88 FR 41 pgs. 13157-13161 - Privacy Act of 1974; System of Records
Type: NOTICEVolume: 88Number: 41Pages: 13157 - 13161
Pages: 13157, 13158, 13159, 13160, 13161FR document: [FR Doc. 2023-04225 Filed 3-1-23; 8:45 am]
Agency: Postal Service
Official PDF Version: PDF Version
[top]
POSTAL SERVICE
Privacy Act of 1974; System of Records
AGENCY:
Postal Service TM .
ACTION:
Notice of a revised system of records.
SUMMARY:
The United States Postal Service® (USPS) is proposing to revise a General Privacy Act System of Records to support the upgrade of a secure board portal software that provides leadership with instant access to the information they need before, during and after meetings, making board and committee interactions more efficient and productive.
DATES:
These revisions will become effective without further notice on April 3, 2023 unless comments received on or before that date result in a contrary determination.
ADDRESSES:
Comments may be submitted via email to the Privacy and Records Management Office, United States Postal Service Headquarters ( uspsprivacyfedregnotice@usps.gov ). To facilitate public inspection, arrangements to view copies of written comments received may be made upon request.
FOR FURTHER INFORMATION CONTACT:
Janine Castorina, Chief Privacy and Records Management Officer, Privacy and Records Management Office, uspsprivacyfedregnotice@usps.gov.
SUPPLEMENTARY INFORMATION:
This notice is in accordance with the Privacy Act requirement that agencies publish their systems of records in the Federal Register when there is a revision, change, or addition, or when the agency establishes a new system of records.
I. Background
[top] The Postal Service is proposing to modify USPS System of Records (SOR) 550.100 Commercial Information Technology Resources-Applications. USPS will enhance functionality of current software used for leadership collaboration. This collaboration-focused software will provide leadership with instant access to the information they need before, during, and after meetings, making board and committee meetings more efficient and productive.
II. Rationale for Changes to USPS Privacy Act Systems of Records
The Postal Service is proposing to modify USPS System of Records (SOR) 550.100 Commercial Information Technology Resources-Applications to support an upgrade of collaboration software that provides leadership with instant access to the information they need before, during and after meetings, making board and committee meetings more efficient and productive.
III. Description of the Modified System of Records
The Postal Service is proposing modifications to USPS SOR 550.100 Commercial Information Technology Resources-Applications in the summary of changes listed below:
• Added PURPOSE #11
• Added CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM #3
• Added new CATEGORIES OF RECORDS IN THE SYSTEM as #11
• Added RECORD SOURCE CATEGORY for Board of Governors
• Added Board of Governors and corresponding data elements to POLICIES AND PRACTICES FOR RETRIEVAL OF RECORD #11
• Added #11 to POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS for new retention period
• Added employees to NOTIFICATION PROCEDURE
Pursuant to 5 U.S.C. 552a (e)(11), interested persons are invited to submit written data, views, or arguments on this proposal. A report of the proposed revisions has been sent to Congress and to the Office of Management and Budget for their evaluations. The Postal Service does not expect this amended system of records to have any adverse effect on individual privacy rights. The notice for USPS 550.100 Commercial Information Technology Resources-Applications, is provided below in its entirety:
SYSTEM NAME AND NUMBER:
550.100 Commercial Information Technology Resources-Applications.
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
All USPS facilities and contractor sites.
SYSTEM MANAGER(S) AND ADDRESS:
For records of computer access authorizations: Chief Information Officer and Executive Vice President, United States Postal Service, 475 L'Enfant Plaza SW, Washington, DC 20260.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
39 U.S.C. 401, 403, and 404.
PURPOSE(S) OF THE SYSTEM:
1. To provide event registration services to USPS customers, contractors, and other third parties.
2. To allow task allocation and tracking among team members.
3. To allow users to communicate by telephone, instant-messaging, and email through local machine and web-based applications on desktop and mobile operating systems.
