Years > 2025 > July, 2025 > Wednesday, July 23, 2025
Next Article Next
Next Previous Article
90 FR 139 pgs. 34678-34680 - Privacy Act of 1974; System of Records

Type: NOTICEVolume: 90Number: 139Pages: 34678 - 34680
FR document: [FR Doc. 2025-13840 Filed 7-22-25; 8:45 am]
Agency: Postal Service
Official PDF Version:  PDF Version
Pages: 34678, 34679, 34680

[top] page 34678

POSTAL SERVICE

Privacy Act of 1974; System of Records

AGENCY:

U.S. Postal Service.

ACTION:

Notice of a modified system of records.

SUMMARY:

The United States Postal Service (USPS) is proposing to revise one Customer Privacy Act Systems of Records (SOR). These modifications are being made to enhance customer registration account functionality and provide optional device fingerprinting services.

DATES:

These revisions will become effective without further notice on August 22, 2025, unless comments received on or before that date result in a contrary determination.

ADDRESSES:

Comments may be submitted via email to the Privacy and Records Management Office, United States Postal Service Headquarters ( uspsprivacyfedregnotice@usps.gov ). To facilitate public inspection, arrangements to view copies of any written comments received will be made upon request.

FOR FURTHER INFORMATION CONTACT:


[top] Janine Castorina, Chief Privacy and page 34679 Records Management Officer, Privacy and Records Management Office, 202-268-3069 or uspsprivacyfedregnotice@usps.gov.

SUPPLEMENTARY INFORMATION:

This notice is in accordance with the Privacy Act requirement that agencies publish their systems of records in the Federal Register when there is a revision, change, or addition, or when the agency establishes a new system of records. The Postal Service has determined that Customer Privacy Act System of Records USPS 810.100 www.usps.com Registration should be revised to enhance customer registration account functionality and provide optional device fingerprinting services.

I. Background

The Postal Service takes great pride in its ability to provide mail, packages, and related services to the American people. Through the course of this administration, the Postal Service also forges and grows bonds with the business community within the U.S. The latest effort to facilitate this relationship, the Business Customer Gateway, provides enhanced service and facilitation for those entities that supply the American people with what they need.

As such, the Postal Service will revise this Privacy Act SOR to incorporate enhanced capabilities for USPS.com business accounts to administrate the accounts associated with that business. This will provide flexibility and efficiency in the sharing of usps.com resources between member accounts, as well as provide additional verification assurances as to the membership of that group.

Further, the Postal Service will implement optional device fingerprinting services as a method to help ensure account security and to provide a seamless user experience.

II. Rationale for Changes to USPS Privacy Act Systems of Records

The Postal Service will modify this Privacy Act Systems of Records accordingly to implement these changes:

Two new Purposes, 19 and 20.

Two modified Categories of Records, 1 and 2.

Two new Categories of Records, 10 and 11.

III. Description of the Modified System of Records

Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to submit written data, views, or arguments on this proposal. A report of the proposed revisions to this SOR has been sent to Congress and to the Office of Management and Budget for their evaluations. The Postal Service does not expect this modified system of records to have any adverse effect on individual privacy rights. Accordingly, for the reasons stated above, the Postal Service proposes revisions to this system of records. SOR 810.100 www.usps.com Registration is provided below in its entirety.

SYSTEM NAME AND NUMBER:

USPS 810.100, www.usps.com Registration.

SECURITY CLASSIFICATION:

None.

SYSTEM LOCATION:

Computer Operations Service Centers.

SYSTEM MANAGER(S):

Chief Customer and Marketing Officer and Executive Vice President, United States Postal Service, 475 L'Enfant Plaza SW, Washington, DC 20260-5005, (202) 268-7536.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

39 U.S.C. 401, 403, and 404.

PURPOSE(S) OF THE SYSTEM:

1. To provide online registration with single sign-on services for customers.

2. To facilitate online registration, provide enrollment capability, and administer internet-based services or features.

3. To maintain current and up-to-date address information to assure accurate and reliable delivery and fulfillment of postal products, services, and other material.

4. To obtain accurate contact information in order to deliver requested products, services, and other material.

5. To authenticate customer logon information for usps.com.

6. To permit customer feedback in order to improve usps.com or USPS products and services.

7. To enhance understanding and fulfillment of customer needs.

8. To verify a customer's identity when the customer establishes or attempts to access his or her account.

9. To identify, prevent, and mitigate the effects of fraudulent transactions.

10. To enhance the customer experience by improving the security of Change of Address (COA) and Hold Mail processes.

11. To protect USPS customers from becoming potential victims of mail fraud and identity theft.

12. To identify and mitigate potential fraud in the COA and Hold Mail processes.

13. To verify a customer's identity when applying for COA and Hold Mail services.

14. To provide online registration for Informed Address platform service for customers.

15. To authenticate customer logon information for Informed Address platform services.

16. To verify the name and address of the sender or the authority of the sender's representative when submitting an online International inquiry for a lost or damaged package on usps.com, such as the use of the International Assistant tool.

17. To link usps.com customer accounts with authorized third-party vendor accounts that allow customers to purchase postage and/or fees and print labels for USPS shipping and mailing services.

18. To facilitate the transmission of customer shipping information from third-party vendors to Click-n-Ship®.

19. To facilitate customer administration of accounts associated with a parent business.

20. To enhance customer experience and security by enabling optional device fingerprinting.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Customers who register via the USPS website at usps.com.

