Federal Register, Volume 73 Issue 90 (Thursday, May 8, 2008)

[Federal Register Volume 73, Number 90 (Thursday, May 8, 2008)]
[Notices]
[Pages 26155-26158]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E8-10183]

[[Page 26155]]

=======================================================================
-----------------------------------------------------------------------

POSTAL SERVICE

Privacy Act of 1974; System of Records

AGENCY: Postal Service.^TM

ACTION: Notice of modifications to three existing systems of records.

-----------------------------------------------------------------------

SUMMARY: The Postal Service proposes to revise the following existing
systems of records titled, ``USPS 810.100, http://www.usps.com
Registration,'' ``USPS 810.200, http://www.usps.com Ordering, Payment
and Fulfillment,'' and ``USPS 860.000, Financial Transactions.'' The
modifications clarify user information in Categories of Records in the
System, Purpose, Retention and Disposal and Systems Manager(s).
Background: The Postal Service's commitment to universal service is
based on a foundation of providing secure products and services to
postal customers. As a trusted organization, the Postal Service faces a
variety of security challenges which require investigative, preventive,
and security responses.
The Postal Service works collaboratively with internal and external
groups to ensure new postal products and services are secure, thus
maintaining customers' confidence in the mail and satisfying their
personal and business needs.
This includes providing postal customers with secure access to
products and services in all channels. As online access to retail
products and services has grown, new types of fraudulent activities
have emerged to challenge the security of online transactions.
The Postal Service has responded by developing fraud prevention
initiatives designed to protect the security of financial transactions
on usps.com. These initiatives include enhanced capabilities for
ensuring the accuracy and security of credit card transactions
conducted by national and international customers on usps.com.
Modifications to the systems of records will be reflected in the
Categories of Records in the System as it relates to business-specific
and user information, purpose, and retention and disposal of online
user information.

DATES: The revisions will become effective without further notice on
June 9, 2008 unless comments received on or before that date result in
a contrary determination.

ADDRESSES: Comments may be mailed or delivered to the Records Office,
United States Postal Service, 475 L'Enfant Plaza, SW., Room 5821,
Washington, DC 20260-2200. Copies of all written comments will be
available at this address for public inspection and photocopying
between 8 a.m. and 4 p.m., Monday through Friday.

FOR FURTHER INFORMATION CONTACT: Deborah D. Hubbard, 202-268-7119.

SUPPLEMENTARY INFORMATION: This notice is in accordance with the
Privacy Act requirement that agencies publish their amended systems of
records in the Federal Register when there is a revision, change, or
addition. The Postal Service has reviewed its systems of records and
has determined that USPS 810.100, http://www.usps.com Registration,
should be revised to modify existing categories of records in the
system, and retention and disposal of such records. Collection,
retention, and disposal of user information will be added to enhance
the understanding and fulfillment of customer needs and for ensuring
the security of registration transactions conducted on usps.com.
In addition, the Postal Service has reviewed its systems of records
and has determined that USPS 810.200, http://www.usps.com Ordering,
Payment and Fulfillment, should be revised to modify existing
categories of records in the system, purpose, and retention and
disposal of such records. Categories of records in the system will be
revised to include online user information. The purpose of collection
will be revised to support law enforcement investigations, and
retention and disposal of this information will be added.
The Postal Service has also determined that USPS 860.000, Financial
Transactions, should be revised to include online user information
within the categories of records in the system. The purpose of
collection will be revised to support law enforcement investigations,
and retention and disposal of this information will be added.
Privacy Act Systems of Records USPS 810.100, USPS 810.200, and USPS
860.000 were originally published in the Federal Register on April 29,
2005 (70 FR 22548).
The Postal Service proposes amending the systems as shown below:
USPS 810.100, http://www.usps.com Registration

