Effective December 10, 2015, the Postal Service™ is revising Handbook AS-353, Guide to Privacy, the Freedom of Information Act, and Records Management, to include these modifications which were published in the Federal Register on June 20, 2014 (79 FR 35389–35390).
The Postal Service has modified USPS 810.100, usps.com® Registration, to account for the collection of additional information pertaining to the computers, devices, networks, and software that customers use to conduct transactions. The Customer Registration application is a target for various types of fraudulent activity, such as the creation of fraudulent accounts, identity theft, and unauthorized account access. Consistent with the official USPS Privacy Policy at www.usps.com/privacypolicy, the Postal Service has implemented policies and programs that attempt to identify and mitigate such fraudulent activities, including the collection and analysis of Internet Protocol (IP) addresses from users of www.usps.com for the purposes of identifying potential fraudulent activities.
While these above mentioned policies and programs have had success, the Postal Service has enhanced its ability to identify and mitigate fraud through the collection of additional types of customer information during the Customer Registration process. This information includes: 1) device identification number (device ID), which is a unique or distinctive number associated with a smartphone or other digital device, 2) Media Access Control (MAC) address, a unique identifier assigned to network interfaces for communications and associated with the computer hardware that enables a device such as a smartphone or laptop to connect to a computer network, and, 3) user agent information, which contains information about the software acting on behalf of the customer when the customer connects and interacts with a website such as www.usps.com.
The organization routinely analyzes data collected from the customer, including the additional information specified above, thereby enhancing Postal Service fraud protection controls. When specific fraud is identified against a customer account, the organization communicates the incident to the registrant and offers recommended steps to enhance the customer’s protection.
Additionally, the Postal Service is collecting information from businesses regarding promotional marketing campaigns. The Postal Service values its business customers, and welcomes any information they wish to share in connection with USPS promotional marketing campaigns. By associating this information with a business customer’s account, the Postal Service is better able to learn about and serve that customer. Furthermore, such information may aid the Postal Service in making improvements to www.usps.com as well as to Postal Service products and services.
This SOR is also being amended to include information on whether a USPS business customer is a mail owner, a mail service provider, a PC Postage user, and/or a PC postage vendor. Such information, which is currently collected and stored in other postal information systems (Program Registration and PostalOne!), will now be maintained in the Customer Registration database and enables businesses to participate in Package Service programs, to receive mail tracking data, to receive incentives on certain mail volumes, or to avail themselves of other postal features available to business customers.
Handbook AS-353, Guide to Privacy, the Freedom of Information Act, and Records Management
* * * * *
Appendix — Privacy Act Systems of Records
* * * * *
Section E. Complete Text of Systems of Records
* * * * *
USPS 810.100
SYSTEM NAME:
www.usps.com Registration.
* * * * *
Categories of Records in the System
[Revise the text of item 3 to read as follows:]
* * * * *
3. Business specific information: Business type and location, business IDs, annual revenue, number of employees, industry, nonprofit rate status, mail owner, mail service provider, PC postage user, PC postage vendor, product usage information, annual and/or monthly shipping budget, payment method and information, planned use of product, and age of website, and information submitted by, or collected from, business customers in connection with promotional marketing campaigns.
* * * * *
[Revise the text of item 7 to read as follows:]
7. Online user information: Internet Protocol (IP) address, domain name, operating system versions, browser version, date and time of connection, Media Access Control (MAC) address, device identifier, information about the software acting on behalf of the user (i.e., user agent), and geographic location.
* * * * *
We will incorporate these revisions into the next online update of Handbook AS-353, Guide to Privacy, the Freedom of Information Act, and Records Management, which is available on the Postal Service PolicyNet website:
n Go to http://blue.usps.gov.
n Under “Essential Links” in the left-hand column, click PolicyNet.
n Click HBKs.
The direct URL for the Postal Service PolicyNet website is http://blue.usps.gov/cpim.
— Privacy and Records Office,
General Counsel and Executive VP, 12-10-15
