Effective February 28, 2019, the Postal Service™ is revising Handbook AS-353, Guide to Privacy, the Freedom of Information Act, and Records Management, to update several System of Records (SORs) in the Appendix— Privacy Act System of Records.
As required by the Privacy Act, upon creation or revision of SORs, notices have been published in the Federal Register for each of the revised and new SORs.
Handbook AS-353, Guide to Privacy, the Freedom of Information Act, and Records Management
* * * * *
Appendix — Privacy Act Systems of Records
* * * * *
Section E. Complete Text of Systems of Records
* * * * *
USPS 800.000
System Name:
Address Change, Mail Forwarding, and Related Services.
* * * * *
Purpose(s)
[Add new items 8 through 11 to read as follows:]
* * * * *
8. To enhance the customer experience by improving the security of Change of Address (COA) and Hold Mail processes.
9. To protect USPS customers from becoming potential victims of mail fraud and identity theft.
10. To identify and mitigate potential fraud in the COA and Hold Mail processes.
11. To verify a customer’s identity when applying for COA and Hold Mail services.
* * * * *
System Manager(s) and Address
[Revise the third entry to read as follows:]
Vice President, Customer Experience,***
* * * * *
[Add new system USPS 800.050 to read as follows:]
USPS 800.050
System Name:
Address Matching for Mail Fraud Detection and Prevention.
System Classification
None.
System Location
USPS National Customer Support Center (NCSC) and USPS IT Eagan Host Computing Services Center.
System Manager(s)
Vice President, Product Innovation, United States Postal Service, 475 L’Enfant Plaza SW, Washington, DC 20260-1010; (202) 268-6078.
Authority for Maintenance of the System
18 U.S.C. 1341, 1343, and 3061; 39 U.S.C. 401, 403, 404, 3003, and 3005.
Purpose(s)
1. To enhance the customer experience by improving the security of Change of Address (COA) and Hold Mail processes.
2. To protect USPS customers from becoming potential victims of mail fraud and identity theft.
3. To identify and mitigate potential fraud in the COA and Hold Mail processes.
4. To verify a customer’s identity when applying for COA and Hold Mail services.
5. To facilitate mail fraud prevention for COA and Hold Mail services through address matching across USPS customer systems.
6. To facilitate the provision of accurate and reliable mail and package delivery services.
Categories of Individuals Covered by the System
Customers requesting COA mail forwarding or Hold Mail services.
Categories of Records in the System
1. Customer information: For COA requests, old and new address, email address(es), telephone numbers and device identification; for Hold Mail, address, email address(es), and telephone numbers.
2. Online user information: Device identification.
Record Source Categories
Individual customers requesting COA, mail forwarding, or Hold Mail services and other USPS customer systems.
Routine Uses of Records Maintained in the System, Including Categories of Users and Purposes of Such Uses
Standard routine uses 1 through 7, 10, and 11 apply.
Policies and Practices for Retrieval of Records
Retrieval is accomplished by a computer-based system, using one or more of the following elements: ZIP Code(s), address, telephone number, email address, device identification, and IP address.
Retention and Disposal
COA and Hold Mail records are retained in an electronic database for 10 years from the effective date.
Electronic records existing on computer storage media are destroyed according to the applicable USPS media sanitization practice.
Administrative, Physical, and Technical Safeguards
Electronic records, computers, and computer storage media are located in controlled-access areas under supervision of program personnel. Access to records is limited to individuals whose official duties require such access. Contractors and licensees are subject to contract controls and unannounced onsite audits and inspections.
Computers are protected by mechanical locks, card key systems, or other physical access control methods. The use of computer systems is regulated with installed security software, computer logon identifications, and operating system controls including access controls, terminal and transaction logging, and file management software.
Online data transmission is protected by encryption, dedicated lines, and authorized access codes.
Records Access Procedures
Requests for access must be made in accordance with the Notification Procedure above and the USPS Privacy Act regulations regarding access to records and verification of identity under 39 CFR 266.5.
