[Federal Register Volume 81, Number 224 (Monday, November 21, 2016)]
[Notices]
[Pages 83281-83284]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-27948]


=======================================================================
-----------------------------------------------------------------------

NATIONAL CREDIT UNION ADMINISTRATION


Privacy Act of 1974: System of Records

AGENCY: National Credit Union Administration (NCUA)

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974, the National Credit Union 
Administration (NCUA) is proposing to establish a new system of 
records, and add three routine uses to NCUA's Standard Routine Uses.

DATES: This action will be effective without further notice on January 
3, 2017 unless comments are received that would result in a contrary 
determination.

[[Page 83282]]


ADDRESSES: You may submit comments to NCUA by any of the following 
methods:
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     NCUA Web site: http://www.ncua.gov/RegulationsOpinionsLaws/proposed_regs/proposed_regs.html. Follow the 
instructions for submitting comments.
     Email: Address to [email protected]. Include ``[Your 
name]--Comments on NCUA 19 SORN'' in the email subject line.
     Fax: (703) 518-6319. Use the subject line described above 
for email.
     Mail: Address to Gerard Poliquin, Secretary of the Board, 
National Credit Union Administration, 1775 Duke Street, Alexandria, 
Virginia 22314-3428.
     Hand Delivery/Courier: Same as mail address.

FOR FURTHER INFORMATION CONTACT: Michael Mcneill, Office of the Chief 
Financial Officer, Division of Financial Control, Director, 1775 Duke 
Street St. Alexandria, VA 22314, or telephone: (703) 518-6572, or Linda 
Dent, Senior Agency Official for Privacy, Office of General Counsel, at 
the National Credit Union Administration, 1775 Duke Street, Alexandria, 
Virginia 22314, or telephone: (703) 518-6567.

SUPPLEMENTARY INFORMATION: 

(1) NCUA Is Proposing To Establish a New System of Records

    In accordance with the Privacy Act of 1974 (5 U.S.C. 552a), as 
amended, NCUA is issuing public notice of its intent to establish a new 
system of records, NCUA Financial and Acquisition Management System, 
NCUA-19. The system of records described in this notice maintains 
records related to NCUA's core financial and acquisition system, and is 
used to ensure that all of NCUA's obligations and expenditures conform 
with laws, existing rules and regulations, and good business practices.
    (2) NCUA Is Proposing To Add Three Routine Uses to its Standard 
Routine Uses
    As a part of NCUA's ongoing privacy program efforts, NCUA has 
determined that its Standard Routine Uses should be updated to include 
three new routine uses. The first new routine use, which will be 
Standard Routine Use #10, will permit NCUA to share information with 
contractors, grantees, and interns, when necessary to accomplish an 
agency function. Individuals provided information under this routine 
use will be subject to the same Privacy Act requirements and 
limitations on disclosure as are applicable to NCUA employees.
    The second new routine use, which will be Standard Routine Use #11, 
will permit NCUA to share information with appropriate parties in 
response to a federal data breach. The addition of this routine use 
increases NCUA's compliance with OMB M-07-16.
    The third routine use, which will be Standard Routine Use #12, will 
permit NCUA to share information with the Office of Management and 
Budget pursuant to OMB Circular A-19.
    For convenience, the proposed new system of records, ``NCUA 
Financial and Acquisition Management System, NCUA-19,'' and NCUA's 
Standard Routine Uses, with the proposed new routine uses italicized, 
are published below.

National Credit Union Administration.
Gerard Poliquin,
Secretary of the Board.
SYSTEM NAME AND NUMBER:
    NCUA Financial and Acquisition Management System, NCUA-19

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Enterprise Services Center, 6500 South MacArthur Blvd., Oklahoma 
City, OK 73169; NCUA, 1775 Duke Street, Alexandria, VA 22314.

SYSTEM MANAGER(S):
    Chief Financial Officer, Office of the Chief Financial Officer, 
NCUA, 1775 Duke Street, Alexandria, VA 22314.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    12 U.S.C. 1751; 31 U.S.C. 3501, et seq. and 31 U.S.C. 7701(c). 
Where the employee identification number is the social security number, 
collection of this information is authorized by Executive Order 9397.

