Privacy Act of 1974; System of Records

AGENCY:

Department of the Army, DoD.

ACTION:

Notice to alter a system of records.

SUMMARY:

The Department of the Army proposes to alter a system of records, AAFES 0207.02, entitled “Customer Solicitations, Comments, Inquiries, and Direct Line Records”. This SORN enables the Army and Air Force Exchange Service to carry out its mission to enhance the quality of life for authorized patrons and to support military readiness, recruitment and retention, by providing a world-wide system of Exchanges with merchandise and household goods similar to commercial stores and services.

DATES:

Comments will be accepted on or before April 18, 2016. This proposed action will be effective on the day following the end of the comment period unless comments are received which result in a contrary determination.

ADDRESSES:

You may submit comments, identified by docket number and title, by any of the following methods:

• Federal Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
• Mail: Department of Defense, Office of the Deputy Chief Management Officer, Directorate of Oversight and Compliance, Regulatory and Audit Matters Office, 9010 Defense Pentagon, Washington, DC 20301-9010.

Instructions: All submissions received must include the agency name and docket number for this Federal Register document. The general policy for comments and other submissions from members of the public is to make these submissions available for public viewing on the Internet at http://www.regulations.gov as they are received without change, including any personal identifiers or contact information.

FOR FURTHER INFORMATION CONTACT:

Ms. Tracy Rogers, Department of the Army, Privacy Office, U.S. Army Records Management and Declassification Agency, 7701 Telegraph Road, Casey Building, Suite 144, Alexandria, VA 22315-3827 or by phone at 703-428-7499.

SUPPLEMENTARY INFORMATION:

The Department of the Army systems of records notices subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended, have been published in the Federal Register and are available from the address in FOR FURTHER INFORMATION CONTACT or at the Defense Privacy and Civil Liberties Office Web site at http://dpcld.defense.gov/ .

The proposed system report, as required by 5 U.S.C 552a(r) of the Privacy Act of 1974, as amended, was submitted on March 4, 2016, to the House Committee on Oversight and Government Reform, the Senate Committee on Governmental Affairs, and the Office of Management and Budget (OMB) pursuant to paragraph 4c of Appendix I of OMB Circular No. A-130, Federal Agency Responsibilities for Maintaining Records About Individuals,” dated February 8, 1996 (February 20, 1996, 61 FR 6427).

AAFES 0207.02

System Name:

Customer Solicitations, Comments, Inquiries, and Direct Line Records (August 28, 2006, 71 FR 50899).

Changes:

System name:

Delete entry and replace with “Exchange Retail Sales Transaction Data.”

System location:

Delete entry and replace with “Headquarters, Army and Air Force Exchange Service, 3911 S. Walton Walker Boulevard, Dallas, TX 75236-1598; Exchange Regions and Area Exchanges at posts, bases, and satellite locations worldwide. Official mailing addresses are published as an appendix to the Army's compilation of systems of records notices.”

Categories of individuals covered by the system:

Delete entry and replace with “Customers or potential customers of the Army and Air Force Exchange Service.”

Categories of records in the system:

Delete entry and replace with “Individual's name; date of birth; Social Security Number (SSN); Department of Defense Identification Number (DoD ID Number), and ID card bar code value; military card identification number; addresses (home, billing, and shipping); email address (personal and/or business) telephone number (personal and/or business); Internet and mobile ordering web login username and password.

Information related to purchases to include: Date of transaction; transaction number; name and address of recipient of order; description and price of item ordered; method of shipment; amount of order/refund; returned check identifier; claim data for returns/damages to shipments; coupon information; digital coupons available; incentive account information (loyalty card, rewards card, points card, advantage card or club card information), and buying preferences.

Information related to payment method to include: Account/card holder name; financial institution information(bank account number, routing number, check number); credit and debit/automated teller machine card information (card number, expiration date, Card Verification Value 2 (CVV2), Card Validation Code (CVC), or Card Identifier (CID); smart card and other chip-based card payment information (issuer, credit or debit accounts and account limits); other similar methods of payment information initiated by mobile device applications; electronic benefit transfer card (Women, Infants and Children Programs (WIC) and Supplemental Nutritional Assistance Program (SNAP) information; prepaid/preloaded/stored value card information; and gift card/certificate information.

