[Federal Register Volume 81, Number 47 (Thursday, March 10, 2016)]
[Notices]
[Pages 12748-12750]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-05313]


=======================================================================
-----------------------------------------------------------------------

NATIONAL CREDIT UNION ADMINISTRATION


Privacy Act of 1974: System of Records

AGENCY: National Credit Union Administration (NCUA).

ACTION: Notice of Altered Privacy Act System of Records.

-----------------------------------------------------------------------

SUMMARY: The Personnel Administrative Security System collects and 
maintains information on individuals requiring access to NCUA-
controlled facilities and NCUA applicants, employees, and contractors 
requiring suitability, fitness, and/or national security 
determinations.

DATES: Submit comments on or before April 5, 2016. This action will be 
effective without further notice on April

[[Page 12749]]

12, 2016 unless comments are received that would result in a contrary 
determination.

ADDRESSES: You may submit comments by any of the following methods, but 
please send comments by one method only:
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     NCUA Web site: http://www.ncua.gov/RegulationsOpinionsLaws/proposed_regs/proposed_regs.html. Follow the 
instructions for submitting comments.
     Email: Address to [email protected]. Include ``[Your 
name]--Comments on NCUA PASS Registry SORN'' in the email subject line.
     Fax: (703) 518-6319. Use the subject line described above 
for email.
     Mail: Address to Gerard Poliquin, Secretary of the Board, 
National Credit Union Administration, 1775 Duke Street, Alexandria, 
Virginia 22314-3428.
     Hand Delivery/Courier: Same as mail address.

FOR FURTHER INFORMATION CONTACT: Charles Burr, System Manager, Office 
of Continuity and Security Management, Kevin Johnson, Staff Attorney, 
or Linda Dent, Senior Agency Official for Privacy, Office of General 
Counsel, at the National Credit Union Administration, 1775 Duke Street, 
Alexandria, Virginia, 22314, or telephone: (703) 518-6540.

SUPPLEMENTARY INFORMATION: In accordance with the Privacy Act of 1974 
(5 U.S.C. 552a), as amended, NCUA is issuing public notice of its 
intent to modify the system of records previously maintained by the 
Office of Human Resources (OHR) and titled ``Employee Suitability and 
Security Investigations Containing Adverse Information, NCUA.'' The 
proposed modifications will: Change the system manager from OHR to the 
Office of Continuity and Security Management (OCSM); rename the system 
to the ``Personnel Access and Security System (PASS);'' restate the 
routine uses of records. This action is necessary to meet the 
requirements of the Privacy Act that federal agencies publish in the 
Federal Register a notice of the existence and character of records it 
maintains that are retrieved by an individual identifier (5 U.S.C. 
552a(e)(4)).

SYSTEM NAME AND NUMBER:
    Personnel Access and Security System (PASS), NCUA-1.

SYSTEM LOCATION:
    Office of Continuity and Security Management, National Credit Union 
Administration, 1775 Duke Street, Alexandria, VA 22314-3428.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Government Organization and Employees (5 U.S.C. 301); 5 U.S.C. 
Chapter 73 (Suitability, Security, and Conduct); 5 U.S.C. 7531-33 
(National Security); Federal Information Security Management Act of 
2002 (44 U.S.C. 3541); E-Government Act of 2002 (44 U.S.C. 101); 
Paperwork Reduction Act of 1995 (44 U.S.C. 3501); Executive Order 10450 
(Security requirements for government employment); Executive Order 
13526 and its predecessor orders (National Security Information); 
Executive Order 12968 (Access to Classified Information); Executive 
Order 13857 (Security of Classified Networks and Information); Homeland 
Security Presidential Directive 12 (HSPD-12), August 27, 2004); 12 
U.S.C. 1785 and NCUA Rules and Regulations 701.14; Section 212 of the 
Federal Credit Union Act (12 U.S.C. 1790a).