4. To share your personal image via your device camera during meetings and web conferences, if you voluntarily choose to turn the camera on, enabling virtual face-to-face conversations.
5. To provide for the creation and storage of media files, including video recordings, audio recordings, desktop recording, and web-based meeting recordings.
6. To provide a collaborative platform for viewing video and audio recordings.
7. To create limited use applications using standard database formats.
8. To review distance driven by approved individuals for accurate logging and compensation.
9. To develop, maintain, and share computer code.
10. To comply with Security Executive Agent Directive (SEAD) 3 requirements for self-reporting of unofficial foreign travel pertaining to covered individuals who have access to classified information or who hold a sensitive position.
11. To administer and maintain a secure board portal software that provides leadership with instant access to information they need before, during and after meetings, making board and committee interactions more efficient and productive by promoting collaboration and information sharing among USPS Board of Governors (BOG) and Executive Leadership Team (ELT).
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
1. Individuals with authorized access to USPS computers, information resources, and facilities, including employees, contractors, business partners, suppliers, and third parties.
2. Individuals participating in web-based meetings, web-based video conferencing, web-based communication applications, and web-based collaboration applications.
3. USPS Board of Governors, administrators, and USPS Executive Leadership Team.
CATEGORIES OF RECORDS IN THE SYSTEM:
1. Third-party Information records: Records relating to non-Postal, third-party individuals utilizing an information system, application, or piece of software, including: Third-Party Name, Third Party Date Request, Third Party Free Text, Guest User Information.
[top] 2. Collaboration application records: Records relating to web-conferencing and web-collaboration applications, including; Collaborative Group Names, Collaborative Group IDs, Action Name, Number Of Actions Sent, Number Of Action Responses, Employee Phone Number, Collaborative Group Chat History, Profile Information, Collaborative Group Membership, Contacts, Project Owner, Project Creator, Event Start Time, Event Status, Event Organizer, Event Presenter, Event Producer, Event Production Type, Event Recording Setting, Total Number Of Event Media Viewings, Number Of Active Users, Number Of Active Users In Collaborative Groups, Number Of Active Collaborative Group Communication Channels, Number Of Messages Sent, Number Of Calls Participated In, Last Activity Date Of A User, Number Of Guest Users In A Collaborative Group, Event Name, Event Description, Event Start Date, Event End Date, Video Platform Group Name, Video Platform Group Email Alias, Video Platform Group Description, Video Platform Group Classification, Video Platform Group Access Level, Video Platform Channel Name, Video Platform Channel Description, Video Platform Channel Access, Video Platform Live Event Recording, Total Number Of Video Conferences, Add Room Member To Collaborative Group, Attachment Downloaded From Collaborative Group, Attachment Uploaded From Collaborative Group, Direct Message Started From Collaborative Group, Invite Sent From Collaborative Group, Message Edited From Collaborative Group, Message Posted In Collaborative Group, Remove Room Member From Collaborative Group, Room Created In Collaborative Group, Add Service Account Permission To Enterprise Collaborative Group, Remove Service Account Permission To Enterprise Collaborative Group, Added User To Enterprise Collaborative Group, Added User Role To Enterprise Collaborative Group, Removed User From Enterprise Collaborative Group, Request To Join Enterprise Collaborative Group, Approve Join Request From Enterprise Collaborative Group, Reject Join Request From Enterprise Collaborative Group, Invite User To Enterprise Collaborative Group, Accept Invitation For Enterprise Collaborative Group, Reject Invitation For Enterprise Collaborative Group, Revoke Invitation
3. Communication Application Records: Enterprise Social Network User Name, Enterprise Social Network User State, Enterprise Social Network User State Change Date, Enterprise Social Network User Last Activity Date, Number Of Messages Posted By An Enterprise Social Network User In Specified Time Period, Number Of Messages Viewed By An Enterprise Social Network User, Number Of Liked Messages By An Enterprise Social Network User, Products Assigned To A Enterprise Social Network User, Home Network Information, External Network Information, External Network Name, External Network Description, External Network Image, Network Creation Date, Network Usage Policy, External Network User Name, External Network User Email Address, External Group Name, Number Of Users On A Network, Network ID, Live Event Video Links, Files Added Or Modified In Enterprise Social Network, Message ID, Thread ID, Message Privacy Status, Full Body Of Message, Chat User Action, Chat Room Member Added, Chat Attachment Downloaded, Chat Attachment Uploaded, Chat Room Blocked, Chat User Blocked, Chat Direct Message Started, Chat Invitation Accepted, Chat Invitation Declined, Chat Invitation Sent, Chat Message Edited, Chat Message Posted, Chat Room Member Removed, Chat Room Created.
