[Federal Register Volume 65, Number 249 (Wednesday, December 27, 2000)]
[Notices]
[Pages 81937-81939]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 00-32959]
=======================================================================
-----------------------------------------------------------------------
POSTAL SERVICE
Privacy Act of 1974, System of Records
AGENCY: Postal Service.
ACTION: Notice of new system of records.
-----------------------------------------------------------------------
SUMMARY: The purpose of this document is to publish notice of a new
Privacy Act system of records, USPS 040.060, Customer Programs-Customer
Electronic Bill Presentment and Payment Records. The new system
contains records about individuals who use the Postal Service's
electronic bill presentment and payment (EBP) service.
DATES: This proposal will become effective without further notice on
February 5, 2001, unless comments received on or before that date
result in a contrary determination.
COMMENTS DUE BY: February 5, 2001.
ADDRESSES: Any interested party may submit written comments on the
proposed new system of records. Written comments on this proposal
should be mailed or delivered to: Finance Administration/FOIA, United
States Postal Service, 475 L'Enfant Plaza SW., RM 8141, Washington, DC
20260-5202. Copies of all written comments will be available at the
above address for public inspection and photocopying between 8 a.m. and
4:45 p.m., Monday through Friday.
FOR FURTHER INFORMATION CONTACT: Robert J. Faruq, 202-268-2608.
SUPPLEMENTARY INFORMATION: The Postal Service is offering an electronic
bill presentment and payment (EBP) service that allows customers to
conveniently and securely register, access, and pay their bills through
the Postal Service's WEB site (http://www.usps.com). This notice
establishes a new Privacy Act system of records, USPS 040.060, Customer
Programs-Customer Electronic Bill Presentment and Payment Records, to
cover individuals' records that are collected and maintained as a
result of providing that service.
To use the EBP service, a customer registers once by providing
identifying information, such as name, address, date of birth,
telephone numbers, and e-mail address, that will be maintained in the
system for that customer's transactions. Confirmation of registration
and verification of the accuracy of information collected is sent by
mail. Once registered, the customer can view all of his or her bill
summaries that are registered with the service and navigate where
applicable to the provider's or biller's site to obtain details of a
particular bill. The customer then can return to the EBP service to pay
that bill or any bills listed on the bill summary page. The EBP service
also allows a customer to order the payment of a bill not registered
with the service by providing the limited information needed for
payment.
General routine use statements b, e, f, and j listed in the
prefatory statement at the beginning of the Postal Service's published
system notices apply to this system in that they are disclosures
routinely necessary to conduct business. These include the need to
disclose in litigation involving the Postal Service; to a contractor
fulfilling an agency function; to a congressional office at the request
of the record's subject; and to outside auditors in connection with an
audit of Postal Service finances. These general routine uses were last
published in the Federal Register on October 26, 1989 (54 FR 43654-
43655).
In addition, five routine uses have been added. Routine use No. 1
permits disclosure to the Postal Service contractor who is providing
bill payment and customer support services for EBP. Routine use No. 2
permits disclosure to a payee or financial institution to resolve
payment-posting problems. Routine use No. 3 permits disclosure to an
authorized credit bureau for the purpose of identity verification.
Routine use No. 4 permits disclosure for law enforcement purposes only
pursuant to a federal search warrant. Routine use No. 5 permits
disclosure pursuant to a federal court order.
The new system is not expected to have an adverse effect on
individual
[[Page 81938]]
privacy rights. The contractor that maintains information collected by
this system is made subject to the Privacy Act in accordance with
subsection (m) of the Act (which applies when the agency provides by
contract for the operation of a system of records to accomplish an
agency function) and is required to apply appropriate protections
subject to audit and inspection by the Postal Inspection Service.
Procedures are in place to verify identity of individuals, the accuracy
of information maintained, and the security of information maintained
and transmitted.
Customers using the EBP service must agree to the following terms
and conditions:
The Postal Service can deny enrollment to a customer if
the customer's identity or other information cannot be verified.
The Postal Service requires customers to protect their
bill payment password and not to share it with others.
The Postal Service requires customers to report any
suspected compromise of the password quickly to ensure minimal
financial loss.
To register, a customer must provide a unique user name and
password. Confirmation of registration is currently sent by mail to
ensure the customer's identity and the accuracy of information
collected by the use of a one-time payment activation code assigned to
the customer, which must be entered before a payment can be initiated.
The code is entered only once. In the near future, identity
confirmation will be conducted online.
Security controls have been applied to protect the information
during transmission and physical maintenance. The system will be housed
in a restricted area with access controlled by an installed security
software package, the use of logon identifications and passwords, and
operating system controls. Information is transmitted in a secure
session established by Secure Socket Layer or equivalent technology.
