[Federal Register Volume 85, Number 105 (Monday, June 1, 2020)]
[Notices]
[Pages 33210-33211]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-11640]
-----------------------------------------------------------------------
POSTAL SERVICE
Privacy Acy; Modified System of Records
AGENCY: Postal Service\TM\.
ACTION: Notice of a modified system of records.
-----------------------------------------------------------------------
SUMMARY: The United States Postal Service\TM\ (USPS\TM\) is proposing
to revise a General Privacy Act Systems of Records. These updates are
being made to facilitate the implementation of web-based conferencing
applications.
DATES: These revisions will become effective without further notice on
July 1, 2020, unless comments received on or before that date result in
a contrary determination.
ADDRESSES: Comments may be mailed or delivered to the Privacy and
Records Management Office, United States Postal Service, 475 L'Enfant
Plaza SW, Room 1P830, Washington, DC 20260-1101. Copies of all written
comments will be made available for public inspection upon request.
FOR FURTHER INFORMATION CONTACT: Janine Castorina, Chief Privacy and
Records Management Officer, Privacy and Records Management Office, 202-
268-3069 or [email protected].
SUPPLEMENTARY INFORMATION: This notice is in accordance with the
Privacy Act requirement that agencies publish their systems of records
in the Federal Register when there is a revision, change, or addition,
or when the agency establishes a new system of records.
The Postal Service has determined that General Privacy Act Systems
of Records (SORs), USPS 500.000, Property Management Records should be
revised to support the implementation of web-based conferencing
applications with enhanced functionality. These applications will
further encourage collaboration, promote meeting efficiency, and
facilitate the sharing of information.
Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to
submit written data, views, or arguments on this proposal. A report of
the proposed revisions has been sent to Congress and to the Office of
Management and Budget for their evaluations. The Postal Service does
not expect these amended systems of records to have any adverse effect
on individual privacy rights. The notice for USPS 500.000, Property
Management Records provided below in its entirety, is as follows:
SYSTEM NAME AND NUMBER:
USPS 500.000, Property Management Records.
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
All USPS facilities.
SYSTEM MANAGER(S):
For records of accountable property, carpool membership, and use of
USPS parking facilities: Vice President, Facilities, United States
Postal Service, 475 L'Enfant Plaza SW, Washington, DC 20260.
For records of building access and Postal Inspector computer access
authorizations: Chief Postal Inspector, Inspection Service, United
States Postal Service, 475 L'Enfant Plaza SW, Washington, DC 20260.
For other records of computer access authorizations: Chief
Information Officer and Executive Vice President, United States Postal
Service, 475 L'Enfant Plaza SW, Washington, DC 20260.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
39 U.S.C. 401.
PURPOSE(S) OF THE SYSTEM:
1. To ensure personal and building safety and security by
controlling access to USPS facilities.
2. To ensure accountability for property issued to persons.
3. To assign computer logon IDs; to identify USPS computer users to
resolve their computer access problems by telephone; and to monitor and
audit the use of USPS information resources as necessary to ensure
compliance with USPS regulations.
4. To enable access to the USPS meeting and video web conferencing
application.
5. To enhance your online meeting experience by utilizing enhanced
features and functionality, including voluntary polling to gather
responses from attendees to generate reports or the interactive chat
feature.
6. To facilitate information sharing and cross-functional
participation.
7. To share your personal image via your device camera during
meetings and web conferences, if you voluntarily choose to turn the
camera on, enabling virtual face-to-face conversations.
8. To authenticate user identity for the purpose of accessing USPS
information systems.
9. To provide parking and carpooling services to individuals who
use USPS parking facilities.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
1. Individuals who are granted regular access to USPS facilities
through the issuance of a building access badge, or who are assigned
accountable property.
2. Individuals with authorized access to USPS computers and
information resources, including USPS employees, contractors, and other
individuals; Individuals participating in web-based meetings and video
conferences.
3. Individuals who are members of carpools with USPS employees or
otherwise regularly use USPS parking facilities.
CATEGORIES OF RECORDS IN THE SYSTEM:
1. Building access information: Records related to issuance of
building access badges, including name, Social Security Number,
Employee Identification Number, date of birth, photograph, postal
assignment information, work contact information, finance number(s),
duty location, and pay location.
2. Property issuance information: Records related to issuance of
accountable USPS property, equipment, and controlled documents,
including name, Social Security Number, equipment description,
equipment serial numbers, and issuance date.
3. Computer access authorization information: Records related to
computer users, including logon ID, Social Security Number, Employee
Identification Number, or other assigned identifier, employment status
information or contractor status information, and extent of access
granted.
4. Session data from web-based meetings and web conferences:
Participant name, participant's webcam-generated image (including
presenters), recorded participant audio, video, and shared meeting
screen content, chat interaction, polling questions and associated
responses, participant join
[[Page 33211]]
time and leave time, meeting duration, participant location, and
participant media hardware information.
5. Historical device usage data from web-based meetings and web
conferences: Device type (such as mobile, desktop, or tablet), Device
Operating System, Operating System Version, MAC address, and IP
address.
6. Identity verification information: Question, answer, and email
address.
7. Carpool and parking information: Records related to membership
in carpools with USPS employees or about individuals who otherwise
regularly use USPS parking facilities, including name, space number,
principal's and others' license numbers, home address, and contact
information.
RECORD SOURCE CATEGORIES:
Employees; contractors; subject individuals; and other systems of
records.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
Standard routine uses 1. through 9. apply.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Automated database, computer storage media, and paper.
POLICIES OF PRACTICES FOR RETRIEVAL OF RECORDS:
1. Records about building access and issuance of accountable
property are retrieved by name, Social Security Number, or Employee
Identification Number.
2. Records about authorized access to computer and information
resources are retrieved by name, logon ID, Employee Identification
Number, or other unique identifier of the individual.
3. Report and tracking data created during web-based meetings and
video conferences that pertain to individual participants, content
shared, conference codes and other relevant session data and historical
device usage data are retrieved by meeting ID, host name or host email
address.
4. Media recordings created during web-based meetings and video
conferences are retrieved by meeting ID, host name or host email
address.
5. Records of carpools and parking facilities are retrieved by
name, ZIP Code, space number, or parking license number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
1. Building access and accountable property records are retained
until termination of access or accountability.
2. Records of computer access privileges are retained 1 year after
all authorizations are cancelled.
3. Report and tracking data created during web-based meeting and
video conferences, such as other relevant session data and historical
device usage data, are retained for twenty-four months.
4. Web-based meeting or video session recordings are retained for
twenty-four months.
5. Records of carpool membership and use of USPS parking facilities
are retained 6 years.
6. Records existing on paper are destroyed by burning, pulping, or
shredding. Records existing on computer storage media are destroyed
according to the applicable USPS media sanitization practice.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Paper records, computers, and computer storage media are located in
controlled-access areas under supervision of program personnel. Access
to these areas is limited to authorized personnel, who must be
identified with a badge.
Access to records is limited to individuals whose official duties
require such access. Contractors and licensees are subject to contract
controls and unannounced on-site audits and inspections. Computers are
protected by mechanical locks, card key systems, or other physical
access control methods. The use of computer systems is regulated with
installed security software, computer logon identifications, and
operating system controls including access controls, terminal and
transaction logging, and file management software.
RECORD ACCESS PROCEDURES:
Requests for access must be made in accordance with the
Notification Procedure above and USPS Privacy Act regulations regarding
access to records and verification of identity under 39 CFR 266.5.
CONTESTING RECORD PROCEDURES:
See Notification Procedure and Record Access Procedures above.
NOTIFICATION PROCEDURES:
Inquiries for records about building access, accountable property,
carpool membership, and use of USPS parking facilities must be
addressed to the facility head. Inquiries about computer access
authorization records must be directed to the Manager, Corporate
Information Security, 475 L'Enfant Plaza SW, Suite 2141, Washington, DC
20260. For Inspection Service computer access records, inquiries must
be submitted to the Inspector in Charge, Information Technology
Division, 2111 Wilson Blvd., Suite 500, Arlington, VA 22201. Inquiries
must include full name, Social Security Number or Employee
Identification Number, and period of employment or residency at the
location.
EXEMPTIONS PROMULGATED FROM THIS SYSTEM:
None.
HISTORY:
April 11, 2014, 79 FR 20249; June 27, 2012, 77 FR 38342; June 17,
2011, 76 FR 35483; April 29, 2005, 70 FR 22516.
Joshua J. Hofer,
Attorney, Federal Compliance.
[FR Doc. 2020-11640 Filed 5-29-20; 8:45 am]
BILLING CODE P