CATEGORIES OF RECORDS IN THE SYSTEM AND RETENTION AND DISPOSAL:
[Revise to read as follows:]
* * * * *
Categories of Records in the System will be changed to read:
7. Online user information: Internet Protocol (IP) address, domain
name, operating system versions, browser version, date and time of
connection, and geographic location.
Retention and Disposal will be changed to read:
4. Online user information may be retained for 6 months.
Additionally, the System Manager(s) title has been changed to Chief
Marketing Officer and Executive Vice President.
USPS 810.200, http://www.usps.com Ordering, Payment and Fulfillment

CATEGORIES OF RECORDS IN THE SYSTEM, PURPOSE, RETENTION AND DISPOSAL,
AND SYSTEM MANAGER:
[Revise to read as follows:]
* * * * *
Categories of Records in the System will be changed to read:
5. Online user information: Internet Protocol (IP) address, domain
name, operating system version, browser version, date and time of
connection, and geographic location.
Purpose will be changed to read:
5. To support investigations related to law enforcement for
fraudulent financial transactions.
Retention and Disposal will be changed to read:
3. Online user information may be retained for 6 months.
Additionally, the System Manager(s) and Address will reflect the
following addition:
Chief Financial Officer and Executive Vice President, 475 L'Enfant
Plaza, SW., Washington, DC 20260.
Also, the existing System Manager's title has been changed to Chief
Marketing Officer and Executive Vice President.
USPS 860.000, Financial Transactions

CATEGORIES OF RECORDS IN THE SYSTEM, PURPOSE AND RETENTION AND DISPOSAL
AND SYSTEM MANAGER:
[Revise to read as follows:]
* * * * *
Categories of Records in the System will be changed to read:
7. Online user information: Internet Protocol (IP) address, domain
name, operating system version, browser version, date and time of
connection, and geographic location.
Purpose will be changed to read:
4. To support investigations related to law enforcement for
fraudulent financial transactions.
Retention and Disposal will be changed to read:
8. Online user information may be retained for 6 months.
Additionally, the System Manager(s) title has been changed to Chief

[[Page 26156]]

Marketing Officer and Executive Vice President.
* * * * *
USPS 810.100, http://www.usps.com Registration

System Location:
Computer Operations Service Centers.

Categories of Individuals Covered by the System:
Customers who register via the USPS Web site at http://www.usps.com.

Categories of Records in the System:
1. Customer information: Name; customer ID(s); company name; job
title and role; home, business, and billing address; home and business
phone and fax number; e-mail; URL; and Automated Clearing House (ACH)
information.
2. Identity verification information: Question, answer, username,
user ID, and password.
3. Business-specific information: Business type and location,
business IDs, annual revenue, number of employees, industry, nonprofit
rate status, product usage information, annual and/or monthly shipping
budget, payment method and information, planned use of product, and age
of Web site.
4. Customer preferences: Preferences to receive USPS marketing
information, preferences to receive marketing information from USPS
partners, preferred means of contact, preferred e-mail format, product
and/or service marketing preference.
5. Customer feedback: Method of referral to Web site.
6. Registration information: Date of registration.
7. Online user Information: Internet Protocol (IP) address, domain
name, operating system versions, browser version, date and time of
connection, and geographic location.

Authority for Maintenance of the System:
39 U.S.C. 401, 403, and 404.

Purpose(s):
1. To provide online registration with single sign on services for
customers.
2. To obtain accurate contact information in order to deliver
requested products, services, and other material.
3. To authenticate customer logon information for http://www.usps.com.
4. To permit customer feedback in order to improve http://www.usps.com or USPS products and services.
5. To enhance understanding and fulfillment of customer needs.

Routine Uses of Records in the System, Including Categories of Users
and the Purposes of Such Uses:
Standard routine uses 1 through 7, 10, and 11 apply.

Policies and Practices for Storing, Retrieving, Accessing, Retaining,
and Disposing of Records in the System:
Storage:
Automated database, computer storage media, and paper.

