80 FR 48935 - Privacy Act of 1974; System of Records
POSTAL SERVICE Federal Register Volume 80, Issue 157 (August 14, 2015)
Federal Register Volume 80, Issue 157 (August 14, 2015)
| Page Range | 48935-48936 | |
| FR Document | 2015-20031 |
[Federal Register Volume 80, Number 157 (Friday, August 14, 2015)] [Notices] [Pages 48935-48936] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2015-20031] ======================================================================= ----------------------------------------------------------------------- POSTAL SERVICE Privacy Act of 1974; System of Records AGENCY: Postal ServiceTM. ACTION: Notice of new system of records. ----------------------------------------------------------------------- SUMMARY: The United States Postal Service[supreg] (Postal Service) is establishing a new General Privacy Act System of Records. This new system of records is being established to provide administrative support to end users in connection with a new Postal Service digital application, USPS Health ConnectTM. DATES: This system will become effective without further notice September 14, 2015 unless, in response to comments received on or before that date, the Postal Service makes any substantial change to the purpose or routine uses set forth, or to expand the availability of information in this system, as described in this notice. ADDRESSES: Comments may be mailed or delivered to the Privacy and Records Office, United States Postal Service, 475 L'Enfant Plaza SW., Room 9431, Washington, DC 20260-1101. Copies of all written comments will be available at this address for public inspection and photocopying between 8 a.m. and 4 p.m., Monday through Friday. FOR FURTHER INFORMATION CONTACT: Matthew J. Connolly, Chief Privacy Officer, Privacy and Records Office, 202-268-8582 or [email protected]. SUPPLEMENTARY INFORMATION: This notice is in accordance with the Privacy Act requirement that agencies publish their amended systems of records in the Federal Register when there is a revision, change, or addition. I. Background The Postal Service seeks to provide a new wellness benefit to its employees and their dependents by offering USPS Health Connect, a secure application that allows end users to collect, store, and manage their personal health and wellness information in an account completely under the end user's control. Postal Service employees will be able to voluntarily elect to use this application. II. Rationale for Changes to USPS Privacy Act Systems of Records The System of Records USPS 100.450, Administrative Records Related to Digital Services, is being established to provide administrative support to assist end users with technical questions and issues concerning the USPS Health Connect application. This new system of records includes only the categories of administrative records defined below. Neither the Postal Service nor its contractors or subcontractors will view or access any health or medical information that is collected, stored, or shared by the end user when using USPS Health Connect. III. Description of New System of Records The Postal ServiceTM is establishing a new General Privacy Act System of Records titled: 100.450 Administrative Records Related to Digital Services. Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to submit written data, views, or arguments on this proposal. A report of the new system of records has been sent to Congress and to the Office of Management and Budget for their evaluation. The Postal Service does not expect this notice to have any adverse effect on individual privacy rights. Accordingly, for the reasons stated above, the Postal Service proposes a new system of records as follows: USPS 100.450 System Name: User Profile Support Records Related to Digital Service. System Location Contractor sites. Categories of Individuals Covered by the System 1. Current and former USPS employees and their dependents that voluntarily opt-in to use USPS Health Connect. Categories of Records in the System 1. User Profile Information: Name, date of birth, email, gender, phone, internally assigned identifier, username, physical address, employee identification number (EIN), contact information, customer ID(s), text message number, date of account creation, method of referral to Web site, date of last logon, and authentication method preferences. 2. User preferences for communications: Frequency and channel opt in/opt out and preferred means of contact for service alerts and notifications, language. 3. Online user information: Internet Protocol (IP) address, domain name, operating system versions, browser version, date and time of first and last connection, and geographic location. 4. Identity verification information: username, user ID, email address, text message number, and results of identity proofing validation. Authority for Maintenance of the System 39 U.S.C. 1003, 1004, and 1201-1209. Purpose(s) 1. To provide administrative support to assist end users with technical questions and issues. 2. To provide account management assistance. 3. To provide account security and to deter and detect fraud. Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses Standard routine uses 1-9 and 11 apply. Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System Storage Automated database, computer storage media, and digital files. Retrievability For System administrators and/or customer service representatives, by internally assigned identifier, or end user account details such as name, phone number, etc. to assist end users with access/use of USPS Health Connect and understand and fulfill end user needs. Safeguards Contractor site utilizes a Cloud Infrastructure under Agency [[Page 48936]] Authorization to Operate (ATO) using a FedRAMP accredited Third Party Assessment Organization (3PAO) for selected Cloud Service Provider services. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All physical access to data centers by contractor employees is logged and audited routinely. Encryption and Data Security uses Federal Information Processing Standards (FIPS) compliant encryption, secure certificates for Client and Server communication authenticity, session protection certificates for end to end protection, multiple layers of protection for data confidentiality and integrity and hashes and password storage encryption and block level encryption for the data volumes. Customer support personnel have minimum access to user profile records. Retention and Disposal Records are retained until (1) the end user cancels the account, (2) six years after the end user last accesses their account, (3) until the relationship ends, or (4) after reasonable notice has been provided to the end user to export their account information in the event the agreement is terminated. Records existing on computer storage media are destroyed according to the applicable USPS media sanitization practice. System Manager(s) and Address Chief Information Officer and Executive Vice President, United States Postal Service, 475 L'Enfant Plaza SW., Washington, DC 20260. Notification Procedure Individuals wanting to know if information about them is maintained in this system must address inquiries in writing to the system manager. Inquiries must include full name, Date of Birth, physical address, email address, username and other identifying information if requested. Record Access Procedures Requests for access must be made in accordance with the Notification Procedure above and USPS Privacy Act regulations regarding access to records and verification of identity under 39 CFR 266.6. Contesting Record Procedures See Notification Procedure and Record Access Procedures above. Record Source Categories Individual end user. * * * * * Stanley F. Mires, Attorney, Federal Compliance. [FR Doc. 2015-20031 Filed 8-13-15; 8:45 am] BILLING CODE 7710-01-P
![Federal Register / Vol. 80, No. 157 / Friday, August 14, 2015 / Notices 48935
due no later than August 17, 2015. The FOR FURTHER INFORMATION CONTACT: CATEGORIES OF INDIVIDUALS COVERED BY THE
public portions of these filings can be Matthew J. Connolly, Chief Privacy SYSTEM
accessed via the Commission’s Web site Officer, Privacy and Records Office, 1. Current and former USPS
(http://www.prc.gov). 202–268–8582 or privacy@usps.gov. employees and their dependents that
The Commission appoints James F. SUPPLEMENTARY INFORMATION: This voluntarily opt-in to use USPS Health
Callow to serve as Public Representative notice is in accordance with the Privacy Connect.
in these dockets. Act requirement that agencies publish CATEGORIES OF RECORDS IN THE SYSTEM
III. Ordering Paragraphs their amended systems of records in the 1. User Profile Information: Name,
Federal Register when there is a date of birth, email, gender, phone,
It is ordered: revision, change, or addition.
1. The Commission establishes Docket internally assigned identifier, username,
Nos. MC2015–78 and CP2015–123 to I. Background physical address, employee
consider the matters raised in each identification number (EIN), contact
The Postal Service seeks to provide a
docket. information, customer ID(s), text
new wellness benefit to its employees
2. Pursuant to 39 U.S.C. 505, James F. message number, date of account
and their dependents by offering USPS
Callow is appointed to serve as an creation, method of referral to Web site,
Health Connect, a secure application
officer of the Commission to represent date of last logon, and authentication
that allows end users to collect, store,
the interests of the general public in method preferences.
and manage their personal health and 2. User preferences for
these proceedings (Public wellness information in an account
Representative). communications: Frequency and
completely under the end user’s control. channel opt in/opt out and preferred
3. Comments are due no later than Postal Service employees will be able to
August 17, 2015. means of contact for service alerts and
voluntarily elect to use this application. notifications, language.
4. The Secretary shall arrange for
II. Rationale for Changes to USPS 3. Online user information: Internet
publication of this order in the Federal
Privacy Act Systems of Records Protocol (IP) address, domain name,
Register.
operating system versions, browser
By the Commission. The System of Records USPS 100.450, version, date and time of first and last
Ruth Ann Abrams, Administrative Records Related to connection, and geographic location.
Acting Secretary. Digital Services, is being established to 4. Identity verification information:
provide administrative support to assist username, user ID, email address, text
[FR Doc. 2015–20052 Filed 8–13–15; 8:45 am]
end users with technical questions and message number, and results of identity
BILLING CODE 7710–FW–P
issues concerning the USPS Health proofing validation.
Connect application. This new system
of records includes only the categories AUTHORITY FOR MAINTENANCE OF THE SYSTEM
POSTAL SERVICE of administrative records defined below. 39 U.S.C. 1003, 1004, and 1201–1209.
Neither the Postal Service nor its
PURPOSE(S)
Privacy Act of 1974; System of contractors or subcontractors will view
Records or access any health or medical 1. To provide administrative support
information that is collected, stored, or to assist end users with technical
AGENCY: Postal ServiceTM. shared by the end user when using questions and issues.