Exchange patron demographic information to include: age; military status (active, reserve, retired, civilian, officer, enlisted, family member, survivor, foreign, etc.); military rank; branch of service; household size and income; distance from nearest Exchange; frequency of shopping trips; income range; shopper preference information; preferred brand names; promotions or coupons; and Exchange profile information; social media (Facebook, Twitter, Flickr, YouTube) username; compilation of Exchange patron comments, inquiries, complaints, and feedback concerning Exchange merchandise and the patron's Exchange shopping experience posted by the Exchange patron in the social media environment; and the Exchange patron's publically viewable social media profile information.”

Authority for maintenance of the system:

Delete entry and replace with “10 U.S.C. 3013, Secretary of the Army; 10 U.S.C. 8013, Secretary of the Air Force; 10 U.S.C. 2481, Defense commissary and exchange systems: existence and purpose; Army Regulation 215-8/Air Force Instruction 34-211(I), Army and Air Force Exchange Service Operations; and E.O. 9397 (SSN), as amended.”

Purpose:

Delete entry and replace with “To enable the Army and Air Force Exchange Service to carry out its mission to enhance the quality of life for authorized patrons and to support military readiness, recruitment and retention, by providing a world-wide system of Exchanges with merchandise and household goods similar to commercial stores and services.

To authenticate authorized patrons, record purchases and purchase prices, account for and deduct coupons and other promotional discounts, calculate the total amount owed by the customer, and accept payment by various media, such as cash, credit card, debit/ATM card, smart card and other chip-based cards, electronic benefits transfer payments, prepaid/preloaded and stored value cards, gift cards/certificates, and other similar methods of payments initiated through mobile device applications.

To locate order information to reply to customer inquiries, complaints; to create labels for shipment to proper location; to refund customer remittances or to collect monies due; to provide claim and postal authorities with confirmation/certification of shipment for customer claims for damage or lost shipments.

To record customer transactions/payment for layaway and special orders; to determine payment status before finalizing transactions; to identify account delinquencies and prepare customer reminder notices; to mail refunds on canceled layaway or special orders; to process purchase refunds; to document receipt from customer of merchandise subsequently returned to vendors for repair or replacement, shipping/delivery information, and initiate follow up actions; to monitor individual customer refunds; to perform data analysis and data research that helps the Exchange understand the purchasing behavior of customers and better meet the needs, affinities and wants of our customers; to improve efficiency of marketing system(s); and, to help detect and prevent criminal activity, and identify potential abuse of exchange privileges.

To collect debts due to the United States in the event a patron's medium of payment is declined or returned unpaid.

To monitor purchases of restricted items outside the United States, its territories and possessions, as necessary to prevent black marketing in violation of treaties or agreements, and to comply with age restrictions applicable to certain purchases by minors or those under allowable ages.

To create, maintain and enhance system and mobile device shopping capability allowing authorized patrons to order Exchange retail products online through their home computer, mobile device or other method through which the patron can access the internet, and to pay for such purchases electronically either at the time of ordering or at the time of pick up.

To create Exchange patron profiles for the purposes of determining aggregate patron demographic data for use in responding to individual patron inquiries, assessing aggregate patron satisfaction with the delivery of the Exchange benefit, and in determining the appropriate product availability meeting the Exchange customers' current and future needs and wants. To aid the Exchange management in determining needs of customers and action required to settle customer complaints and to notify potential customers who voluntarily provide their email address and other personal information to receive information about special events, sales, and other information about shopping at the Exchange, and to improve the efficiency and effectiveness of the Exchange's marketing programs.”

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

Delete entry and replace with “In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act of 1974, as amended, these records or information contained therein may specifically be disclosed outside the DoD as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

To a contractor who requires the data to perform the services that they were contracted to perform, provided that those services are consistent with the routine use for which the information was disclosed to the contracting entity. Should such a disclosure be made to the contractor, the individual or entity making such disclosure shall insure that the contractor complies fully with all Privacy Act provisions, including those prohibiting unlawful disclosure of such information.

To consumer reporting agencies as defined in the Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or in accordance with 3(d)(4)(A)(ii) of the Federal Claims Collection Act of 1966 as amended (31 U.S.C. 3701(a)(3) for the purpose of encouraging the repayment of an overdue debt, the amount, status and history of overdue debts, the name and address, taxpayer identification (SSN), and other information necessary to establish the identity of a debtor, the agency and program under which the claim arose, may be disclosed pursuant to 5 U.S.C. 552a(b)(12).