Contesting Records Procedures
See Notification Procedures below and Record Access Procedures above.
Notification Procedures
Customers wanting to know if information about them is maintained in this system of records must address inquiries in writing to the system manager. Inquiries must contain name, address, email, and other identifying information.
Exemptions Promulgated for the System
None.
History
None.
* * * * *
USPS 810.100
System Name:
www.usps.com Registration.
* * * * *
Purpose(s)
[Add new item 2 and renumber current items 2 through 8 as new items 3 through 9 to read as follows:]
* * * * *
2. To facilitate online registration, provide enrollment capability, and administer Internet-based services or features.
3. To maintain current and up-to-date address information to assure accurate and reliable delivery and fulfillment of postal products, services, and other material.
4. To obtain accurate contact information in order to deliver requested products, services, and other material.
5. To authenticate customer logon information for usps.com.
6. To permit customer feedback in order to improve usps.com or USPS products and services.
7. To enhance understanding and fulfillment of customer needs.
8. To verify a customer’s identity when the customer establishes, or attempts to access his or her account.
9. To identify, prevent, and mitigate the effects of fraudulent transactions.
[Add new items 10 through 14 to read as follows:]
10. To enhance the customer experience by improving the security of Change of Address (COA) and Hold Mail processes.
11. To protect USPS customers from becoming potential victims of mail fraud and identity theft.
12. To identify and mitigate potential fraud in the COA and Hold Mail processes.
13. To verify a customer’s identity when applying for COA and Hold Mail services. To provide online registration for Informed Address platform service for customers.
14. To authenticate customer logon information for Informed Address platform services.
* * * * *
System Manager(s) and Address
[Revise the text to read as follows:]
Chief Customer and Marketing Officer and Executive Vice President,***
* * * * *
USPS 810.200
System Name:
www.usps.com Ordering, Payment, and Fulfillment.
* * * * *
Purpose(s)
[Add new items 8 through 11 to read as follows:]
* * * * *
8. To enhance the customer experience by improving the security of Change of Address (COA) and Hold Mail processes.
9. To protect USPS customers from becoming potential victims of mail fraud and identity theft.
10. To identify and mitigate potential fraud in the COA and Hold Mail processes.
11. To verify a customer’s identity when applying for COA and Hold Mail services.
* * * * *
USPS 820.200
System Name:
Mail Management and Tracking Activity.
System Location
[Revise the text to read as follows:]
USPS Headquarters; Integrated Business Solutions Services Centers; USPS IT Eagan Host Computing Services Center; and Mail Transportation Equipment Service Centers.
* * * * *
[Add items 8 through 11 to read as follows:]
* * * * *
8. To enhance the customer experience by improving the security of Change of Address (COA) and Hold Mail processes.
9. To protect USPS customers from becoming potential victims of mail fraud and identity theft.
10. To identify and mitigate potential fraud in the COA and Hold Mail processes.
11. To verify a customer’s identity when applying for COA and Hold Mail services.
* * * * *
System Manager(s) and Address
[Revise the second entry to read as follows:]
* * * * *
Chief Customer and Marketing Officer and Executive Vice President, United States Postal Service, 475 L’Enfant Plaza SW, Washington, DC 20260.
* * * * *
USPS 820.300
System Name:
Informed Delivery.
* * * * *
Purpose(s)
[Add new items 8 through 11 to read as follows:]
* * * * *
8. To enhance the customer experience by improving the security of Change of Address (COA) and Hold Mail processes.
9. To protect USPS customers from becoming potential victims of mail fraud and identity theft.
10. To identify and mitigate potential fraud in the COA and Hold Mail processes.
11. To verify a customer’s identity when applying for COA and Hold Mail services.
* * * * *
System Manager(s) and Address
[Revise the text to read as follows:]
Vice President, Product Innovation, United States Postal Service, 475 L’Enfant Plaza SW, Washington, DC 20260
* * * * *
USPS 830.000
System Name:
Customer Service and Correspondence.
