Privacy Act of 1974; System of Records

Issuing agencies

Abstract

The United States Postal Service[supreg] (USPS) is responding to public comments regarding revisions to a Customer Privacy Act Systems of Records (SOR). These revisions were made to support the migration of emails to a cloud-based platform. The response to the comments made herein warrant revision to the original system of records; as such, a new revision to USPS 820.300 Informed Delivery will be submitted adhering to the standard revision process to affect these changes.

Full Text

<html>
<head>
<title>Federal Register, Volume 87 Issue 113 (Monday, June 13, 2022)</title>
</head>
<body><pre>
[Federal Register Volume 87, Number 113 (Monday, June 13, 2022)]
[Notices]
[Pages 35803-35804]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2022-12605]


-----------------------------------------------------------------------

POSTAL SERVICE


Privacy Act of 1974; System of Records

AGENCY: Postal Service[supreg].

ACTION: Notice of a modified system of records; response to comments.

-----------------------------------------------------------------------

SUMMARY: The United States Postal Service[supreg] (USPS) is responding 
to public comments regarding revisions to a Customer Privacy Act 
Systems of Records (SOR). These revisions were made to support the 
migration of emails to a cloud-based platform. The response to the 
comments made herein warrant revision to the original system of 
records; as such, a new revision to USPS 820.300 Informed Delivery will 
be submitted adhering to the standard revision process to affect these 
changes.

DATES: The revisions to USPS 820.300, Informed Delivery, Document 
Citation 87 FR 15275, were originally scheduled to be effective on 
April 18, 2022, without further notice. After review and evaluation of 
comments received, the Postal Service has found that substantive 
changes to the system of records are required; however, these changes 
and only these changes will be reflected through publication of a new 
notice for changes to this system of records. The effective date for 
the implementation of the proposed revisions herein should proceed as 
scheduled, with revisions to the new publication subject to the dates 
appearing within that notice.

FOR FURTHER INFORMATION CONTACT: Janine Castorina, Chief Privacy and 
Records Management Officer, Privacy and Records Management Office, 202-
268-3069 or <a href="/cdn-cgi/l/email-protection#710103180710120831040201025f161e07"><span class="__cf_email__" data-cfemail="19696b706f787a60596c6a696a377e766f">[email&#160;protected]</span></a>.

SUPPLEMENTARY INFORMATION: 
    1. Comment 1: <SUP>1</SUP> The Informed Delivery Service should 
have a retention period of seven (7) days versus fourteen (14) days.
---------------------------------------------------------------------------

    \1\ In response to comments, entitled ``Public Comment on SORN 
for Informed Delivery FR Doc. 2022-05654,'' submitted by the United 
States Postal Service Office of Inspector General.
---------------------------------------------------------------------------

    Answer: The Postal Service's retention period of seven (7) days for 
the Informed Delivery Service was set with the publication of the 
original system of record, finalized December 9, 2016. See 81 FR 89157. 
No changes were made to this retention period in the current system of 
records update at issue. However, the Informed Delivery Program Office 
agrees to extend the retention period for mail piece images to fourteen 
(14) days when the application is migrated to a cloud-based 
infrastructure. In the interest of transparency, the Postal Service 
will submit an additional system of records notice to reflect this 
change. This new notice will supplement the existing submission for 
USPS 820.300 Informed Delivery by creating a new retention period 
specifically for mail images captured and stored within the cloud-based 
platform. However, no other provisions of this system of records will 
be affected and should be considered implemented as of the date listed 
above.
    2. Comment 2: <SUP>2</SUP> Recommending changes to Purpose 9 and 
the creation of two new purposes that are directly related to the 
United States Inspection Service and the United States Office of 
Inspector General.
---------------------------------------------------------------------------

    \2\ In response to comments, entitled ``Public Comment on SORN 
for Informed Delivery FR Doc. 2022-05654,'' submitted by the United 
States Postal Service Office of Inspector General.
---------------------------------------------------------------------------

    Answer: The Office of Inspector General requests that Purpose 9 be 
edited to include the word mail theft. Additionally, it is requested 
that Purposes 16 and 17 be created specifically for the Inspection 
Service and the Office of Inspector General so that both entities may 
use the records for respective investigations.
    The Privacy Act requires that an agency only maintain records that 
are ``relevant and necessary to accomplish a purpose of the agency.'' 
See 5 U.S.C. 552a(e)(1). Individuals are notified of the purposes for 
which the information is collected and used. See 5 U.S.C. 552a(e)(3) 
and (4). The purposes for the system and the use of the information 
gathered by the Informed Delivery System is to support electronic 
notification of mail delivery and other mail delivery purposes. No 
information in this system can go so far as to show mail theft. The 
Informed Delivery Service provides the consumer with images of mail 
that would be delivered that day. If the mail is not delivered, the 
customer can check a box in the Informed Delivery dashboard and note to 
USPS that a particular piece has not been received. At best that 
provides evidence of missing or delayed mail. Showing and identifying 
mail theft would be a much later determination, with more information, 
most of which would not be within the Informed Delivery system. We 
understand that the Office of Inspector General would like to use the 
information for that purpose. However, purposes one and two, that cover 
mail that customers should have received and associated reports of mail 
not received, suit that purpose. The Office of Inspector General may 
use the missing or delayed mail information to compile it with other 
information to determine if theft is an issue.
    When requesting that additional purposes should be articulated for 
this system of records to allow Office of Inspector General and 
Inspection Service investigations, the Office of Inspector General 
misunderstands the Privacy Act's disclosure intent. The purpose of the 
Informed Delivery Service is not to allow investigations. What the 
Office of Inspector General seeks is, instead, to enable certain 
disclosures of the information within the system of records. Authorized 
disclosures are not found within the purposes for gathering or using 
the information. Instead, authorized disclosures are found in section b 
of the Privacy Act. 5 U.S.C. 552a(b) Conditions of Disclosure. The 
Privacy Act provides that ``those officers and employees of the agency 
which maintains the record who have a need for the record in the 
performance of their duties'' may have access. Id. In some instance, 
this provision may provide Inspection Service employees with access to 
records. In addition, other authorized disclosures already exist for 
this SOR that cover disclosure to the Office of Inspector General and/
or the Inspection Service. The next applicable authorized disclosure of 
the Privacy Act allows for disclosures pursuant to routine uses. The 
Postal Service has a routine use to provide records for a law 
enforcement purpose. See AS-353, Guide to Privacy, the Freedom of 
Information Act, and Records Management, Appendix D.2.2. This 
disclosure includes customer systems because the Inspector General Act 
of 1978, as amended, requires certain disclosures. Another authorized 
disclosure of criminal or civil law enforcement activity exists within 
the Privacy Act. See 5 U.S.C. 552a(b)(7). Following a written request, 
certain information can be disclosed for law enforcement purposes. 
Because authorized disclosures apply to provide the information, new 
purposes are not necessary or appropriate in this instance.
    3. Comment 3: <SUP>3</SUP> The Office of Inspector General asks a 
question