Retrievability:
By customer name, customer ID(s), phone number, or mail or e-mail
address.

Safeguards:
Paper records, computers, and computer storage media are located in
controlled-access areas under supervision of program personnel. Access
to these areas is limited to authorized personnel, who must be
identified with a badge.
Access to records is limited to individuals whose official duties
require such access. Contractors and licensees are subject to contract
controls and unannounced on-site audits and inspections.
Computers are protected by mechanical locks, card key systems, or
other physical access control methods. The use of computer systems is
regulated with installed security software, computer logon
identifications, and operating system controls including access
controls, terminal and transaction logging, and file management
software. Online data transmissions are protected by encryption.
For small business registration, computer storage tapes and disks
are maintained in controlled-access areas or under general scrutiny of
program personnel. Access is controlled by logon ID and password as
authorized by the Marketing organization via secure Web site. Online
data transmissions are protected by encryption.

Retention and Disposal:
1. ACH records are retained up to 2 years.
2. Records stored in the registration database are retained until
the customer cancels the profile record, 3 years after the customer
last accesses records, or until the relationship ends.
3. For small business registration, records are retained 5 years
after the relationship ends.
4. Online user information may be retained for 6 months.
Records existing on paper are destroyed by burning, pulping, or
shredding. Records existing on computer storage media are destroyed
according to the applicable USPS media sanitization practice.

System Manager(s) and Address:
Chief Marketing Officer and Executive Vice President, United States
Postal Service, 475 L'Enfant Plaza SW., Washington, DC 20260.

Notification Procedure:
Customers wanting to know if information about them is maintained
in this system of records must address inquiries in writing to the
system manager. Inquiries must contain name, address, and other
identifying information.

Record Access Procedures:
Requests for access must be made in accordance with the
Notification Procedure above and USPS Privacy Act regulations regarding
access to records and verification of identity under 39 CFR 266.6.

Contesting Record Procedures:
See Notification Procedure and Record Access Procedures above.

Record Source Categories:
Customers.
USPS 810.200, http://www.usps.com Ordering, Payment, and Fulfillment

System Location:
Computer Operations Service Centers.

Categories of Individuals Covered by the System:
Customers who place orders and/or make payment for USPS products
and services through http://www.usps.com.

Categories of Records in the System:
1. Customer information: Name, customer ID(s), phone and/or fax
number, mail address and e-mail address.
2. Payment information: Credit and/or debit card number, type, and
expiration date, billing information, ACH information.
3. Shipping and transaction information: Product and/or service ID
numbers, descriptions, and prices; name and address(es) of recipients;
order number and delivery status; electronic address lists; electronic
documents or images; job number.
4. Claims submitted for defective merchandise.
5. Online user information: Internet Protocol (IP) address, domain
name, operating system versions, browser version, date and time of
connection, and geographic location.

[[Page 26157]]

Authority for Maintenance of the System:
39 U.S.C. 401, 403, and 404.

Purpose(s):
1. To fulfill orders for USPS products and services.
2. To promote increased use of the mail by providing electronic
document preparation and mailing services for customers.
3. To provide shipping supplies and services, including return
receipts and labels.
4. To provide recurring ordering and payment services for products
and services.
5. To support investigations related to law enforcement for
fraudulent financial transactions.

Routine Uses of Records in the System, Including Categories of Users
and the Purposes of Such Uses:
Standard routine uses 1 through 7, 10, and 11 apply. In addition:
a. Customs declaration records may be disclosed to domestic and
foreign customs officials pursuant to 19 U.S.C. 2071 (note) and
international agreements or regulations.

Policies and Practices for Storing, Retrieving, Accessing, Retaining,
and Disposing of Records in the System:
Storage:
Automated databases, computer storage media, and paper.

Retrievability:
By customer name, customer ID(s), phone number, mail or e-mail
address, or job number.