PURPOSE(S) OF THE SYSTEM:
    This system serves as the core financial and acquisition system and 
integrates program, financial, and budgetary information. Records are 
collected to ensure that all obligations and expenditures (other than 
those in the pay and leave system) are in conformance with laws, 
existing rules and regulations, and good business practices, and to 
maintain subsidiary records at the proper account and/or organizational 
level where responsibility for control of costs exists.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    NCUA employees, contractors, suppliers, vendors, interns, and 
customers.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Employee personnel information: Limited to current and former NCUA 
employees, and includes name, address, Social Security number (SSN). 
Business-related information: Limited to contractors/vendors, 
customers, and credit unions (but not their members), and includes name 
of the company/agency, point of contact, telephone number, mailing 
address, email address, contract number, vendor number (system unique 
identifier), DUNS number, and TIN, which could be a SSN in the case of 
individuals set up as sole proprietors, and total assets and insured 
shares. Financial information: Includes financial institution name, 
lockbox number, routing transit number, deposit account number, account 
type, debts (e.g., unpaid bills/invoices, overpayments, etc.), and 
remittance address.

RECORD SOURCE CATEGORIES:
    The information maintained in Department of Transportation, (DOT)/
Enterprise Service Center (ESC) systems including: Purchase orders, 
contracts, vouchers, invoices, contracts, disbursements, receipts/
collections, Pay.Gov transactions, and related records; U.S. General 
Services Administration (GSA) Federal personnel payroll system (for 
payroll disbursement postings): Concur (for travel disbursements); 
JPMorgan Chase (for charge card payments; travel advance applications; 
other records submitted by individuals, employees, vendors, and other 
sources.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, these records or information contained 
therein may specifically be disclosed outside NCUA as a routine use 
pursuant to 5 U.S.C. 552a(b)(3) as follows:
    1. NCUA's Standard Routine Uses apply to this system of records 
(see below).
    2. Records may be shared with a vendor that NCUA is doing business 
with if a dispute about payments or amounts due arises. In such a 
situation, only the minimum amount of information need to resolve the 
dispute will be shared with the vendor.

[[Page 83283]]

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are maintained in paper and/or electronic form. Records are 
also maintained on NCUA's network back-up tapes. Electronic records are 
stored in computerized databases. Records are stored in locked file 
rooms and/or file cabinets.

POLICIES AND PRACTICES FOR RETRIEVABILITY OF RECORDS:
    Records are retrieved by any one or more of the following: Records 
may be retrieved by a name of employee, employee ID, employee NCUA 
email address, social security number (SSN) for employees, SSN/Tax 
Identification Number (TIN) for vendors doing business with the NCUA, 
name for both employees and vendors, supplier number (system unique) 
for both employees and vendors, DUNS and DUNS + 4.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained in accordance with the General Records 
Retention Schedules issued by the National Archives and Records 
Administration (NARA) or a NCUA records disposition schedule approved 
by NARA.
    Records existing on paper are destroyed beyond recognition. Records 
existing on computer storage media are destroyed according to the 
applicable NCUA media sanitization practice.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    NCUA has adopted appropriate administrative, technical, and 
physical controls in accordance with NCUA's information security 
policies to protect the security, integrity, and availability of the 
information, and to ensure that records are not disclosed to or 
accessed by unauthorized individuals.
    Records are safeguarded in a secured environment. Buildings where 
records are stored have security cameras and 24 hour security guard 
service. The records are kept in limited access areas during duty hours 
and in locked file cabinets and/or locked offices or file rooms at all 
other times. Access is limited to those personnel whose official duties 
require access. Computerized records are safeguarded through use of 
access codes and information technology security. Contractors and other 
recipients providing supplies and/or services to the NCUA are 
contractually obligated to maintain equivalent safeguards.

RECORD ACCESS PROCEDURES:
    Individuals should submit a written request to the Privacy Officer, 
NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following 
information:
    a. Full name.
    b. Any available information regarding the type of record involved, 
and the name of the system containing the record.
    c. The address to which the record information should be sent.
    d. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf.
    Individuals requesting access must also comply with NCUA's Privacy 
Act regulations regarding verification of identity and access to 
records (12 CFR 792.55).

