This rule clarifies the responsibility of the providers of Postage Evidencing Systems (PES) to safeguard customer information and maintain regulatory controls over agents operating third-party locations at domestic or international (off shore) facilities.
This rule is effective January 11, 2012.
Mail or deliver written comments to the Manager, Payment Technology, U.S. Postal Service, 475 L'Enfant Plaza SW., Room 3660, Washington, DC 20260-0911. Copies of all written comments will be available for inspection and photocopying between 9 a.m. and 4 p.m., Monday through Friday, at the Payment Technology office.
Start Further Info
FOR FURTHER INFORMATION CONTACT:
Hank Heren, Business Programs Specialist, Payment Technology, U.S. Postal Service, at (309) 671-8926.
End Further Info
Start Supplemental Information
This final rule is intended to assure that the same general rules apply to third-party organizations as apply to the PES providers. The PES providers must ensure that any third party acting on their behalf performing any function maintains the same facilities, records, and procedures to safeguard the security of the PES.
Start List of Subjects
End List of Subjects
Accordingly, for the reasons stated, 39 CFR part 501 is amended as follows:
PART 501—AUTHORIZATION TO MANUFACTURE AND DISTRIBUTE POSTAGE EVIDENCING SYSTEMS
Start Amendment Part
1. The authority citation forEnd Amendment Part
Start Amendment Part
2. Section 501.3 is amended by revising paragraph (d) and adding paragraph (e) as follows:End Amendment Part
Postage Evidencing System provider qualification.
* * * * *
(d) As the provider bears the ultimate responsibility to ensure customer information will not be compromised at any domestic or off shore locations, the provider (as well as its agent operating domestic or off shore locations) will not cause or permit data to be released other than for the operation of the third-party location. The provider shall notify its customer that data relating to its systems is being housed by a third-party location, and shall provide a copy thereof to the Postal Service of such notice to its customers. To the extent that any unauthorized release takes Start Printed Page 77150place, the vendor shall notify the Postal Service immediately upon discovery of any unauthorized use or disclosure of data or any other breach or improper disclosure of data of this agreement by the provider (as well as its agent operating the third-party location) and will cooperate with the Postal Service in every reasonable way to help the Postal Service regain possession of the data and prevent its further unauthorized use or disclosure. In the event that the Postal Service cannot regain possession of the data or prevent its further unauthorized use or disclosure, the provider shall indemnify the Postal Service from damages resulting from its (or such third-party) actions.
(e) Have, or establish, and keep under its active supervision and control adequate facilities for the control, distribution, and maintenance of PES and their replacement or secure disposal or destruction when necessary and appropriate.
End Supplemental Information
Stanley F. Mires,
Attorney, Legal Policy & Legislative Advice.
[FR Doc. 2011-31726 Filed 12-9-11; 8:45 am]
BILLING CODE 7710-12-P