Privacy Act of 1974; System of Records

AGENCY:

Postal Service®.

ACTION:

Notice of establishment of new system of records; response to comments; establishment of new implementation date.

SUMMARY:

The United States Postal Service® (Postal Service) is responding to public comments regarding the establishment of a new Customer Privacy Act System of Records (SOR) to support the Informed Delivery^TM service. After its review and evaluation of such comments, the Postal Service has found that no substantive changes to the proposed system were necessary, and determined that implementation of the system should proceed.

DATES:

Originally scheduled for September 26, 2016, the implementation of this SOR was delayed in its entirety until further notice to allow for the consideration of public comments pursuant to a notice published on October 3, 2016. After a review these comments, the Postal Service has determined that no substantive changes to the SOR are required, and that the implementation of the system should proceed, effective December 9, 2016.

FOR FURTHER INFORMATION CONTACT:

Janine Castorina, Chief Privacy Officer, Privacy and Records Office, United States Postal Service, 475 L'Enfant Plaza SW., Room 1P830, Washington, DC 20260-0004, telephone 202-268-3069, or privacy@usps.gov.

SUPPLEMENTARY INFORMATION:

On August 25, 2016, the Postal Service published notice of its intent to establish a new system of records to support an expansion of its Informed Delivery^TM service (81 FR 58542). (Informed Delivery is a digital service that allows enrolled users to receive an email notification that contains grayscale images of the outside of their letter-sized mailpieces processed by USPS automation equipment prior to delivery. This service is offered at no cost to the consumer.)

In response to this notice, we received comments that generally supported the concept of the new SOR, but expressed desire for more specific information regarding the types of data to be collected by the system, and the potential uses (or abuses) of that information. On October 3, 2016, the Postal Service published a further notice suspending the implementation date of the new SOR to allow consideration of these matters (81 FR 68067).

The Postal Service has now completed its review of the comments received, and has concluded that the SOR, as proposed, would not permit the improper disclosure of records identifying a particular individual in violation of the Privacy Act. Accordingly, we believe it is appropriate to proceed with the implementation of the SOR.

Our responses to the comments received, as grouped and categorized for convenience, are as follows.

Question 1: Does the Informed Delivery Service constitute a surveillance mechanism that allows tracking at granular detail?

Answer: No. Informed Delivery is intended solely as a value-added service for USPS customers, making physical mail more convenient and accessible to consumers in a digital age. Informed Delivery gives residential consumers the ability to see a daily preview of the letter-sized mailpieces that will be arriving in their mailbox soon. Informed Delivery is not a surveillance system. It does provide senders of mail with insight into mail recipient interaction with digital pieces. When a digital mailpiece is opened or clicked, an event is collected by the Postal Service. Those event-rates are aggregated and sent to the sender of the mailpiece so that the mailer can provide more relevant mail to customers. Individual event-rates are not shared.

Question 2: Who are the third parties who will receive data from the Informed Delivery service?

Answer: The mailer that sent the mailpiece will receive aggregated information as to whether the Informed Delivery customer opened the email containing that particular mail item. The mail image is not a part of the aggregated information provided. A customer's individual use of the Informed Delivery service will not be shared with mailers. Aggregated data assists the Postal Service to provide better service and content to its customers, along with assisting mailers to provide better products for customers.

Question 3: What data will be collected?

Answer: The Postal Service collects eight categories of records.

1. Customer information: Name; customer ID; physical mailing address and corresponding 11-digit delivery point ZIP Code; phone number; email address; text message number and carrier.

2. Customer account preferences: Individual customer preferences related to email and online communication participation level for USPS and marketing information.

3. Customer feedback: Information submitted by customers related to Informed Delivery notification service or any other Postal product or service.

4. Subscription information: Date of customer sign-up for services through an opt-in process; date customer opts-out of services; nature of service provided.

5. Data on mailpieces: Destination address of mailpiece; Intelligent Mail barcode (IMb); 11-digit delivery point ZIP Code; delivery status; and identification number assigned to equipment used to process mailpiece.

6. Mail Images: Electronic files containing images of mail pieces captured during normal mail processing operations.

7. User Data associated with 11-digit ZIP Codes: Information related to the user's interaction with Informed Delivery email messages, including, but not limited to email open and click-through rates, dates, times, and open rates appended to mailpiece images (user data is not associated with personally identifiable information).

8. Data on Mailings: Intelligent Mail barcode (IMb) and its components including the Mailer Identifier (Mailer ID or MID), Service Type Identifier (STID) and Serial Number.

Question 4: How long are data maintained?

Answer: There are eight categories of records, as described in response to Question No. 3. The Postal Service has three retention periods, associated with the eight record categories. The three retention periods are associated with the mailpiece images, records within the subscription database and user data and are addressed as follows:

1. The images of mailpieces (data category 6 listed in response to Question No. 3) are maintained within customers' accounts for seven days.

2. The Postal Service maintains records within the subscription database (data categories 1, 2, 3, 4, 5, and 8 listed in response to Question No. 3) the individual's email addresses, customer ID, and 11-digit ZIP Code, for customers who have signed up for Informed Delivery until cancellation or opting-out of the Informed Delivery service, when the data is deleted.

