AGENCY:

Postal Service®.

ACTION:

Notice of modified systems of records.

SUMMARY:

The United States Postal Service® (USPS) is proposing to revise two Customer Privacy Act Systems of Records (SORs). These modifications are being proposed to promote transparency and to support the administration and enforcement of regulations pertaining to articles found in the mail bearing counterfeit postage.

DATES:

These revisions will become effective without further notice on May 8, 2023 unless responses to comments received on or before that date result in a contrary determination.

ADDRESSES:

Comments may be submitted via email to the Privacy and Records Management Office, United States Postal Service Headquarters ( uspsprivacyfedregnotice@usps.gov). To facilitate public inspection, arrangements to view copies of written comments received will be made upon request.

FOR FURTHER INFORMATION CONTACT:

Janine Castorina, Chief Privacy and Records Management Officer, Privacy and Records Management Office, at uspsprivacyfedregnotice@usps.gov or 202–268–2000.

SUPPLEMENTARY INFORMATION:

This notice is in accordance with the Privacy Act requirement that agencies publish their systems of records in the Federal Register when there is a revision, change, or addition, or when the agency establishes a new system of records. The Postal Service has determined that Customer Privacy Act Systems of Records, USPS SOR 820.200, Mail Management and Tracking Activity and USPS SOR 870.200, Postage Validation Imprint (PVI), Electronic Verification System (eVS), Postage Meter, and PC Postage Customer Data and Transaction Records, should be revised to support the detection and handling of articles found in the mail bearing counterfeit Start Printed Page 20565 postage. Counterfeit postage is any marking or indicia that has been made, printed, or otherwise created without authorization from the Postal Service that is printed or applied, or otherwise affixed, on an article placed in the mails that indicates or represents that valid postage has been paid to mail the article.

I. Background

The Postal Service is implementing an initiative to identify and mitigate the use of counterfeit postage on articles found in the mail, including packages. The knowing use of counterfeit postage is a crime that reflects an intentional effort to defraud the Postal Service. As information, the Postal Service is providing public notice of amended regulations in a separate Federal Register notice regarding articles found in the mail with counterfeit postage (Document Citation: 88 FR 10068, Publication Date: February 16, 2023).

II. Rationale for Changes to USPS Privacy Act Systems of Records

Items found in the mail bearing counterfeit postage will be considered abandoned and disposed of at the discretion of the Postal Service, rather than be returned to the sender as the affixing of counterfeit postage reflects the non-payment of postage or an intentional effort to avoid paying postage. Upon detection, a record of the mailpiece or package displaying counterfeit postage will be created to facilitate the administration and enforcement of counterfeit postage regulations and the disposition of those articles.

III. Description of the Modified System of Records

The Postal Service is proposing modifications to USPS SOR 820.200, Mail Management and Tracking Activity, as indicated in the summary of changes below:

○ Added PURPOSE(S) #12 and #13.

○ Added new CATEGORIES OF RECORDS IN THE SYSTEM #8.

○ Added Tracking number, Mailer Identification (MID) Number, Intelligent Mail barcode (IMb), and Intelligent Mail Package barcode (IMPb) to POLICIES AND PRACTICES FOR RETRIEVAL OF RECORD.

○ Added new retention period #8 to POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS.

The Postal Service is also proposing modifications to USPS SOR 870.200, Postage Validation Imprint (PVI), Electronic Verification System (eVS), Postage Meter, and PC Postage Customer Data and Transaction Records, as indicated in the summary of changes listed below:

○ Added PURPOSE(S) #3 and #4

○ Added new CATEGORIES OF RECORDS IN THE SYSTEM as #4

○ Added Tracking number, Mailer Identification (MID) Number, Intelligent Mail barcode (IMb), and Intelligent Mail Package barcode (IMPb) to POLICIES AND PRACTICES FOR RETRIEVAL OF RECORD.

○ Added new retention period #4 to POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS.

Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to submit written data, views, or arguments on this proposal. A report of the proposed revisions has been sent to Congress and to the Office of Management and Budget for their evaluations. The Postal Service does not expect these amended systems of records to have any adverse effect on individual privacy rights. The notices for USPS SOR 820.200, Mail Management and Tracking Activity and SOR 870.200 Postage Validation Imprint (PVI), Electronic Verification System (eVS), Postage Meter, and PC Postage Customer Data and Transaction Records are provided below in their entirety:

SYSTEM NAME AND NUMBER:

USPS 820.200, Mail Management and Tracking Activity.

SECURITY CLASSIFICATION:

None.

SYSTEM LOCATION:

USPS Headquarters; Integrated Business Solutions Services Centers; USPS IT Eagan Host Computing Services Center; and Mail Transportation Equipment Service Centers.

SYSTEM MANAGER(S):

Chief Information Officer and Executive Vice President, United States Postal Service, 475 L'Enfant Plaza SW, Washington, DC 20260–1500.

Chief Customer and Marketing Officer and Executive Vice President, United States Postal Service, 475 L'Enfant Plaza SW, Washington, DC 20260–4016.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

39 U.S.C. 401, 403, and 404.

PURPOSE(S) OF THE SYSTEM:

1. To provide mail acceptance, induction, and scheduling services.

2. To fulfill orders for mail transportation equipment.

3. To provide customers with information about the status of mailings within the USPS network or other carrier networks.

4. To provide customers with mail or package delivery options.

5. To provide business mailers with information about the status of mailings within the USPS mail processing network.

6. To help mailers identify performance issues regarding their mail.

7. To provide delivery units with information needed to fulfill requests for mail redelivery and hold mail service at the address and for the dates specified by the customer.

8. To enhance the customer experience by improving the security of Change of Address (COA) and Hold Mail processes.

9. To protect USPS customers from becoming potential victims of mail fraud and identity theft.

10. To identify and mitigate potential fraud in the COA and Hold Mail processes.

11. To verify a customer's identity when applying for COA and Hold Mail services.

12. To support the administration and enforcement of regulations pertaining to articles found in the mail bearing counterfeit postage.

13. To identify and mitigate potential fraud related to the payment of postage used for shipping and mailing services.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Customers who use USPS mail management and tracking services.

CATEGORIES OF RECORDS IN THE SYSTEM:

1. Customer information: Customer or contact name, mail and email address(es), title or role, phone number(s), text message number, and cell phone carrier.

2. Identification information: Customer ID(s), last four digits of Social Security Number (SSN), D–U–N–S Number; mailer and mailing ID, advertiser name/ID, username, and password.

3. Data on mailings: Paper and electronic data on mailings, including postage statement data (such as volume, class, rate, postage amount, date and time of delivery, mailpiece count), destination of mailing, delivery status, mailing problems, presort information, reply mailpiece information, container label numbers, package label, Special Services label, article number, and permit numbers.

4. Payment information: Credit and/or debit card number, type, and expiration date; ACH information.

5. Customer preference data: Hold mail begin and end date, redelivery date, delivery options, shipping and pickup preferences, drop ship codes, Start Printed Page 20566 comments and instructions, mailing frequency, preferred delivery dates, and preferred means of contact.

6. Product Usage Information: Special Services label and article number.

7. Mail images: Images of mailpieces captured during normal mail processing operations.

8. Counterfeit (CF) Postage Information: Tracking number, Scan Event Data (Date, Time, Scan ID, Device ID, Scan Source, event code, reason code), Product or Service Classification (Service type code, Extra Services Code), Packaging Product Code (i.e., “PS00011000001, PS00011132700, etc.), Sender address, Recipient address, Destination ZIP Code, Country Code, Intelligent Mail barcode (IMb), Intelligent Mail Package barcode (IMpb), Mailer Identification (MID) number, Indicia Type (Retail, Permit, PC Postage, etc.) Permit/Payment Account Number, Meter, IBI or IMI number, Postage Amount, Date of Mailing, Date Article was intercepted as CF, Date article was validated as CF, Location where item is stored, Date Article was Disposed of, Weight, Shape and Size (L_W_H) of Article, USPS Facility (tracking data site), USPS Mail Processing Operation information (operation code).