These technologies encrypt or scramble the transmitted information so
it is virtually impossible for anyone other than the Postal Service and
its provider or biller to read it.
Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to
submit written comments on this notice. A report of the following new
system of records has been sent to Congress and to the Office of
Management and Budget for their evaluation.
USPS 040.060
SYSTEM NAME:
Customer Programs-Customer Electronic Bill Presentment and Payment
Records, USPS 040.060.
SYSTEM LOCATION:
Postal Service Headquarters and contractor site.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Customers who use the Postal Service's electronic bill presentment
and payment (EBP) service.
CATEGORIES OF RECORDS IN THE SYSTEM:
Registration information includes customer name, address, date of
birth, driver's license number, home and work phone numbers, e-mail
address, EBP service billing information (checking account number and
bank routing number), EBP service user name/ID and password, consumer's
billers registered with service, bill detail, and bill summaries.
Customer social security numbers are collected but not retained by the
Postal Service; they are used to confirm customer identity at time of
registration.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
39 U.S.C. 401 and 404.
PURPOSE(S):
Information in this system is used to provide electronic bill
presentment and payment services to Postal Service customers.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
General routine use statements b, e, f, and j listed in the
prefatory statement at the beginning of the Postal Service's published
system notices apply to this system. Other routine uses are as follows:
1. Information from this system may be disclosed to a service
provider under contract with the Postal Service for the purpose of
providing electronic bill presentment and payment service and customer
service support services.
2. Information from this system may be disclosed to a payee or
financial institution for purposes of resolving payment-posting
questions or discrepancies and questions regarding status of electronic
bill payments.
3. Information from this system may be disclosed to an authorized
credit bureau for the purpose of verifying identity and for determining
the risk limits to be applied to each subscriber.
4. Information from this system may be disclosed for law
enforcement purposes to a government agency, either federal, state,
local, or foreign, only pursuant to a federal warrant duly issued under
Rule 41 of the Federal Rules of Criminal Procedure. See Administrative
Support Manual (ASM) 274.6 for procedures relating to search warrants.
5. Information from this system may be disclosed pursuant to the
order of a federal court of competent jurisdiction.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Automated database, computer storage media, and microfiche.
RETRIEVABILITY:
The service provider retrieves information by customer
identification number. The Postal Service retrieves information by
customer name and address.
SAFEGUARDS:
Computer storage tapes and disks are maintained in locked filing
cabinets in controlled-access areas or under general scrutiny of the
service provider program personnel. Computers containing information
are located in controlled-access areas with personnel access controlled
by a cipher lock system, card key system, or other physical access
control method, as appropriate. Authorized persons must be identified
by a badge. Computer systems are protected with an installed security
software package, computer logon identifications and operating system
controls including access controls, terminal and user identifications,
and file management. Online data transmission is protected by
encryption. Contractors must provide similar protection subject to an
operational security compliance review by the Postal Inspection
Service.
RETENTION AND DISPOSAL:
1. For active subscribers, the personal enrollment data (e.g., name
and address) is retained as long as the subscriber's account is active,
and is archived for seven (7) years after the subscriber's account
ceases to be active. For non-active subscribers, the personal
enrollment data collected at the time of enrollment is archived for
seven (7) years after the service is canceled.
2. Payment History includes paid, canceled, and failed payments.
Account Banking data includes Demand Deposit Account (DDA) number and
routing number. This information is maintained for six (6) months
online and is then archived to magnetic tape for seven (7) years from
the date of processing.
[[Page 81939]]
3. Billing summary data includes bill due date, bill amount, biller
information, biller representation of account number, and the various
status indicators (scheduled, in progress, etc.). This information is
stored on magnetic tape for two (2) years from the date of processing.
4. At the end of each record retention period, the data on tape is
destroyed by over-recording.
SYSTEM MANAGER(S) AND ADDRESS:
Senior Vice President, Corporate and Business Development, United
States Postal Service, 475 L'Enfant Plaza SW., Washington DC 20260-
5130.
NOTIFICATION PROCEDURE:
Individuals wanting to know whether information about them is
maintained in this system of records must address inquiries in writing
to the system manager(s). Inquiries must contain name and address or
other identifying information.
RECORD ACCESS PROCEDURES:
Requests for access must be made in accordance with the
Notification Procedure above and the Postal Service Privacy Act
regulations regarding access to records and verification of identity
under 39 CFR 266.6.
CONTESTING RECORD PROCEDURES:
See Notification Procedures and Record Access Procedures above.
RECORD SOURCE CATEGORIES:
Information is furnished by record subjects and billers.
Stanley F. Mires,
Chief Counsel, Legislative.
[FR Doc. 00-32959 Filed 12-26-00; 8:45 am]
BILLING CODE 7710-12-P