The DoD 'Blanket Routine Uses' set forth at the beginning of the Army's compilation of systems of records notices apply to this system. The complete list of DoD Blanket Routine Uses can be found online at: http://dpcld.defense.gov/Privacy/SORNsIndex/BlanketRoutineUses.aspx .”

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

Delete entry and replace with “Paper records and electronic storage media.”

Retrievability:

Delete entry and replace with “By individual's name; SSN; military card identification number; DoD ID Number; email address.”

Safeguards:

Delete entry and replace with “Records are maintained in a controlled facility. Physical entry is restricted by the use of locks, guards, and is accessible only to authorized personnel. Access to records is limited to person(s) with an official need to know who are responsible for servicing the record in performance of their official duties. Persons are properly screened and cleared for access. Access to computerized data is role-based and further restricted by passwords, which are changed periodically.”

Retention and disposal:

Delete entry and replace with “Information on shipments is maintained in computer files for 180 days following completion of shipment. Microfilm and microfiche are retained for 2 years for postal claim purposes; destroyed after 6 years.

Cancelled or completed layaway tickets are held for 6 months after cancellation or delivery of merchandise; purchase orders are retained for 2 years; transaction records are retained for 2 years; refund vouchers are retained for 6 years; returned merchandise slips are retained for 6 years; cash receipt vouchers are retained for 3 years; repair/replacement order slips are retained for 2 years. All records are destroyed by shredding, all electronic records are destroyed by erasing/reformatting the media.

Paper records for customer comments, solicitations and complaints are destroyed by shredding after 3 years. Customer records are kept continuously until obsolete or superseded, at which point paper records are shredded, and electronic records are destroyed by erasing/reformatting the media.”

System manager(s) and address:

Delete entry and replace with “Director/Chief Executive Officer, Army and Air Force Exchange Service, 3911 S. Walton Walker Boulevard, Dallas, TX 75236-1598, and local managers at Exchanges worldwide.”

Notification procedure:

Delete entry and replace with “Individuals seeking to determine whether information about themselves is contained in this system should address written inquiries to the Director/Chief Executive Officer, Army and Air Force Exchange Service, 3911 S. Walton Walker Boulevard, Dallas, TX 75236-1598.

Individuals should provide their full name, current address and telephone number, case number that appeared on correspondence received from the Exchange if applicable, and signature.

In addition, the requester must provide a notarized statement or an unsworn declaration made in accordance with 28 U.S.C. 1746, in the following format:

If executed outside the United States:

`I declare (or certify, verify, or state) under penalty of perjury under the laws of the United State of America that the foregoing is true and correct. Executed on (date). (Signature)'.

If executed within the United States, its territories, possessions, or commonwealths: `I declare (or certify, verify, or state) under penalty of perjury that the foregoing is true and correct. Executed on (date). (Signature)'.”

Record access procedures:

Delete entry and replace with “Individuals seeking access to information about themselves contained in this system should address written inquiries to the Director/Chief Executive Officer, Army and Air Force Exchange Service, Attention: FOIA/Privacy Manager,3911 S. Walton Walker Boulevard, Dallas, TX 75236-1598.

Individuals should provide their full name, current address and telephone number, case number that appeared on correspondence received from the Exchange if applicable, and signature.

In addition, the requester must provide a notarized statement or an unsworn declaration made in accordance with 28 U.S.C. 1746, in the following format:

If executed outside the United States:

`I declare (or certify, verify, or state) under penalty of perjury under the laws of the United State of America that the foregoing is true and correct. Executed on (date). (Signature)'.

If executed within the United States, its territories, possessions, or commonwealths: `I declare (or certify, verify, or state) under penalty of perjury that the foregoing is true and correct. Executed on (date). (Signature)'.”

Contesting record procedures:

Delete entry and replace with “The Army's rules for accessing records and for contesting contents and appealing initial agency determinations are contained in 32 CFR part 505, Army Privacy Program; or may be obtained from the system manager.”

Record source categories:

Delete entry and replace with “From the individual and contractor/vendor.”