RECORD SOURCE CATEGORIES:

Customers and, for call center operations, commercially available sources of names, addresses, and telephone numbers.

Records of articles found in the mail bearing counterfeit postage.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

Standard routine uses 1. through 7., 10., and 11. apply.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Automated databases, computer storage media, and paper.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

By customer name, by customer ID(s), by logon ID, by mailing address(es), by 11-digit ZIP Code, by Tracking number, by Mailer Identification (MID) Number, by Intelligent Mail barcode (IMb) and by Intelligent Mail Package barcode (IMpb).

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

1. Records are retained for up to 30 days.

2. Records related to ePubWatch, Confirmation Services and hold mail services are retained for up to 1 year.

3. Special Services and drop ship records are retained 2 years.

4. ACH records are retained up to 2 years.

5. Mailpiece images will be retained up to 3 days.

6. Other records are retained 4 years after the relationship ends.

7. USPS and other carrier network tracking records are retained for up to 30 days for mail and up to 90 days for packages and special services.

8. Records pertaining to counterfeit postage information are retained for 3 calendar years.

Records existing on paper are destroyed by burning, pulping, or shredding. Records existing on computer storage media are destroyed according to the applicable USPS media sanitization practice.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Paper records, computers, and computer storage media are located in controlled-access areas under supervision of program personnel. Access to these areas is limited to authorized personnel, who must be identified with a badge.

Access to records is limited to individuals whose official duties require such access. Contractors and licensees are subject to contract controls and unannounced on-site audits and inspections.

Computers are protected by mechanical locks, card key systems, or other physical access control methods. The use of computer systems is regulated with installed security software, computer logon identifications, and operating system controls including access controls, terminal and transaction logging, and file management software. Online data transmissions are protected by encryption.

RECORD ACCESS PROCEDURES:

Requests for access must be made in accordance with the Notification Procedure above and USPS Privacy Act regulations regarding access to records and verification of identity under 39 CFR 266.5.

CONTESTING RECORD PROCEDURES:

See Notification Procedures below and Record Access Procedures above.

NOTIFICATION PROCEDURES:

Customers wanting to know if information about them is maintained in this system of records must address inquiries in writing to the system manager. Inquiries should contain name, customer ID(s), if any, and/or logon ID.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

December 27, 2018, 83 FR 66768; June 05, 2017, 82 FR 25819; August 25, 2016, 81 FR 58542; January 21, 2014, 79 FR 3423; August 03, 2012, 77 FR 46528; June 27, 2012, 77 FR 38342; October 24, 2011, 76 FR 65756; April 29, 2005, 70 FR 22516.

SYSTEM NAME AND NUMBER:

USPS 870.200, Postage Validation Imprint (PVI), Electronic Verification System (eVS), Postage Meter, and PC Postage Customer Data and Transaction Records.

SECURITY CLASSIFICATION:

None.

SYSTEM LOCATION:

USPS Headquarters, USPS facilities, Integrated Business Solutions Services Centers, and partner locations.

SYSTEM MANAGER(S):

Vice President, Technology Applications, United States Postal Service, 475 L'Enfant Plaza SW, Washington, DC 20260.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

39 U.S.C. 401, 403, and 404; 39 CFR part 501.

PURPOSE(S) OF THE SYSTEM:

1. To enable responsible administration of postage evidencing system activities.

2. To enhance understanding and fulfillment of customer needs.

3. To support the administration and enforcement of regulations pertaining to articles found in the mail bearing counterfeit postage.

4. To identify and mitigate potential fraud related to the payment of postage used for shipping and mailing services.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Postage evidencing system users.

CATEGORIES OF RECORDS IN THE SYSTEM:

1. Customer information: Contact name, address, and telephone number; registration identifiers; company name; and change of address information.

2. Identification information: Customer/system ID(s), IP address(es), date of device installation, device ID number, device model number, and certificate serial number.