Safeguards:
Paper records, computers, and computer storage media are located in
controlled-access areas under supervision of program personnel. Access
to these areas is limited to authorized personnel, who must be
identified with a badge.
Access to records is limited to individuals whose official duties
require such access. Contractors and licensees are subject to contract
controls and unannounced on-site audits and inspections.
Computers are protected by mechanical locks, card key systems, or
other physical access control methods. The use of computer systems is
regulated with installed security software, computer logon
identifications, and operating system controls including access
controls, terminal and transaction logging, and file management
software.
Online data transmission is protected by encryption, dedicated
lines, and authorized access codes. For shipping supplies, data is
protected within a stand-alone system within a controlled-access
facility.

Retention and Disposal:
1. Records related to mailing online and online tracking and/or
confirmation services supporting a customer order are retained for up
to 30 days from completion of fulfillment of the order, unless retained
longer by request of the customer. Records related to shipping services
and domestic and international labels are retained up to 90 days.
Delivery Confirmation and return receipt records are retained for 6
months. Signature Confirmation records are retained for 1 year. ACH
records are retained for up to 2 years.
2. Other customer records are retained for 3 years after the
customer relationship ends.
3. Online user information may be retained for 6 months.
Records existing on paper are destroyed by burning, pulping, or
shredding. Records existing on computer storage media are destroyed
according to the applicable USPS media sanitization practice.

System Manager(s) and Address:
Chief Financial Officer and Executive Vice President, 475 L'Enfant
Plaza, SW., Washington, DC 20260.
Chief Marketing Officer and Executive Vice President, United States
Postal Service, 475 L'Enfant Plaza SW., Washington, DC 20260.

Contesting Record Procedures:
See Notification Procedure and Record Access Procedures above.

Record Source Categories:
Customers.
USPS 860.000, Financial Transactions

System Location:
USPS Headquarters; Integrated Business Solutions Services Centers;
Accounting Service Centers; anti-money laundering support group; and
contractor sites.

Categories of Individuals Covered by the System:
1. Customers who use online payment or funds transfer services.
2. Customers who file claims or make inquiries related to online
payment services, funds transfers, money orders, and stored-value
cards.
3. Customers who purchase funds transfers or stored-value cards in
an amount of $1000 or more per day, or money orders in an amount of
$3000 or more per day, or who purchase or redeem any such services in a
manner requiring collection of information as potential suspicious
activities under anti-money laundering requirements. Recipients of
funds transfers and the beneficiaries of funds from money orders
totaling $10,000 in 1 day.

Categories of Records in the System:
1. Customer information: Name, customer ID(s), mail and e-mail
address, telephone number, occupation, type of business, and customer
history.
2. Identity verification information: Date of birth, username and/
or ID, password, Social Security Number (SSN) or tax ID number, and
driver's license number (or other type of ID if driver's license is not
available, such as Alien Registration Number, Passport Number, Military
ID, Tax ID Number).

(Note: For online payment services, SSNs are collected, but not
retained, in order to verify ID.)

3. Billers registered for online payment services: Biller name and
contact information, bill detail, and bill summaries.
4. Transaction information: Name, address, and phone number of
purchaser, payee, and biller; amount, date, and location; credit and/or
debit card number, type, and expiration; sales, refunds, and fees; type
of service selected and status; sender and recipient bank account and
routing number; bill detail and summaries; transaction number, serial
number, and/or reference number or other identifying number, pay out
agent name and address; type of payment, currency, and exchange rate;
Post Office information such as location, phone number, and terminal;
employee ID numbers, license number and state, and employee comments.
5. Information to determine credit worthiness: Period at current
residence, previous address, and period of time with same phone number.
6. Information related to claims and inquiries: Name, address,
phone number, signature, SSN, location where product was purchased,
date of issue,

[[Page 26158]]

amount, serial number, and claim number.
7. Online user information: Internet Protocol (IP) address, domain
name, operating system versions, browser version, date and time of
connection, and geographic location.

