferred delivery dates, 
and preferred means of contact.
    6. Product Usage Information: Special Services label and article 
number.
    7. Mail images: Images of mailpieces captured during normal mail 
processing operations.
    8. Counterfeit (CF) Postage Information: Tracking number, Scan 
Event Data (Date, Time, Scan ID, Device ID, Scan Source, event code, 
reason code), Product or Service Classification (Service type code, 
Extra Services Code), Packaging Product Code (i.e., ``PS00011000001, 
PS00011132700, etc.), Sender address, Recipient address, Destination 
ZIP Code, Country Code, Intelligent Mail barcode (IMb), Intelligent 
Mail Package barcode (IMpb), Mailer Identification (MID) number, 
Indicia Type (Retail, Permit, PC Postage, etc.) Permit/Payment Account 
Number, Meter, IBI or IMI number, Postage Amount, Date of Mailing, Date 
Article was intercepted as CF, Date article was validated as CF, 
Location where item is stored, Date Article was Disposed of, Weight, 
Shape and Size (L_W_H) of Article, USPS Facility (tracking data site), 
USPS Mail Processing Operation information (operation code).

RECORD SOURCE CATEGORIES:
    Customers and, for call center operations, commercially available 
sources of names, addresses, and telephone numbers.
    Records of articles found in the mail bearing counterfeit postage.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    Standard routine uses 1. through 7., 10., and 11. apply.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Automated databases, computer storage media, and paper.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    By customer name, by customer ID(s), by logon ID, by mailing 
address(es), by 11-digit ZIP Code, by Tracking number, by Mailer 
Identification (MID) Number, by Intelligent Mail barcode (IMb) and by 
Intelligent Mail Package barcode (IMpb).

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    1. Records are retained for up to 30 days.
    2. Records related to ePubWatch, Confirmation Services and hold 
mail services are retained for up to 1 year.
    3. Special Services and drop ship records are retained 2 years.
    4. ACH records are retained up to 2 years.
    5. Mailpiece images will be retained up to 3 days.
    6. Other records are retained 4 years after the relationship ends.
    7. USPS and other carrier network tracking records are retained for 
up to 30 days for mail and up to 90 days for packages and special 
services.
    8. Records pertaining to counterfeit postage information are 
retained for 3 calendar years.
    Records existing on paper are destroyed by burning, pulping, or 
shredding. Records existing on computer storage media are destroyed 
according to the applicable USPS media sanitization practice.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Paper records, computers, and computer storage media are located in 
controlled-access areas under supervision of program personnel. Access 
to these areas is limited to authorized personnel, who must be 
identified with a badge.
    Access to records is limited to individuals whose official duties 
require such access. Contractors and licensees are subject to contract 
controls and unannounced on-site audits and inspections.
    Computers are protected by mechanical locks, card key systems, or 
other physical access control methods. The use of computer systems is 
regulated with installed security software, computer logon 
identifications, and operating system controls including access 
controls, terminal and transaction logging, and file management 
software. Online data transmissions are protected by encryption.

RECORD ACCESS PROCEDURES:
    Requests for access must be made in accordance with the 
Notification Procedure above and USPS Privacy Act regulations regarding 
access to records and verification of identity under 39 CFR 266.5.

CONTESTING RECORD PROCEDURES:
    See Notification Procedures below and Record Access Procedures 
above.

NOTIFICATION PROCEDURES:
    Customers wanting to know if information about them is maintained 
in this system of records must address inquiries in writing to the 
system manager. Inquiries should contain name, customer ID(s), if any, 
and/or logon ID.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    December 27, 2018, 83 FR 66768; June 05, 2017, 82 FR 25819; August 
25, 2016, 81 FR 58542; January 21, 2014, 79 FR 3423; August 03, 2012, 
77 FR 46528; June 27, 2012, 77 FR 38342; October 24, 2011, 76 FR 65756; 
April 29, 2005, 70 FR 22516.

SYSTEM NAME AND NUMBER:
    USPS 870.200, Postage Validation Imprint (PVI), Electronic 
Verification System (eVS), Postage Meter, and PC Postage Customer Data 
and Transaction Records.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    USPS Headquarters, USPS facilities, Integrated Business Solutions 
Services Centers, and partner locations.

SYSTEM MANAGER(S):
    Vice President, Technology Applications, United States Postal 
Service, 475 L'Enfant Plaza SW, Washington, DC 20260.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    39 U.S.C. 401, 403, and 404; 39 CFR part 501.

PURPOSE(S) OF THE SYSTEM:
    1. To enable responsible administration of postage evidencing 
system activities.
    2. To enhance understanding and fulfillment of customer needs.
    3. To support the administration and enforcement of regulations 
pertaining to articles found in the mail bearing counterfeit postage.
    4. To identify and mitigate potential fraud related to the payment 
of postage used for shipping and mailing services.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Postage evidencing system users.