3. Mailing and transaction information: Tracking ID, package identification code (PIC), customer-provided package/transaction attribute data, postage paid, contract pricing, package attribute data, USPS collection and source system identifiers, mailpiece images, and package destination and origin. Start Printed Page 20567

4. Counterfeit (CF) Postage Information: Tracking number, Scan Event Data (Date, Time, Scan ID, Device ID, Scan Source, event code, reason code), Product or Service Classification (Service type code, Extra Services Code), Packaging Product Code (i.e., “PS00011000001, PS00011132700, etc.), Sender address, Recipient address, Destination ZIP Code, Country Code, Intelligent Mail barcode (IMb), Intelligent Mail Package barcode (IMpb), Mailer Identification (MID) number, Indicia Type (Retail, Permit, PC Postage, etc.) Permit/Payment Account Number, Meter, IBI or IMI number, Postage Amount, Date of Mailing, Date Article was intercepted as CF, Date article was validated as CF, Location where item is stored, Date Article was Disposed of, Weight, Shape and Size (L_W_H) of Article, USPS Facility (tracking data site), USPS Mail Processing Operation information (operation code).

RECORD SOURCE CATEGORIES:

Customers; authorized service providers of postage evidencing systems; and USPS personnel.

Records of articles found in the mail bearing counterfeit postage.

ROUTINE USES OF RECORDS IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

Standard routine uses 1. through 7., 10., and 11. apply. In addition:

a. The name and address of an authorized user of a postage meter or PC Postage product (postage evidencing systems), printing a specified indicium will be furnished to any person provided the user is using the postage meter or PC Postage product for business purposes.

b. Customer-specific records and related sampling systems in this system may be disclosed to eVS customers, indicia providers, and PC Postage providers, including approved shippers, for revenue assurance to ensure accuracy of postage payment across payment systems, and to otherwise enable responsible administration of postage evidencing system activities.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Automated databases, computer storage media, and paper.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

By customer name and by numeric file of postage evidencing systems ID number by customer ID(s), by Tracking number, by Mailer Identification (MID) Number, by Intelligent Mail barcode (IMb) and by Intelligent Mail Package barcode (IMPb).

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

1. ACH records are retained up to 2 years. Records of payment are retained up to 7 years.

2. Other records in this system are retained up to 7 years after a customer ceases using a postage evidencing system.

3. Within the Postal Service and directly to eVS customers, or through third-party software providers (including meter and PC Postage providers) for the purpose of enabling responsible administration of revenue assurance and other postage evidencing system activities, facilitating remediation of postage disparities, and meeting SOX compliance requirements, in accordance with 39 CFR part 501.

4. Records pertaining to counterfeit postage information are retained for 3 calendar years.

Records existing on paper are destroyed by burning, pulping, or shredding. Records existing on computer storage media are destroyed according to the applicable USPS media sanitization practice.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Paper records, computers, and computer storage media are located in controlled-access areas under supervision of program personnel. Access to these areas is limited to authorized personnel, who must be identified with a badge.

Access to records is limited to individuals whose official duties require such access. Contractors and licensees are subject to contract controls and unannounced on site audits and inspections.

Computers are protected by mechanical locks, card key systems, or other physical access control methods. The use of computer systems is regulated with installed security software, computer logon identifications, and operating system controls including access controls, terminal and transaction logging, and file management software.

RECORD ACCESS PROCEDURES:

Requests for access must be made in accordance with the Notification Procedure above and USPS Privacy Act regulations regarding access to records and verification of identity under 39 CFR 266.5.

CONTESTING RECORD PROCEDURES:

See Notification Procedures below and Record Access Procedures above.

NOTIFICATION PROCEDURES:

Customers wanting to know if information about them is maintained in this system of records must address inquires in writing to: Manager, Finance and Payment Technology, United States Postal Service, 475 L'Enfant Plaza SW, Washington, DC 20260. Inquiries should include the individual's name and customer ID.

HISTORY:

December 10, 2014, 79 FR 733454; June 27, 2012, 77 FR 38342; October 24, 2011, 76 FR 65756; April 29, 2005, 70 FR 22516.