AGENCY:

Postal Service.

ACTION:

Notice of a modified system of records.

SUMMARY:

The United States Postal Service® (Postal Service) is proposing to modify a Customer Privacy Act System of Records (SOR) to enhance an ongoing initiative to identify, prevent and mitigate potentially fraudulent activity within the Change-of-Address and Hold Mail processes.

DATES:

These revisions will become effective without further notice on January 14, 2021, unless, in response to comments received on or before that date result in a contrary determination.

ADDRESSES:

Comments may be submitted via email to the Privacy and Records Management Office, United States Postal Service Headquarters (privacy@usps.gov). To facilitate public inspection, arrangements to view copies of any written comments received will be made upon request.

FOR FURTHER INFORMATION CONTACT:

Janine Castorina, Chief Privacy and Records Management Officer, Privacy and Records Management Office, 202-268-3069 or privacy@usps.gov.

SUPPLEMENTARY INFORMATION:

This notice is in accordance with the Privacy Act requirement that agencies publish their systems of records in the Federal Register when there is a revision, change, or addition, or when the agency establishes a new system of records. The Postal Service is proposing revisions to an existing system of records (SOR) to support and enhance the Address Mapping Directory initiative, previously referred to as the Address Matching Database initiative. USPS SOR 800.050, was implemented on January 4, 2019, to facilitate the detection and prevention of fraudulent Change-of-Address and Hold Mail service requests.

I. Background

In a continuing effort to enhance the security of mailing and shipping services, the Postal Service utilizes an Address Mapping Directory to identify, prevent and mitigate potentially fraudulent activity within the Change-of-Address and Hold Mail processes. With the exception of Change-of-Address requests subject to protective court orders, the Address Mapping Directory initiative sends an email notification to customers who submit a Change-of-Address request or a Hold Mail request. The Address Mapping Directory initiative enhances the confidentiality and privacy of mail and package delivery services by improving the security of both the Change-of-Address and Hold Mail processes. The Address Mapping Directory also protects Postal Service customers from becoming potential victims of mail fraud and identity theft. Other policies that ensure the security and confidentiality of personal information are described below in the Safeguards section of this SOR.

II. Rationale for Changes to USPS Privacy Act Systems of Records

The Postal Service currently maintains the Address Mapping Directory (AMD), previously referred to as the Address Matching Database, to detect and prevent potential fraud for Change-of-Address (COA) and Hold Mail service requests, through address mapping comparisons and cross-checks between multiple Postal Service customer systems. In order to enhance the accuracy and functionality of address mapping comparisons and cross-checks, the Postal Service is proposing to modify SOR 800.050 Address Matching for Mail Fraud Detection and Prevention, to revise the System Name, include customer names, options selected for type of move by customers, and online user information in the Categories of Records, to reduce retention time for records, and to provide a more descriptive version of Start Printed Page 81225existing purpose 5, to promote transparency.

III. Description of the Modified System of Records

Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to submit written data, views, or arguments on this proposal. A report of the proposed revisions to this SOR has been sent to Congress and to the Office of Management and Budget for their evaluations. The Postal Service does not expect this modified system of records to have any adverse effect on individual privacy rights. Accordingly, for the reasons stated above, the Postal Service proposes revisions to this system of records as follows:

SYSTEM NAME AND NUMBER:

USPS 800.050, Address Mapping Directory for Mail Fraud Detection and Prevention.

SECURITY CLASSIFICATION:

None.

SYSTEM LOCATION:

USPS National Customer Support Center (NCSC) and USPS IT Eagan Host Computing Services Center.

SYSTEM MANAGER(S) AND ADDRESS:

Vice President, Product Innovation, United States Postal Service, 475 L'Enfant Plaza SW, Washington, DC 20260.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

18 U.S.C. 1341, 1343 and 3061; 39 U.S.C. 401, 403, 404, 3003 and 3005.

PURPOSE(S):

1. To enhance the customer experience by improving the security of Change-of-Address (COA) and Hold Mail processes.

2. To protect USPS customers from becoming potential victims of mail fraud and identity theft.

3. To identify and mitigate potential fraud in the COA and Hold Mail processes.

4. To verify a customer's identity when applying for COA and Hold Mail services.

5. To facilitate mail fraud detection and prevention for COA and Hold Mail service requests through address mapping comparisons and cross-checks between multiple USPS customer systems.

6. To facilitate the provision of accurate and reliable mail and package delivery services.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Customers requesting Change-of-Address mail forwarding services or Hold Mail services.

CATEGORIES OF RECORDS IN THE SYSTEM:

1. Customer information: For Change-of-Address requests, customer name(s), including first name, middle name or initial, last name and suffix, old and new address, email address(es), options selected for type of move (individual, family, or business) and (permanent), telephone numbers and device identification; for Hold Mail requests, customer name(s), including first name, middle name or initial, last name and suffix, address, email address(es), and telephone numbers.

2. Online user information: Device identification, internet Protocol (IP) address.

RECORD SOURCE CATEGORIES:

Individual customers requesting Change-of-Address, mail forwarding, or Hold Mail services and other USPS Products, Services and features from USPS customer systems.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

Standard routine uses 1. through 7, 10 and 11. apply.

STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Automated databases.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Retrieval is accomplished by a computer-based system, using one or more of the following elements: By customer name(s), ZIP Code(s), address, telephone number, email address, device identification and/or IP address.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

COA and Hold Mail records are retained in an electronic database for 5 years from the effective date.

Electronic records existing on computer storage media are destroyed according to the applicable USPS media sanitization practice.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Electronic records, computers, and computer storage media are located in controlled-access areas under supervision of program personnel. Access to records is limited to individuals whose official duties require such access. Contractors and licensees are subject to contract controls and unannounced on-site audits and inspections.

Computers are protected by mechanical locks, card key systems, or other physical access control methods. The use of computer systems is regulated with installed security software, computer logon identifications, and operating system controls including access controls, terminal and transaction logging, and file management software.

Online data transmission and storage is protected by encryption, dedicated lines, and authorized access codes.

RECORD ACCESS PROCEDURES:

Requests for access must be made in accordance with the Notification Procedure above and the USPS Privacy Act regulations regarding access to records and verification of identity under 39 CFR 266.5.

CONTESTING RECORD PROCEDURES:

See Notification Procedure and Record Access Procedures above.

NOTIFICATION PROCEDURES:

Customers wanting to know if information about them is maintained in this system of records must address inquiries in writing to the system manager. Inquiries must contain name, address, email, and other identifying information.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

December 4, 2018, 83 FR 62631.