ACTION: Notice of new system of records. USPS Health Connect. 2. To provide account management
assistance.
SUMMARY: The United States Postal III. Description of New System of 3. To provide account security and to
Service® (Postal Service) is establishing Records deter and detect fraud.
a new General Privacy Act System of The Postal ServiceTM is establishing a ROUTINE USES OF RECORDS MAINTAINED IN THE
Records. This new system of records is new General Privacy Act System of SYSTEM, INCLUDING CATEGORIES OF USERS AND
being established to provide Records titled: 100.450 Administrative THE PURPOSES OF SUCH USES
administrative support to end users in Records Related to Digital Services. Standard routine uses 1–9 and 11
connection with a new Postal Service Pursuant to 5 U.S.C. 552a(e)(11), apply.
digital application, USPS Health interested persons are invited to submit
ConnectTM. written data, views, or arguments on POLICIES AND PRACTICES FOR STORING,
RETRIEVING, ACCESSING, RETAINING, AND
DATES: This system will become this proposal. A report of the new DISPOSING OF RECORDS IN THE SYSTEM
effective without further notice system of records has been sent to
September 14, 2015 unless, in response Congress and to the Office of STORAGE
to comments received on or before that Management and Budget for their Automated database, computer
date, the Postal Service makes any evaluation. The Postal Service does not storage media, and digital files.
substantial change to the purpose or expect this notice to have any adverse RETRIEVABILITY
routine uses set forth, or to expand the effect on individual privacy rights.
Accordingly, for the reasons stated For System administrators and/or
availability of information in this
above, the Postal Service proposes a customer service representatives, by
system, as described in this notice.
new system of records as follows: internally assigned identifier, or end
ADDRESSES: Comments may be mailed
asabaliauskas on DSK5VPTVN1PROD with NOTICES
user account details such as name,
or delivered to the Privacy and Records USPS 100.450 phone number, etc. to assist end users
Office, United States Postal Service, 475 with access/use of USPS Health Connect
L’Enfant Plaza SW., Room 9431, SYSTEM NAME:
and understand and fulfill end user
Washington, DC 20260–1101. Copies of User Profile Support Records Related needs.
all written comments will be available to Digital Service.
at this address for public inspection and SAFEGUARDS
photocopying between 8 a.m. and 4 SYSTEM LOCATION Contractor site utilizes a Cloud
p.m., Monday through Friday. Contractor sites. Infrastructure under Agency
VerDate Sep<11>2014 18:50 Aug 13, 2015 Jkt 235001 PO 00000 Frm 00132 Fmt 4703 Sfmt 4703 E:\FR\FM\14AUN1.SGM 14AUN1](https://thefederalregister.org/doc/80_FR_49092/page/1.svg)
![48936 Federal Register / Vol. 80, No. 157 / Friday, August 14, 2015 / Notices
Authorization to Operate (ATO) using a and verification of identity under 39 219.35. Section 2(e) of the RRA requires
FedRAMP accredited Third Party CFR 266.6. that an employee must relinquish all
Assessment Organization (3PAO) for rights to any railroad employer service
CONTESTING RECORD PROCEDURES
selected Cloud Service Provider before a spouse annuity can be paid.
services. Physical access is strictly See Notification Procedure and The RRB uses Form G–346,
controlled both at the perimeter and at Record Access Procedures above. Employee’s Certification, to obtain the
building ingress points by professional RECORD SOURCE CATEGORIES
information needed to determine
security staff utilizing video whether the employee’s current
Individual end user.
surveillance, intrusion detection marriage is valid. Form G–346 is
systems, and other electronic means. * * * * * completed by the retired employee who
Authorized staff must pass two-factor Stanley F. Mires, is the husband or wife of the applicant
authentication a minimum of two times Attorney, Federal Compliance. for a spouse annuity. Completion is
to access data center floors. All physical [FR Doc. 2015–20031 Filed 8–13–15; 8:45 am]
required to obtain a benefit. One
access to data centers by contractor response is requested of each
BILLING CODE 7710–01–P
employees is logged and audited respondent.