CATEGORIES OF RECORDS IN THE SYSTEM:

1. Customer information: Name; customer ID(s); company name; job title and role; account role type; home, business, and billing address; phone number(s) and fax number; email(s); URL; text message number(s) and carrier; Automated Clearing House (ACH) information, Employer Identification Number (EIN), Multi-Factor Authentication (MFA) opt-in status; and account-linking identifier.

2. Identity verification information: Question, answer, username, user ID, password, email address, text message address and carrier, Employer Identification Number (EIN), device metadata, and results of identity proofing validation.


[top] 3. Business specific information: Business type and location, business IDs, annual revenue, number of employees, industry, nonprofit rate status, mail owner, mail service provider, PC postage user, PC postage vendor, product usage information, annual and/or monthly shipping budget, payment method and information, planned use of product, age of website, and information submitted by, or collected from, business customers in connection with promotional marketing campaigns. page 34680

4. Customer preferences: Preferences to receive USPS marketing information, preferences to receive marketing information from USPS partners, preferred means of contact, preferred email language and format, preferred on-screen viewing language, product and/or service marketing preference.

5. Customer feedback: Method of referral to website.

6. Registration information: Date of registration.

7. Online user information: Internet Protocol (IP) address, domain name, operating system versions, browser version, date and time of connection, Media Access Control (MAC) address, device identifier, information about the software acting on behalf of the user ( i.e., user agent), and geographic location.

8. International Inquiries: Name and address in Customer Registration account profile used to match with Sender name and address or Sender's representative authority to file an international inquiry for a lost or damaged package.

9. Click-n-Ship Account Linking Information: Customer Address Details, Authentication, Customer Contact Name, Currency, Label Metadata, Marketplace Label data, Order ID, Order Status, Shipping Code, Value, IP Address, MAC Address, Device Type, Browser Type, OAuth accessToken, OAuth expiry, OAuth refreshToken, OAuth refreshTokenExpiry, OAuth tokenType, Marketplace Data ID, Marketplace Data Version, Marketplace Data Account Type, Marketplace Data Account Identifier, Marketplace Data Reference ID, Marketplace Data Labels.

10. Device Fingerprinting Metadata: Device Platform, Device Version, Device Name, Device Model, Device Brand, Device Locale, Device TimeZone, Device Jailbreak Indicator, Device Hardware, Device Manufacturer, Device Storage Capacity, Device Memory Capacity, Device Central Processing Unit (CPU) Capacity, Device Display Width and Height, Device Orientation, Number of Cameras on Device, Device Browser Agent, Device Bluetooth Status, Device Network Status, Device Telephone Service Provider Country.

11. Business Customer Verification Documents: Certificate of incorporation, Articles of Incorporation, Certificate of Good Standing, Business license or registration, Business tax or VAT registration certificate, Fictitious name certificate, Extract from an official company register, Official USPS mail, EIN confirmation letter, Official tax notices, Tenancy agreement, Letter from the IRS.

RECORD SOURCE CATEGORIES:

Customers, Individual Sender and Sender's representative filing an international inquiry for lost or damaged packages.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

Standard routine uses 1. through 7., 10., and 11. apply.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Automated database, computer storage media, and paper.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

By customer name, customer ID(s), phone number, mail, email address, IP address, text message address, and any customer information or online user information.

By tracking number for International package shipments for which an individual sender or sender's representative is filing an online International inquiry for loss or damage.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

1. ACH records are retained up to 2 years.

2. Records stored in the registration database are retained until the customer cancels the profile record, 3 years after the customer last accesses records, or until the relationship ends.

3. For small business registration, records are retained 5 years after the relationship ends.

4. Online user information may be retained for 6 months.

Records existing on paper are destroyed by burning, pulping, or shredding. Records existing on computer storage media are destroyed according to the applicable USPS media sanitization practice.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Paper records, computers, and computer storage media are located in controlled-access areas under supervision of program personnel. Access to these areas is limited to authorized personnel, who must be identified with a badge.

Access to records is limited to individuals whose official duties require such access. Contractors and licensees are subject to contract controls and unannounced on-site audits and inspections. Computers are protected by mechanical locks, card key systems, or other physical access control methods. The use of computer systems is regulated with installed security software, computer logon identifications, and operating system controls including access controls, terminal and transaction logging, and file management software. Online data transmissions are protected by encryption.

For small business registration, computer storage tapes and disks are maintained in controlled-access areas or under general scrutiny of program personnel. Access is controlled by logon ID and password as authorized by the Marketing organization via secure website. Online data transmissions are protected by encryption.

RECORD ACCESS PROCEDURES:

Requests for access must be made in accordance with the Notification Procedure above and USPS Privacy Act regulations regarding access to records and verification of identity under 39 CFR 266.5.

CONTESTING RECORD PROCEDURES:

See Notification Procedures and Record Access Procedures.

NOTIFICATION PROCEDURES:

Customers wanting to know if information about them is maintained in this system of records must address inquiries in writing to the system manager. Inquiries must contain name, address, and other identifying information.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

July 26, 2024, 89 FR 60666; December 15, 2021; 86 FR 71294; March 16, 2020, 85 FR 14982; December 13, 2018, 83 FR 64164; December 22, 2017, 82 FR 60776; August 29, 2014, 79 FR 51627; October 24, 2011, 76 FR 65756; April 29, 2005, 70 FR 22516.

Kevin Rayburn,

Attorney, Ethics and Legal Compliance.

[FR Doc. 2025-13840 Filed 7-22-25; 8:45 am]

BILLING CODE P