PURPOSE(S):
    The collected information enables NCUA OCSM to identify and review 
allegations of misconduct or negligence in employment and other 
security information relevant to making HSPD-12 PIV card issuance 
determinations, and personnel suitability, fitness, and/or national 
security determinations. It also improves the handling of sensitive 
personal information and facilitates NCUA's ability to identify 
potential insider threats or potential systemic security concerns.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The system will collect and maintain information on individuals who 
require short- or long-term access as required by their position to 
NCUA-controlled facilities and information technology systems, 
including NCUA employees, appointees, interns, contractors, students, 
volunteers, and other non-federal employees either presently or 
formerly in any of these positions; applicants for NCUA employment or 
for work on NCUA contracts; applicants, appointees, employees, interns 
or contractors for whom an Office of Personnel Management (OPM) 
suitability, fitness or national security clearance investigation has 
been initiated and/or conducted; officials from troubled or newly 
chartered credit unions; visitors to NCUA facilities and their security 
clearance information; foreign national visitors.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Incident and investigative material relating to any category of 
individual described above, including case files containing information 
such as full name, date of birth, gender, photograph, social security 
number, place of birth, citizenship; work and home telephone numbers 
and addresses; identification documentation (such as passports, work 
visas, driver's licenses); security screening information (such as 
resume, employer address, applications for employment, fingerprints, 
credit checks); legal case pleadings and files; employment information 
(NCUA employment status, former employment letters of reference, former 
employment letters of termination or resignation); information obtained 
during security inquires (such as letters of inquiry; other agency 
database checks and reports; suspicious activity reports and 
notifications from other agencies and employees; network audit records, 
email, chat conversations, text messages sent using NCUA devices; 
social media account findings for individuals undergoing security 
investigations); self-reported security-related information (such as 
foreign travel notifications, changes in financial status, changes in 
marital status, arrests); security violation files; security 
evaluations and clearances; NCUA security screening status (permanent 
or provisional); personnel identity verification (PIV) information 
(such as card status, PIV card number, PIN number).
    For visitors, information collected can include names, date of 
birth, citizenship, identification type, temporary pass number, host 
name, office symbol, room number, telephone number.

RECORD SOURCE CATEGORIES:
    Information is provided by the individual to whom the record 
pertains; references supplied by the individual such as current and/or 
former employers and associates; public records such as court 
documents, news media, social media and other publications; intra-
agency records; and investigative and other record material compiled in 
the course of investigation or furnished by other government agencies.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    NCUA OCSM uses these records to document the outcome of 
adjudicative determinations for the issuance of the HSPD-12 PIV card or 
the local agency access badge, and to document the outcome of 
adjudicative determinations for suitability, fitness, and/or national 
security clearances. Contact information is used for communication and

[[Page 12750]]

authentication purposes. In addition with those disclosures generally 
permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion 
of records in this system may be disclosed to authorized federal or 
state entities as it is determined to be relevant and necessary.

POLICIES AND PRACTICE FOR STORAGE OF RECORDS:
    Records are stored electronically and physically.

POLICIES AND PRACTICE FOR RETRIEVABILITY OF RECORDS:
    Records are retrieved by individual identifiers such as name, 
social security number, or an individual identifier with non-
individually identifiable information.

POLICIES AND PRACTICE FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained until they become inactive. Records become 
inactive when they are no longer useful for their collected purpose. 
Records are disposed in accordance with NCUA record retention schedules 
and consistent with destruction methods appropriate to the type of 
information.

PHYSICAL, PROCEDURAL, AND ADMINISTRATIVE SAFEGUARDS:
    Information in the system is safeguarded in accordance with the 
applicable laws, rules and policies governing the operation of federal 
information systems. Access to privacy-related information within the 
system is password protected and restricted to authorized personnel. 
Physical records in paper format are safeguarded in accordance with the 
applicable laws, rules and policies governing privacy-related 
information. All records in paper format are stored under the requisite 
double-lock. Access to privacy-related information in paper format is 
restricted to authorized personnel.

SYSTEM MANAGER(S):
    Deputy Director, Office of Continuity and Security Management, 
National Credit Union Administration, 1775 Duke Street, Alexandria, VA 
22314-3428.

RECORD ACCESS PROCEDURES:
    Upon verification that an individual has a record in the system, as 
determined by the notification procedure below, the system manager will 
provide the procedure for gaining access to available records.

CONTESTING RECORD PROCEDURES:
    Requests to amend or correct a record should be submitted in 
writing to the system manager listed above in accordance with NCUA 
regulations at 12 CFR part 792, subpart E. Requesters must reasonably 
identify the record, specify the information being contested, state the 
corrective action sought and the reasons for the correction along with 
supporting justification showing why the record is not accurate, 
timely, relevant, or complete.

NOTIFICATION PROCEDURE:
    An individual can determine if this system contains a record 
pertaining to the individual by addressing a request in writing to the 
system manager listed above in accordance with NCUA regulations at 12 
CFR part 792, subpart E. The individual must provide his/her full name 
and identify the date he/she was associated with NCUA as well as 
contact information for a response. If there is no record on the 
individual, the individual will be so advised.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    In addition to any exemption to which this system is subject by 
Notices published by or regulations promulgated by OPM or the Director 
of National Intelligence, the system is subject to a specific exemption 
pursuant to 5 U.S.C. 552a (k)(5) to the extent that disclosures would 
reveal a source who furnished information under an express promise of 
confidentiality, or prior to September 27, 1975, under an express or 
implied promise of confidentiality.

    By the National Credit Union Administration on March 3, 2016.
Gerard Poliquin,
Secretary of the Board.
[FR Doc. 2016-05313 Filed 3-9-16; 8:45 am]
BILLING CODE P