CATEGORIES OF RECORDS IN THE SYSTEM:
    1. Customer information: Contact name, address, and telephone 
number; registration identifiers; company name; and change of address 
information.
    2. Identification information: Customer/system ID(s), IP 
address(es), date of device installation, device ID number, device 
model number, and certificate serial number.
    3. Mailing and transaction information: Tracking ID, package 
identification code (PIC), customer-provided package/transaction 
attribute data, postage paid, contract pricing, package attribute data, 
USPS collection and source system identifiers, mailpiece images, and 
package destination and origin.

[[Page 20567]]

    4. Counterfeit (CF) Postage Information: Tracking number, Scan 
Event Data (Date, Time, Scan ID, Device ID, Scan Source, event code, 
reason code), Product or Service Classification (Service type code, 
Extra Services Code), Packaging Product Code (i.e., ``PS00011000001, 
PS00011132700, etc.), Sender address, Recipient address, Destination 
ZIP Code, Country Code, Intelligent Mail barcode (IMb), Intelligent 
Mail Package barcode (IMpb), Mailer Identification (MID) number, 
Indicia Type (Retail, Permit, PC Postage, etc.) Permit/Payment Account 
Number, Meter, IBI or IMI number, Postage Amount, Date of Mailing, Date 
Article was intercepted as CF, Date article was validated as CF, 
Location where item is stored, Date Article was Disposed of, Weight, 
Shape and Size (L_W_H) of Article, USPS Facility (tracking data site), 
USPS Mail Processing Operation information (operation code).

RECORD SOURCE CATEGORIES:
    Customers; authorized service providers of postage evidencing 
systems; and USPS personnel.
    Records of articles found in the mail bearing counterfeit postage.

ROUTINE USES OF RECORDS IN THE SYSTEM, INCLUDING CATEGORIES OF USERS 
AND THE PURPOSES OF SUCH USES:
    Standard routine uses 1. through 7., 10., and 11. apply. In 
addition:
    a. The name and address of an authorized user of a postage meter or 
PC Postage product (postage evidencing systems), printing a specified 
indicium will be furnished to any person provided the user is using the 
postage meter or PC Postage product for business purposes.
    b. Customer-specific records and related sampling systems in this 
system may be disclosed to eVS customers, indicia providers, and PC 
Postage providers, including approved shippers, for revenue assurance 
to ensure accuracy of postage payment across payment systems, and to 
otherwise enable responsible administration of postage evidencing 
system activities.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Automated databases, computer storage media, and paper.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    By customer name and by numeric file of postage evidencing systems 
ID number by customer ID(s), by Tracking number, by Mailer 
Identification (MID) Number, by Intelligent Mail barcode (IMb) and by 
Intelligent Mail Package barcode (IMPb).

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    1. ACH records are retained up to 2 years. Records of payment are 
retained up to 7 years.
    2. Other records in this system are retained up to 7 years after a 
customer ceases using a postage evidencing system.
    3. Within the Postal Service and directly to eVS customers, or 
through third-party software providers (including meter and PC Postage 
providers) for the purpose of enabling responsible administration of 
revenue assurance and other postage evidencing system activities, 
facilitating remediation of postage disparities, and meeting SOX 
compliance requirements, in accordance with 39 CFR part 501.
    4. Records pertaining to counterfeit postage information are 
retained for 3 calendar years.
    Records existing on paper are destroyed by burning, pulping, or 
shredding. Records existing on computer storage media are destroyed 
according to the applicable USPS media sanitization practice.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Paper records, computers, and computer storage media are located in 
controlled-access areas under supervision of program personnel. Access 
to these areas is limited to authorized personnel, who must be 
identified with a badge.
    Access to records is limited to individuals whose official duties 
require such access. Contractors and licensees are subject to contract 
controls and unannounced on site audits and inspections.
    Computers are protected by mechanical locks, card key systems, or 
other physical access control methods. The use of computer systems is 
regulated with installed security software, computer logon 
identifications, and operating system controls including access 
controls, terminal and transaction logging, and file management 
software.

RECORD ACCESS PROCEDURES:
    Requests for access must be made in accordance with the 
Notification Procedure above and USPS Privacy Act regulations regarding 
access to records and verification of identity under 39 CFR 266.5.

CONTESTING RECORD PROCEDURES:
    See Notification Procedures below and Record Access Procedures 
above.

NOTIFICATION PROCEDURES:
    Customers wanting to know if information about them is maintained 
in this system of records must address inquires in writing to: Manager, 
Finance and Payment Technology, United States Postal Service, 475 
L'Enfant Plaza SW, Washington, DC 20260. Inquiries should include the 
individual's name and customer ID.

HISTORY:
    December 10, 2014, 79 FR 733454; June 27, 2012, 77 FR 38342; 
October 24, 2011, 76 FR 65756; April 29, 2005, 70 FR 22516.

Tram T. Pham,
Attorney, Ethics and Compliance.
[FR Doc. 2023-07138 Filed 4-5-23; 8:45 am]
BILLING CODE 7710-12-P