routinely. Consistent with 20 CFR 217.17, the
Encryption and Data Security uses RRB uses Form G–346sum, Employee’s
Federal Information Processing RAILROAD RETIREMENT BOARD Certification Summary, which mirrors
Standards (FIPS) compliant encryption, the information collected on Form G–
Agency Forms Submitted for OMB
secure certificates for Client and Server 346, when an employee, after being
Review, Request for Comments
communication authenticity, session interviewed by an RRB field office staff
protection certificates for end to end SUMMARY: In accordance with the member ‘‘signs’’ the form using an
protection, multiple layers of protection Paperwork Reduction Act of 1995 (44 alternative signature method known as
for data confidentiality and integrity U.S.C. Chapter 35), the Railroad ‘‘attestation.’’ Attestation refers to the
and hashes and password storage Retirement Board (RRB) is forwarding action taken by the RRB field office
encryption and block level encryption an Information Collection Request (ICR) employee to confirm and annotate the
for the data volumes. Customer support to the Office of Information and RRB’s records of the applicant’s
personnel have minimum access to user Regulatory Affairs (OIRA), Office of affirmation under penalty of perjury that
profile records. Management and Budget (OMB). Our the information provided is correct and
ICR describes the information we seek the applicant’s agreement to sign the
RETENTION AND DISPOSAL
to collect from the public. Review and form by proxy. Completion is required
Records are retained until (1) the end approval by OIRA ensures that we to obtain a benefit. One response is
user cancels the account, (2) six years impose appropriate paperwork burdens. requested of each respondent.
after the end user last accesses their The RRB invites comments on the Previous Requests for Comments: The
account, (3) until the relationship ends, proposed collection of information to RRB has already published the initial
or (4) after reasonable notice has been determine (1) the practical utility of the 60-day notice (80 FR 32637 on June 9,
provided to the end user to export their collection; (2) the accuracy of the 2015) required by 44 U.S.C. 3506(c)(2).
account information in the event the estimated burden of the collection; (3) That request elicited no comments.
agreement is terminated. ways to enhance the quality, utility, and
Records existing on computer storage Information Collection Request (ICR)
clarity of the information that is the
media are destroyed according to the subject of collection; and (4) ways to Title: Employee’s Certification.
applicable USPS media sanitization minimize the burden of collections on OMB Control Number: 3220–0140.
practice. respondents, including the use of Forms submitted: G–346 and
SYSTEM MANAGER(S) AND ADDRESS automated collection techniques or G–346sum.
other forms of information technology. Type of request: Extension without
Chief Information Officer and
Comments to the RRB or OIRA must change of a currently approved
Executive Vice President, United States
contain the OMB control number of the collection.
Postal Service, 475 L’Enfant Plaza SW.,
ICR. For proper consideration of your Affected public: Individuals or
Washington, DC 20260.
comments, it is best if the RRB and Households.
NOTIFICATION PROCEDURE OIRA receive them within 30 days of Abstract: Under Section 2 of the
Individuals wanting to know if the publication date. Railroad Retirement Act, spouses of
information about them is maintained in Section 2 of the Railroad Retirement retired railroad employees may be
this system must address inquiries in Act (RRA), provides for the payment of entitled to an annuity. The collection
writing to the system manager. Inquiries an annuity to the spouse or divorced obtains information from the employee
must include full name, Date of Birth, spouse of a retired railroad employee. about the employee’s previous
physical address, email address, For the spouse or divorced spouse to marriages, if any, to determine if any
username and other identifying qualify for an annuity, the RRB must impediment exists to the marriage
information if requested. determine if any of the employee’s between the employee and his or her
current marriage to the applicant is spouse.
RECORD ACCESS PROCEDURES valid. Changes proposed: The RRB proposes
asabaliauskas on DSK5VPTVN1PROD with NOTICES
Requests for access must be made in The requirements for obtaining no changes to the forms in this
accordance with the Notification documentary evidence to determine collection.
Procedure above and USPS Privacy Act valid marital relationships are The burden estimate for the ICR is as
regulations regarding access to records prescribed in 20 CFR 219.30 through follows:
VerDate Sep<11>2014 18:50 Aug 13, 2015 Jkt 235001 PO 00000 Frm 00133 Fmt 4703 Sfmt 4703 E:\FR\FM\14AUN1.SGM 14AUN1](https://thefederalregister.org/doc/80_FR_49092/page/2.svg)
Document Created: 2018-02-23 10:58:45
Document Modified: 2018-02-23 10:58:45
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Notice of new system of records. | |
| Dates | This system will become effective without further notice September 14, 2015 unless, in response to comments received on or before that date, the Postal Service makes any substantial change to the purpose or routine uses set forth, or to expand the availability of information in this system, as described in this notice. | |
| Contact | Matthew J. Connolly, Chief Privacy Officer, Privacy and Records Office, 202-268-8582 or [email protected] | |
| FR Citation | 80 FR 48935 |
2024 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR