-
Start Preamble
AGENCY:
Postal ServiceTM.
ACTION:
Final rule.
SUMMARY:
This rule clarifies the responsibility of the providers of Postage Evidencing Systems (PES) to safeguard customer information and maintain regulatory controls over agents operating third-party locations at domestic or international (off shore) facilities.
DATES:
This rule is effective January 11, 2012.
ADDRESSES:
Mail or deliver written comments to the Manager, Payment Technology, U.S. Postal Service, 475 L'Enfant Plaza SW., Room 3660, Washington, DC 20260-0911. Copies of all written comments will be available for inspection and photocopying between 9 a.m. and 4 p.m., Monday through Friday, at the Payment Technology office.
Start Further InfoFOR FURTHER INFORMATION CONTACT:
Hank Heren, Business Programs Specialist, Payment Technology, U.S. Postal Service, at (309) 671-8926.
End Further Info End Preamble Start Supplemental InformationSUPPLEMENTARY INFORMATION:
This final rule is intended to assure that the same general rules apply to third-party organizations as apply to the PES providers. The PES providers must ensure that any third party acting on their behalf performing any function maintains the same facilities, records, and procedures to safeguard the security of the PES.
Start List of SubjectsList of Subjects in 39 CFR Part 501
- Postal Service
Accordingly, for the reasons stated, 39 CFR part 501 is amended as follows:
Start PartPART 501—AUTHORIZATION TO MANUFACTURE AND DISTRIBUTE POSTAGE EVIDENCING SYSTEMS
End Part Start Amendment Part1. The authority citation for 39 CFR part 501 continues to read as follows:
End Amendment Part Start Amendment Part2. Section 501.3 is amended by revising paragraph (d) and adding paragraph (e) as follows:
End Amendment PartStart SignaturePostage Evidencing System provider qualification.* * * * *(d) As the provider bears the ultimate responsibility to ensure customer information will not be compromised at any domestic or off shore locations, the provider (as well as its agent operating domestic or off shore locations) will not cause or permit data to be released other than for the operation of the third-party location. The provider shall notify its customer that data relating to its systems is being housed by a third-party location, and shall provide a copy thereof to the Postal Service of such notice to its customers. To the extent that any unauthorized release takes Start Printed Page 77150place, the vendor shall notify the Postal Service immediately upon discovery of any unauthorized use or disclosure of data or any other breach or improper disclosure of data of this agreement by the provider (as well as its agent operating the third-party location) and will cooperate with the Postal Service in every reasonable way to help the Postal Service regain possession of the data and prevent its further unauthorized use or disclosure. In the event that the Postal Service cannot regain possession of the data or prevent its further unauthorized use or disclosure, the provider shall indemnify the Postal Service from damages resulting from its (or such third-party) actions.
(e) Have, or establish, and keep under its active supervision and control adequate facilities for the control, distribution, and maintenance of PES and their replacement or secure disposal or destruction when necessary and appropriate.
End Signature End Supplemental InformationStanley F. Mires,
Attorney, Legal Policy & Legislative Advice.
[FR Doc. 2011-31726 Filed 12-9-11; 8:45 am]
BILLING CODE 7710-12-P
Document Information
- Comments Received:
- 0 Comments
- Effective Date:
- 1/11/2012
- Published:
- 12/12/2011
- Department:
- Postal Service
- Entry Type:
- Rule
- Action:
- Final rule.
- Document Number:
- 2011-31726
- Dates:
- This rule is effective January 11, 2012.
- Pages:
- 77149-77150 (2 pages)
- Topics:
- Postal Service
- PDF File:
- 2011-31726.pdf
- CFR: (1)
- 39 CFR 501.3