Authority for Maintenance of the System:
39 U.S.C. 401, 403, and 404; 31 U.S.C. 5318, 5325, 5331, and 7701.

Purpose(s):
1. To provide financial products and services.
2. To respond to inquiries and claims related to financial products
and services.
3. To fulfill requirements of anti-money laundering statutes and
regulations.
4. To support investigations related to law enforcement for
fraudulent financial transactions.

Routine Uses of Records in the System, Including Categories of Users
and the Purposes of Such Uses:
Standard routine uses 1 through 7, 10, and 11 apply. Legally
required disclosures to agencies for law enforcement purposes include
disclosures of information relating to money orders, funds transfers,
and stored-value cards as required by anti-money laundering statutes
and regulations.

Policies and Practices for Storing, Retrieving, Accessing, Retaining,
and Disposing of Records in the System:
Storage:
Automated database, computer storage media, microfiche, and paper.

Retrievability:
For online payment and funds transfer services, information is
retrieved by customer name, customer ID(s), transaction number, or
address.
Claim information is retrieved by name of purchaser or payee, claim
number, serial number, transaction number, check number, customer
ID(s), or ZIP Code.
Information related to anti-money laundering is retrieved by
customer name; SSN; alien registration, passport, or driver's license
number; serial number; transaction number; ZIP Code; transaction date;
data entry operator number; and employee comments.

Retention and Disposal:
1. Summary records, including bill due date, bill amount, biller
information, biller representation of account number, and the various
status indicators, are retained 2 years from the date of processing.
2. For funds transfers, transaction records are retained 3 years.
3. Records related to claims are retained up to 3 years from date
of final action on the claim.
4. Forms related to fulfillment of anti-money laundering
requirements are retained 5 years from the end of the calendar quarter
in which they were created.
5. Related automated records are retained the same 5-year period
and purged from the system quarterly after the date of creation.
6. Enrollment records related to online payment services are
retained 7 years after the subscriber's account ceases to be active or
the service is cancelled.
7. Account banking records, including payment history, Demand
Deposit Account (DDA) number, and routing number, are retained 7 years
from the date of processing.
8. Online user information may be retained for 6 months.
Records existing on paper are destroyed by burning, pulping, or
shredding.
Records existing on computer storage media are destroyed according
to the applicable USPS media sanitization practice.

System Manager(s) and Address:
Chief Financial Officer and Executive Vice President, 475 L'Enfant
Plaza, SW., Washington DC 20260.
Chief Marketing Officer and Executive Vice President, United States
Postal Service, 475 L'Enfant Plaza, SW., Washington, DC 20260.

Notification Procedure:
For online payment services, funds transfers, and stored-value
cards, individuals wanting to know if information about them is
maintained in this system must address inquiries in writing to the
Chief Marketing Officer. Inquiries must contain name, address, and
other identifying information, as well as the transaction number for
funds transfers.
For money order claims and anti-money laundering documentation,
inquiries should be addressed to the Chief Financial Officer. Inquiries
must include name, address, or other identifying information of the
purchaser (such as driver's license, Alien Registration Number,
Passport Number, etc.), and serial or transaction number. Information
collected for anti-money laundering purposes will only be provided in
accordance with Federal anti-money laundering laws and regulations.

Contesting Record Procedures:
See Notification Procedure and Record Access Procedures above.

Record Source Categories:
Customers, recipients, financial institutions, and USPS employees.

Systems Exempted From Certain Provisions of the Act:
USPS has established regulations at 39 CFR 266.9 that exempt
information contained in this system of records from various provisions
of the Privacy Act in order to conform to the prohibition in the Bank
Secrecy Act, 31 U.S.C. 5318(g)(2), against notification of the
individual that a suspicious transaction has been reported.

Neva R. Watson,
Attorney, Legislative.
[FR Doc. E8-10183 Filed 5-7-08; 8:45 am]
BILLING CODE 7710-12-P