Privacy Act of 1974; System of Records

Issuing agencies

Abstract

The United States Postal Service (USPS) is proposing to revise one Customer Privacy Act Systems of Records (SOR). These modifications are being made to enhance customer registration account functionality and provide optional device fingerprinting services.

Full Text

<html>
<head>
<title>Federal Register, Volume 90 Issue 139 (Wednesday, July 23, 2025)</title>
</head>
<body><pre>
[Federal Register Volume 90, Number 139 (Wednesday, July 23, 2025)]
[Notices]
[Pages 34678-34680]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2025-13840]


=======================================================================
-----------------------------------------------------------------------

POSTAL SERVICE


Privacy Act of 1974; System of Records

AGENCY: U.S. Postal Service.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: The United States Postal Service (USPS) is proposing to revise 
one Customer Privacy Act Systems of Records (SOR). These modifications 
are being made to enhance customer registration account functionality 
and provide optional device fingerprinting services.

DATES: These revisions will become effective without further notice on 
August 22, 2025, unless comments received on or before that date result 
in a contrary determination.

ADDRESSES: Comments may be submitted via email to the Privacy and 
Records Management Office, United States Postal Service Headquarters 
(<a href="/cdn-cgi/l/email-protection#ed989e9d9e9d9f849b8c8e948b88899f888a838299848e88ad989e9d9ec38a829b"><span class="__cf_email__" data-cfemail="c2b7b1b2b1b2b0abb4a3a1bba4a7a6b0a7a5acadb6aba1a782b7b1b2b1eca5adb4">[email&#160;protected]</span></a>). To facilitate public inspection, 
arrangements to view copies of any written comments received will be 
made upon request.

FOR FURTHER INFORMATION CONTACT: Janine Castorina, Chief Privacy and

[[Page 34679]]

Records Management Officer, Privacy and Records Management Office, 202-
268-3069 or <a href="/cdn-cgi/l/email-protection#6b1e181b181b19021d0a08120d0e0f190e0c05041f02080e2b1e181b18450c041d"><span class="__cf_email__" data-cfemail="add8dedddedddfc4dbccced4cbc8c9dfc8cac3c2d9c4cec8edd8deddde83cac2db">[email&#160;protected]</span></a>.

SUPPLEMENTARY INFORMATION: This notice is in accordance with the 
Privacy Act requirement that agencies publish their systems of records 
in the Federal Register when there is a revision, change, or addition, 
or when the agency establishes a new system of records. The Postal 
Service has determined that Customer Privacy Act System of Records USPS 
810.100 <a href="http://www.usps.com">www.usps.com</a> Registration should be revised to enhance customer 
registration account functionality and provide optional device 
fingerprinting services.

I. Background

    The Postal Service takes great pride in its ability to provide 
mail, packages, and related services to the American people. Through 
the course of this administration, the Postal Service also forges and 
grows bonds with the business community within the U.S. The latest 
effort to facilitate this relationship, the Business Customer Gateway, 
provides enhanced service and facilitation for those entities that 
supply the American people with what they need.
    As such, the Postal Service will revise this Privacy Act SOR to 
incorporate enhanced capabilities for <a href="http://USPS.com">USPS.com</a> business accounts to 
administrate the accounts associated with that business. This will 
provide flexibility and efficiency in the sharing of usps.com resources 
between member accounts, as well as provide additional verification 
assurances as to the membership of that group.
    Further, the Postal Service will implement optional device 
fingerprinting services as a method to help ensure account security and 
to provide a seamless user experience.

II. Rationale for Changes to USPS Privacy Act Systems of Records

    The Postal Service will modify this Privacy Act Systems of Records 
accordingly to implement these changes:
    Two new Purposes, 19 and 20.
    Two modified Categories of Records, 1 and 2.
    Two new Categories of Records, 10 and 11.

III. Description of the Modified System of Records

    Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to 
submit written data, views, or arguments on this proposal. A report of 
the proposed revisions to this SOR has been sent to Congress and to the 
Office of Management and Budget for their evaluations. The Postal 
Service does not expect this modified system of records to have any 
adverse effect on individual privacy rights. Accordingly, for the 
reasons stated above, the Postal Service proposes revisions to this 
system of records. SOR 810.100 <a href="http://www.usps.com">www.usps.com</a> Registration is provided 
below in its entirety.

SYSTEM NAME AND NUMBER:
    USPS 810.100, <a href="http://www.usps.com">www.usps.com</a> Registration.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Computer Operations Service Centers.

SYSTEM MANAGER(S):
    Chief Customer and Marketing Officer and Executive Vice President, 
United States Postal Service, 475 L'Enfant Plaza SW, Washington, DC 
20260-5005, (202) 268-7536.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    39 U.S.C. 401, 403, and 404.

PURPOSE(S) OF THE SYSTEM:
    1. To provide online registration with single sign-on services for 
customers.
    2. To facilitate online registration, provide enrollment 
capability, and administer internet-based services or features.
    3. To maintain current and up-to-date address information to assure 
accurate and reliable delivery and fulfillment of postal products, 
services, and other material.
    4. To obtain accurate contact information in order to deliver 
requested products, services, and other material.
    5. To authenticate customer logon information for usps.com.
    6. To permit customer feedback in order to improve usps.com or USPS 
products and services.
    7. To enhance understanding and fulfillment of customer needs.
    8. To verify a customer's identity when the customer establishes or 
attempts to access his or her account.
    9. To identify, prevent, and mitigate the effects of fraudulent 
transactions.
    10. To enhance the customer experience by improving the security of 
Change of Address (COA) and Hold Mail processes.
    11. To protect USPS customers from becoming potential victims of 
mail fraud and identity theft.
    12. To identify and mitigate potential fraud in the COA and Hold 
Mail processes.
    13. To verify a customer's identity when applying for COA and Hold 
Mail services.
    14. To provide online registration for Informed Address platform 
service for customers.
    15. To authenticate customer logon information for Informed Address 
platform services.
    16. To verify the name and address of the sender or the authority 
of the sender's representative when submitting an online International 
inquiry for a lost or damaged package on usps.com, such as the use of 
the International Assistant tool.
    17. To link usps.com customer accounts with authorized third-party 
vendor accounts that allow customers to purchase postage and/or fees 
and print labels for USPS shipping and mailing services.
    18. To facilitate the transmission of customer shipping information 
from third-party vendors to Click-n-Ship[supreg].
    19. To facilitate customer administration of accounts associated 
with a parent business.
    20. To enhance customer experience and security by enabling 
optional device fingerprinting.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Customers who register via the USPS website at usps.com.

CATEGORIES OF RECORDS IN THE SYSTEM:
    1. Customer information: Name; customer ID(s); company name; job 
title and role; account role type; home, business, and billing address; 
phone number(s) and fax number; email(s); URL; text message number(s) 
and carrier; Automated Clearing House (ACH) information, Employer 
Identification Number (EIN), Multi-Factor Authentication (MFA) opt-in 
status; and account-linking identifier.
    2. Identity verification information: Question, answer, username, 
user ID, password, email address, text message address and carrier, 
Employer Identification Number (EIN), device metadata, and results of 
identity proofing validation.
    3. Business specific information: Business type and location, 
business IDs, annual revenue, number of employees, industry, nonprofit 
rate status, mail owner, mail service provider, PC postage user, PC 
postage vendor, product usage information, annual and/or monthly 
shipping budget, payment method and information, planned use of 
product, age of website, and information submitted by, or collected 
from, business customers in connection with promotional marketing 
campaigns.

[[Page 34680]]

    4. Customer preferences: Preferences to receive USPS marketing 
information, preferences to receive marketing information from USPS 
partners, preferred means of contact, preferred email language and 
format, preferred on-screen viewing language, product and/or service 
marketing preference.
    5. Customer feedback: Method of referral to website.
    6. Registration information: Date of registration.
    7. Online user information: Internet Protocol (IP) address, domain 
name, operating system versions, browser version, date and time of 
connection, Media Access Control (MAC) address, device identifier, 
information about the software acting on behalf of the user (i.e., user 
agent), and geographic location.
    8. International Inquiries: Name and address in Customer 
Registration account profile used to match with Sender name and address 
or Sender's representative authority to file an international inquiry 
for a lost or damaged package.
    9. Click-n-Ship Account Linking Information: Customer Address 
Details, Authentication, Customer Contact Name, Currency, Label 
Metadata, Marketplace Label data, Order ID, Order Status, Shipping 
Code, Value, IP Address, MAC Address, Device Type, Browser Type, OAuth 
accessToken, OAuth expiry, OAuth refreshToken, OAuth 
refreshTokenExpiry, OAuth tokenType, Marketplace Data ID, Marketplace 
Data Version, Marketplace Data Account Type, Marketplace Data Account 
Identifier, Marketplace Data Reference ID, Marketplace Data Labels.
    10. Device Fingerprinting Metadata: Device Platform, Device 
Version, Device Name, Device Model, Device Brand, Device Locale, Device 
TimeZone, Device Jailbreak Indicator, Device Hardware, Device 
Manufacturer, Device Storage Capacity, Device Memory Capacity, Device 
Central Processing Unit (CPU) Capacity, Device Display Width and 
Height, Device Orientation, Number of Cameras on Device, Device Browser 
Agent, Device Bluetooth Status, Device Network Status, Device Telephone 
Service Provider Country.
    11. Business Customer Verification Documents: Certificate of 
incorporation, Articles of Incorporation, Certificate of Good Standing, 
Business license or registration, Business tax or VAT registration 
certificate, Fictitious name certificate, Extract from an official 
company register, Official USPS mail, EIN confirmation letter, Official 
tax notices, Tenancy agreement, Letter from the IRS.

RECORD SOURCE CATEGORIES:
    Customers, Individual Sender and Sender's representative filing an 
international inquiry for lost or damaged packages.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    Standard routine uses 1. through 7., 10., and 11. apply.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Automated database, computer storage media, and paper.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    By customer name, customer ID(s), phone number, mail, email 
address, IP address, text message address, and any customer information 
or online user information.
    By tracking number for International package shipments for which an 
individual sender or sender's representative is filing an online 
International inquiry for loss or damage.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    1. ACH records are retained up to 2 years.
    2. Records stored in the registration database are retained until 
the customer cancels the profile record, 3 years after the customer 
last accesses records, or until the relationship ends.
    3. For small business registration, records are retained 5 years 
after the relationship ends.
    4. Online user information may be retained for 6 months.
    Records existing on paper are destroyed by burning, pulping, or 
shredding. Records existing on computer storage media are destroyed 
according to the applicable USPS media sanitization practice.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Paper records, computers, and computer storage media are located in 
controlled-access areas under supervision of program personnel. Access 
to these areas is limited to authorized personnel, who must be 
identified with a badge.
    Access to records is limited to individuals whose official duties 
require such access. Contractors and licensees are subject to contract 
controls and unannounced on-site audits and inspections. Computers are 
protected by mechanical locks, card key systems, or other physical 
access control methods. The use of computer systems is regulated with 
installed security software, computer logon identifications, and 
operating system controls including access controls, terminal and 
transaction logging, and file management software. Online data 
transmissions are protected by encryption.
    For small business registration, computer storage tapes and disks 
are maintained in controlled-access areas or under general scrutiny of 
program personnel. Access is controlled by logon ID and password as 
authorized by the Marketing organization via secure website. Online 
data transmissions are protected by encryption.

RECORD ACCESS PROCEDURES:
    Requests for access must be made in accordance with the 
Notification Procedure above and USPS Privacy Act regulations regarding 
access to records and verification of identity under 39 CFR 266.5.

CONTESTING RECORD PROCEDURES:
    See Notification Procedures and Record Access Procedures.

NOTIFICATION PROCEDURES:
    Customers wanting to know if information about them is maintained 
in this system of records must address inquiries in writing to the 
system manager. Inquiries must contain name, address, and other 
identifying information.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    July 26, 2024, 89 FR 60666; December 15, 2021; 86 FR 71294; March 
16, 2020, 85 FR 14982; December 13, 2018, 83 FR 64164; December 22, 
2017, 82 FR 60776; August 29, 2014, 79 FR 51627; October 24, 2011, 76 
FR 65756; April 29, 2005, 70 FR 22516.

Kevin Rayburn,
Attorney, Ethics and Legal Compliance.
[FR Doc. 2025-13840 Filed 7-22-25; 8:45 am]
BILLING CODE P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>