3. The user data (data category 7 listed in response to Question No. 3) is maintained for two years and eleven months.

Question 5: Will there be a link that takes the mail customer to a third-party Web site?

Answer: There will not be a link or Quick Response (QR) code that takes the recipient directly from the image of their mail to a third-party Web site, but notifications could include ride-along images, or interactive content might be included in a hyperlink that takes a user to a third-party Web site.

Question 6: Explain the tracking that is associated with the Informed Delivery service.

Answer: USPS monitors if and when a user opens an Informed Delivery email and click-through rates on interactive content, as well as dates, times and open rates appended to mailpiece images. Data is aggregated from the 11-digit ZIP Code down to the 5-digit ZIP Code. USPS provides this aggregated data to the sender of the mailpiece. Neither personal nor personally identifiable data are transmitted to the mailers. Moreover, the aggregated data are shared only with the sender of the particular mailpiece and not with other mailers.

Question 7: Will other marketing information be contained within the emails provided by the Informed Delivery service?

Answer: Informed Delivery email notifications could include interactive or clickable content, which could include ride-along images or a hyperlink related to the mailpiece from the sender of the mailpiece. The email notification could also include a USPS banner advertisement. No other marketing will be contained within the email provided by the Informed Delivery service.

Question 8: Will the Postal Service's privacy policy be available in conjunction with the Informed Delivery service and will it disclose associated tracking and sharing?

Answer: The Postal Service terms and conditions for the Informed Delivery service are included on the My USPS app. A link to the Postal Service's privacy policy is provided on the Postal Service's Web site. Moreover, a Privacy Act Notice will be provided before customers sign up for the Informed Delivery service. This Privacy Act Notice will disclose all tracking and sharing associated with the Informed Delivery service.

Question 9: Can users be allowed to opt-out of the tracking and sharing associated with the Informed Delivery service, while still receiving the benefit of the service?

Answer: No. The Informed Delivery service is a voluntary, value-added service provided to Postal Service customers. By agreeing to sign up for Informed Delivery, a customer is agreeing to the terms and conditions of Informed Delivery, which includes the provision that the Postal Service will provide the sender of a mail item with aggregated user data. If a customer is not comfortable with the terms and conditions of Informed Delivery, he or she may choose not to subscribe or may unsubscribe at any time.

Question 10: Will the Informed Delivery service create phishing opportunities?

Answer: All emails originate from a Postal Service address and are branded with official USPS graphics, images, logos, etc. All legitimate USPS Informed Delivery emails will include an unsubscribe option. While there is always the possibility—as there is with any email from any source—that some phishers may attempt to take advantage, the Postal Service protects its brand and unbranded items should be recognizable as spam. Moreover, the Postal Service takes cybersecurity seriously and will safeguard all of its products to the best of its ability.

Question 11: Is the Informed Delivery service available for businesses, corporations and other government agencies that do not have 11-digit Zip Codes?

Answer: The Informed Delivery service is available only for residential customers with unique 11-digit ZIP Codes.

Question 12: Who can sign up for the Informed Delivery service?

Answer: Each customer in a household over the age of 18 may enroll in the Informed Delivery service. The Postal Service uses various methods to verify identities including internal data and data provided by third parties, such as the requirement of opening a usps.com account, to eliminate those under the age of 18 from enrolling in the Informed Delivery service. Because all interested consumers must successfully complete online or in person address verification to confirm that they live at the address to be enrolled in the Informed Delivery service, the Postal Service is confident that it has measures in place to protect customers interested in the Informed Delivery service. The Informed Delivery service allows recipients to get an advanced view of the outside of a mailpiece. In that respect, it is no different than household members viewing that same mailpiece in the household mailbox.

Question 13: Is the 11-Digit ZIP Code or a Mail Image Personally Identifiable Information?

Answer: The Privacy Act does not permit the disclosure of a record, within a system of records, except pursuant to certain exceptions. Under the Privacy Act, records include information that contains a name, identifying number, symbol or something else that identifies a particular individual. Neither the mail image nor the 11-digit ZIP Code classify as records under the Privacy Act.

The mail image is not a record under the Privacy Act because the mail images are just images. The printed information on the mailpiece is not stored with the image. Only the image is stored and as such, it is not associated with any other information that would cause it to be personally identifiable. The Postal Service does not examine, or allow others to examine, mailpiece images unless a customer specifically requests an investigation into something related to the delivery of that mailpiece.

The 11-digit ZIP Code is not a record under the Privacy Act because it includes address information for a physical location, without personal identifiers or recipient information, and is not associated with any particular individual. This is evidenced by the 37 million mail forwarding and change-of-address requests the Postal Service receives yearly. Address locations change and are not unique identifiers in and of themselves.

Question 14: Application of Routine Use 10.

Answer: The Informed Delivery service System of Records aligns with the System of Records used for Customer Registration because Customer Registration is the vehicle under which customers enroll in the Informed Delivery service. As a result, the Routine Uses must align in order for the systems to operate transparently.

Question 15: Application of Routine Use 11.

Answer: The Informed Delivery service System of Records aligns with the System of Records used for Customer Registration because Customer Registration is the vehicle under which customers enroll in the Informed Delivery service. As a result, the Routine Uses must align in order for the systems to operate transparently.