4. Multimedia records: Records relating to media associated with or originating from an information system, including; Video Platform User ID, Video Name, Videos Uploaded By User, Videos Accessed By User, Channels Created By User, User Group Membership, Comments Left By User On Videos, Screen Recordings, Video Transcript, Deep Search Captions, Video Metadata, Audio Metadata, Phone Number, Time Phone Call Started, User Name, Call Type, Phone Number Called To, Phone Number Called From, Called To Location, Called From Location, Telephone Minutes Used, Telephone Minutes Available, Charges For Use Of Telephone Services, Currency Of Charged Telephone Services, Call Duration, Call ID, Conference ID, Phone Number Type, Blocked Phone Numbers, Blocking Action, Reason For Blocking Action, Blocked Phone Number Display Name, Date And Time Of Blocking, Call Start Time, User Display Name, SIP Address, Caller Number, Called To Number, Call Type, Call Invite Time, Call Failure Time, Call End Time, Call Duration, Number Type, Media Bypass, SBC FQDN, Data Center Media Path, Data Center Signaling Path, Event Type, Final SIP, Final Vendor Subcode, Final SIP Phrase, Unique Customer Support ID.
5. Limited Use Application records: Records relating to applications with a specific, limited use, including; Application Authoring Application Name, Application Authoring Application Author, Voice Search Text Strings, Miles Driven, Mileage Rates, Country Currency, Destination, Destination Classification, Car Make, Car Model, Working Hours, Total Number Of Monthly Drives, Total Number Of Monthly Miles, Total Number Of Personal Drives, Total Number Of Personal Drives, Users Allowed To Access Application, Application Authoring Application Security Settings, Total Number Of Cloud-Based Searches Performed, Total Number Of Cloud-Based Search Queries From Web Browsers, Total Number Of Cloud-Based Search Queries From Android Operating Systems, Total Number Of Cloud-Based Search Queries From iOS Operating Systems, Data Visualization Report Email Delivery Added, Data Visualization Asset Created, Data Visualization Data Exported, Data Visualization Asset Deleted, Data Visualization Report Downloaded, Data Visualization Asset Edited, Data Visualization Asset Restored, Data Visualization Report Email Delivery Stopped, Data Visualization Asset Trashed, Data Visualization Report Email Delivery Updated, Data Visualization Asset Viewed, Data Visualization Link Sharing Access Type Changed, Data Visualization Link Sharing Visibility Changed, Data Visualization User Sharing Permissions Changed.
[top] 6. Development Records: Records relating to applications used for the creation, sharing, or modification of software code, including: Data Repository User ID, Data Repository Password, Data Repository User Address, Data Repository Payment Information, Data Repository User First Name, Data Repository User Last Name, Data Repository Profile Picture, Data Repository Profile Biography, Data Repository Profile Location, Data Repository User Company, Data Repository User Preferences, Data Repository User Preference Analytics, Data Repository Transaction Date, Data Repository Transaction Time, Data Repository Transaction Amount Charged, Data Repository web pages Viewed, Data Repository Referring website, Data Repository Date Of web page Request, Data Repository Time Of web page Request, Data Repository User Commits, Data Repository User Commit Comment Body Text, Data Repository Pull Request Comment Body Text, Data Repository Issue Comment Body Text,
7. Unofficial Foreign Travel Monitoring: Records relating to covered individuals for the administration of the SEAD 3 program, including: Title, Name Of Traveler, Information Type: Pre-Travel And Post-Travel, Start Date Of Travel, End Date Of Travel, Carrier Of Transportation, Countries You Are Visiting, Passport Number, Passport Expiration Date, Names And Association Of Foreign National Travel Companions, Planned Foreign Contacts, Emergency Contact Name, Emergency Contact Phone Number, Emergency Contact Relationship, Post-Travel Questions Relating To Activity, Events, And Interactions.