[[Page 35804]]

regarding whether third party disclosure of information is permitted in 
order to pursue an investigation. Additionally, in this comment the 
Office of Inspector General requests a routine use allowing third party 
disclosure of information pursuant to an investigation.
---------------------------------------------------------------------------

    \3\ In response to comments, entitled ``Public Comment on SORN 
for Informed Delivery FR Doc. 2022-05654,'' submitted by the United 
States Postal Service Office of Inspector General.
---------------------------------------------------------------------------

    Answer: The question posed by the Office of Inspector General is 
whether the disclosure of some information from this SOR to the Office 
of Inspector General authorizes them to ``share Informed Delivery 
information with third parties to investigate the customer's 
complaint.'' Unfortunately, this request is for a generalized legal 
opinion, absent the factual support of a scenario. Such an opinion 
cannot be provided.
    As discussed in response to comment number 2, three authorized 
disclosures already exist that allow information to be shared for law 
enforcement purposes. However, merely being authorized to provide the 
data to the Office of Inspector General does not end the inquiry. An 
independent inquiry must be made of whether this particular third party 
has a need to know the information. Determining the need to know of a 
particular party is a fact specific determination. As a result, the 
need to know for a particular class of individuals, absent knowledge of 
the particular factual circumstances, cannot be answered in the 
abstract.
    The request for a generalized routine use to further disclose 
information disclosed from a system of record pursuant to a different 
routine use, to a generalized class of individuals is equally 
untenable. It is not possible to ensure that the entire class is 
appropriate for disclosure. As a result, the class does not comport 
with the strictures required by the Privacy Act and cannot be 
entertained.
    4. Comment 4: <SUP>4</SUP> The Office of Inspector General asks two 
questions to ascertain whether mailpiece images are personally 
identifiable information as defined in the Privacy Act.
---------------------------------------------------------------------------

    \4\ In response to comments, entitled ``Public Comment on SORN 
for Informed Delivery FR Doc. 2022-05654,'' submitted by the United 
States Postal Service Office of Inspector General.
---------------------------------------------------------------------------

    Answer: To fully respond to this question, it is necessary to 
discuss the exact nature of a record that would be subject to the 
Privacy Act. A record is subject to the Privacy Act if it is a ``record 
which is contained in a system of records.'' 5 U.S.C. 552a(b).
    A record is an ``item, collection, or grouping of information about 
an individual that is maintained by an agency, including, but not 
limited to, his education, financial transactions, medical history and 
that contains his name, or the identifying number, symbol, or other 
identifying particular assigned to the individual, such as a finger or 
voice print or a photograph.'' 5 U.S.C. 552a(a)(4).
    A system of records is ``a group of any records under the control 
of any agency from which information is retrieved by the name of the 
individual or by some identifying number, symbol, or other identifying 
particular assigned to the individual.'' 5 U.S.C. 552a(a)(5) (emphasis 
added).
    Therefore, to be subject to the Privacy Act, data must be a record 
and stored in a system of record.
    Looking at mailpieces, the answer is two-fold. When mailpiece 
images are within the Informed Delivery System, those mailpiece images 
are records stored in a system of records. Mailpiece images are 
provided to the individual, with a Customer Registration and Informed 
Delivery account, who will be receiving the physical mailpiece. The 
mailpiece images are directly related to the delivery point associated 
to the accounts. Delivery points associated with accounts are retried 
by personal identifier and they are subject to the Privacy Act.
    When the mailpiece images are not within the Informed Delivery 
Service, they are stored in bulk with the mail-processing equipment. 
Those images are not stored or retrieved by personal identifier. It is 
not until they are associated with the Informed Delivery Service that 
they become retrievable by personal identifier. As a result, when the 
mailpiece images are in bulk storage, they are not records subject to 
the Privacy Act.

Joshua J. Hofer,
Attorney, Ethics & Legal Compliance.
[FR Doc. 2022-12605 Filed 6-10-22; 8:45 am]
BILLING CODE P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>