* * * * *
Purpose(s)
[Add new items 3 through 7 to read as follows:]
* * * * *
3. To enhance the customer experience by improving the security of Change of Address (COA) and Hold Mail processes.
4. To protect USPS customers from becoming potential victims of mail fraud and identity theft.
5. To identify and mitigate potential fraud in the COA and Hold Mail processes.
6. To verify a customer’s identity when applying for COA and Hold Mail services.
7. To support (or facilitate) the administration of Operation Santa, Letters to Santa, or similar programs.
* * * * *
Retention and Disposal
[Add new item 5 and renumber current item 5 as new item 6 to read as follows:]
* * * * *
5. Records related to Operation Santa, Letters to Santa, or similar programs are retained 6 months after the new calendar year.
6. Other records are retained 2 years after resolution of the inquiry.
* * * * *
System Manager(s) and Address
[Revise the text to read as follows:]
Chief Customer and Marketing Officer and Executive Vice President, United States Postal Service, 475 L’Enfant Plaza SW, Washington, DC 20260.
* * * * *
USPS 910.000
System Name:
Identity and Document Verification Services.
* * * * *
Categories of Individuals Covered by the System
[Revise the text to read as follows:]
1. Customers who apply for identity and document verification services.
2. Customers who may require identity verification for postal products and services.
Categories of Records in the System
[Revise the text to read as follows:]
1. Customer information: Name, address, customer ID(s), telephone number, text message number and carrier, mail and email address, date of birth, place of birth, company name, title, role, and employment status.
2. Customer preference information: Preferred means of contact.
3. Names and contact information of users who are authorized to have access to data.
4. Verification and payment information: Credit or debit card information or other account number, government issued ID type and number, verification question and answer, and payment confirmation code. Note: Social Security Number and credit or debit card information are collected, but not stored, in order to verify ID.
5. Biometric information: Fingerprint, photograph, height, weight, and iris scans. Note: Information may be collected, secured, and returned to customer or third parties at the request of the customer, but not stored.
6. Digital certificate information: Customer’s public key(s), certificate serial numbers, distinguished name, effective dates of authorized certificates, certificate algorithm, date of revocation or expiration of certificate, and USPS-authorized digital signature.
7. Online user information: Device identification.
8. Transaction information: Clerk signature; transaction type, date and time, location, source of transaction; product use and inquiries; Change of Address (COA) and Hold Mail transactional data.
9. Electronic information related to encrypted or hashed documents.
10. Recipient information: Electronic signature ID, electronic signature image, electronic signature expiration date, and timestamp.
* * * * *
Purpose(s)
[Add new items 10 through 15 to read as follows:]
* * * * *
10. To enhance the customer experience by improving the security of COA and Hold Mail processes.
11. To protect USPS customers from becoming potential victims of mail fraud and identity theft.
12. To identify and mitigate potential fraud in the COA and Hold Mail processes.
13. To verify a customer’s identity when applying for COA and Hold Mail services.
14. To provide an audit trail for COA and Hold Mail requests (linked to the identity of the submitter).
15. To enhance remote identity proofing with a Phone Validation and One-Time Passcode solution.
* * * * *
Retention and Disposal
[Add new items 9 and 10 to read as follows:]
* * * * *
9. Driver’s License data will be retained for 5 years.
10. COA and Hold Mail transactional data will be retained for 5 years.
* * * * *
The Postal Service will incorporate these revisions into the next update of the online Handbook AS-353, Guide to Privacy, the Freedom of Information Act, and Records Management, which is available on the Postal Service PolicyNet website:
n Go to blue.usps.gov.
n In the left-hand column under “Essential Links,” click PolicyNet.
n Go to the right-hand side under “Published Forms and Directives.”
n Click Handbooks.
The direct URL for the Postal Service PolicyNet website is blue.usps.gov/cpim.
— Privacy and Records Management Office,
General Counsel and Executive Vice President, 2-28-19