8. Cloud-based storage records: Records relating to activity within cloud-based storage systems, including: Number Of Files Made Publicly Available, Number Of Files Made Available With A Link, Number Of Files Shared With Domain Users, Number Of Files Shared With Domain Users Through Link, Number Of Files Shared With Users Outside Domain, Number Of Files Shared With User Or Group In Domain, Number Of Files Not Shared At All, Number Of Spreadsheet Documents Added, Number Of Text Documents Added, Number Of Presentation Documents, Number Of Form Documents Added, Number Of Other Files Added, Number Of Files Edited, Number Of Files Viewed, Number Of Files Added, Total Cloud Storage Space Used, Last Time Storage Accessed By User, Item Added To Folder, Item Approval Cancelled, Comment Added On Approval Of Item, Due Date Time Change Requested, Item Approval Requested, Reviewer Change Requested For Item Approval, Item Approval Reviewed, Document Copy Created, Document Created, Document Deleted, Document Downloaded, Document Shared As Email Attachment, Document Edited, Label Applied, Label Value Changed, Label Removed, Item Locked, Item Moved, Item Previewed, Item Printed, Item Removed From Folder, Item Renamed, Item Restored, Item Trashed, Item Unlocked, Item Uploaded, Item Viewed, Security Update Applied To File, Security Update Applied To All Files In Folder, Publish Status Changed, Editor Settings Changed, Link Sharing Access Type Changed, Link Sharing Access Changed From Parent Folder, Link Sharing Visibility Changed, Link Sharing Visibility Changed From Parent Folder, Security Update Removed From File, Membership Role Changed, Shared Storage Settings Changed, Spreadsheet Range Enabled, User Sharing Permissions Changed, User Sharing Permissions Changed From Parent Folder, User Storage Updated, File Viewed, File Renamed, File Created, File Edited, File Previewed, File Printed, File Updated, File Deleted, File Uploaded, File Downloaded, File Shared.
9. Email Application records: Records relating to regular use of email applications, including: Email Body Text, Email Metadata, Total Number Of Emails Sent, Total Number Of Emails Received, Total Number Of Emails Sent And Received, Last Time User Accessed Email Client Through A Post Office Protocol (POP) Mail Server, Last Time User Accessed Email Client Through An internet Message Access Protocol (IMAP) Mail Server, Last Time User Accessed Through Web-Based Server, Total Email Client Storage Space Used, Calendar Access Level(S) Changed, Calendar Country Changed, Calendar Created, Calendar Deleted, Calendar Description Changed, Calendar Location Changed, Calendar Time zone Changed, Calendar Title Changed, Calendar Notification Triggered, Calendar Subscription Added, Calendar Subscription Deleted, Calendar Event Created, Calendar Event Deleted, Calendar Event Guest Added, Calendar Event Guest Auto-Response, Calendar Event Guest Removed, Calendar Event Guest Response Changed, Calendar Event Modified, Calendar Event Removed From Trash, Calendar Event Restored, Calendar Event Start Time Changed, Calendar Event Title Modified, Successful Availability Lookup Of A Calendar Between Email Clients, Successful Availability Lookup Of Email Client Resource, Successful Email Client Resource List Lookup, Unsuccessful Availability Lookup Of A Calendar On Email Client, Unsuccessful Availability Lookup Of Email Client Resource, Unsuccessful Email Client Resource List Lookup.
10. Web Browser Records: Records relating to activity within a web browser, including: Web Browser Password Changed, Web Browser Password Reused, Malware Detected in Transferred Content for User, Sensitive Data Detected In Transferred Content, Unsafe website Visit Detected For User.
11. USPS Board of Governors name, email, and collaborative meeting records used to store meeting material such as presentations, briefing documents/memos, meeting minutes/notes, and responses to various board inquiries, presentation briefing documents, and memos.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
Standard routine uses 1. through 9. apply. In addition:
(a) To appropriate agencies, entities, and persons when (1) the Postal Service suspects or has confirmed that there has been a breach of the system of records; (2) the Postal Service has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Postal Service (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Postal Service's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
RECORD SOURCE CATEGORIES:
Employees; contractors; customers; USPS Board of Governors.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Automated database, computer storage media, and paper.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
1. Records relating to third-parties are retrievable by name and email address.
2. Records relating to collaboration are retrievable by name, email address, and user ID.
3. Records relating to communication are retrievable by name, email address, and user ID.
[top] 4. Records pertaining to multimedia are retrievable by username and media title.
5. Records relating to application development are retrievable by user ID and application name.
6. Records relating to limited use applications are retrievable by name, email address, and user ID.
7. Records relating to Unofficial Foreign Travel Monitoring for covered individuals are retrievable by name.
8. Records relating to Cloud-based storage are retrievable by name, email address, and user ID.
9. Records relating to Email Applications are retrievable by name, email address, and user ID.
10. Records relating to Web Browsers are retrievable by name, email address, and user ID.
11. USPS Board of Governors secure board portal collaboration software data is retrievable by date, meeting information, committee name, and other session collaboration details.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
1. Records relating to third parties are retained for twenty-four months.
2. Records relating to collaboration are retained for twenty-four months.
3. Records relating to communication are retained for twenty-four months.
4. Multimedia recordings are retained for twenty-four months.
5. Records relating to application development are retained for twenty-four months.
6. Records relating to limited use applications are retained for twenty-four months.
7. Records relating to Unofficial Foreign Travel Monitoring for covered individuals are retained for twenty-five years.
8. Records relating to Cloud-based storage are retained for twenty-four months.
9. Records relating to Email Applications are retained for twenty-four months.
10. Records relating to Web Browsers are retained for twenty-four months.
11. USPS Board of Governors secure board portal collaboration software data is retained up to twelve months from the close of the corresponding event.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Paper records, computers, and computer storage media are located in controlled-access areas under supervision of program personnel. Computer access is limited to authorized personnel with a current security clearance, and physical access is limited to authorized personnel who must be identified with a badge.
Access to records is limited to individuals whose official duties require such access. Contractors and licensees are subject to contract controls and unannounced on-site audits and inspections.
Computers are protected by encryption, mechanical locks, card key systems, or other physical access control methods. The use of computer systems is regulated with installed security software, computer logon identifications, and operating system controls including access controls, terminal and transaction logging, and file management software.
RECORD ACCESS PROCEDURES:
Requests for access must be made in accordance with the Notification Procedure and USPS Privacy Act regulations regarding access to records and verification of identity under 39 CFR 266.5.
CONTESTING RECORD PROCEDURES:
See Notification Procedure and Record Access Procedures above.
NOTIFICATION PROCEDURE:
Customers and employees wanting to know if other information about them is maintained in this system of records must address inquiries in writing to the Chief Information Officer and Executive Vice President and include their name and address.
EXEMPTION(S) PROMULGATED FROM THIS SYSTEM:
None.
HISTORY:
May 11, 2021; 86 FR 25899; January 31, 2022; 87 FR 4957.
Tram T. Pham,
Attorney, Ethics and Legal Compliance.
[FR Doc. 2023-04225 Filed 3-1-23; 8:45 am]
BILLING CODE 7710-12-P