CONTESTING RECORD PROCEDURES:
    Individuals wishing to request an amendment to their records should 
submit a written request to the Privacy Officer, NCUA, 1775 Duke 
Street, Alexandria, VA 22314, and provide the following information:
    a. Full name.
    b. Any available information regarding the type of record involved.
    c. A statement specifying the changes to be made in the records and 
the justification therefor.
    d. The address to which the response should be sent.
    e. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf.

NOTIFICATION PROCEDURE:
    Individuals wishing to learn whether this system of records 
contains information about them should submit a written request to the 
Privacy Officer, NCUA, 1775 Duke Street, Alexandria, VA 22314, and 
provide the following information:
    a. Full name.
    b. Any available information regarding the type of record involved.
    c. The address to which the record information should be sent.
    d. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf.
    Individuals requesting access must also comply with NCUA's Privacy 
Act regulations regarding verification of identity and access to 
records (12 CFR 792.55).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

NCUA's STANDARD ROUTINE USES:
    1. If a record in a system of records indicates a violation or 
potential violation of civil or criminal law or a regulation, and 
whether arising by general statute or particular program statute, or by 
regulation, rule, or order, the relevant records in the system or 
records may be disclosed as a routine use to the appropriate agency, 
whether federal, state, local, or foreign, charged with the 
responsibility of investigating or prosecuting such violation or 
charged with enforcing or implementing the statute, rule, regulation, 
or order issued pursuant thereto.
    2. A record from a system of records may be disclosed as a routine 
use to a federal, state, or local agency which maintains civil, 
criminal, or other relevant enforcement information or other pertinent 
information, such as current licenses, if necessary, to obtain 
information relevant to an agency decision concerning the hiring or 
retention of an employee, the issuance of a security clearance, the 
letting of a contract, or the issuance of a license, grant, or other 
benefit.
    3. A record from a system of records may be disclosed as a routine 
use to a federal agency, in response to its request, for a matter 
concerning the hiring or retention of an employee, the issuance of a 
security clearance, the reporting of an investigation of an employee, 
the letting of a contract, or the issuance of a license, grant, or 
other benefit by the requesting agency, to the extent that the 
information is relevant and necessary to the requesting agency's 
decision in the matter.
    4. A record from a system of records may be disclosed as a routine 
use to an authorized appeal grievance examiner, formal complaints 
examiner, equal employment opportunity investigator, arbitrator or 
other duly authorized official engaged in investigation or settlement 
of a grievance, complaint, or appeal filed by an employee. Further, a 
record from any system of records may be disclosed as a routine use to 
the Office of Personnel Management in accordance with the agency's 
responsibility for evaluation and oversight of federal personnel 
management.
    5. A record from a system of records may be disclosed as a routine 
use to officers and employees of a federal agency for purposes of 
audit.
    6. A record from a system of records may be disclosed as a routine 
use to a member of Congress or to a congressional staff member in 
response to an inquiry from the congressional office made at the 
request of the

[[Page 83284]]

individual about whom the record is maintained.
    7. A record from a system of records may be disclosed as a routine 
use to the officers and employees of the General Services 
Administration (GSA) in connection with administrative services 
provided to this Agency under agreement with GSA.
    8. Records in a system of records may be disclosed as a routine use 
to the Department of Justice, when: (a) NCUA, or any of its components 
or employees acting in their official capacities, is a party to 
litigation; or (b) Any employee of NCUA in his or her individual 
capacity is a party to litigation and where the Department of Justice 
has agreed to represent the employee; or (c) The United States is a 
party in litigation, where NCUA determines that litigation is likely to 
affect the agency or any of its components, is a party to litigation or 
has an interest in such litigation, and NCUA determines that use of 
such records is relevant and necessary to the litigation, provided, 
however, that in each case, NCUA determines that disclosure of the 
records to the Department of Justice is a use of the information 
contained in the records that is compatible with the purpose for which 
the records were collected.
    9. Records in a system of records may be disclosed as a routine use 
in a proceeding before a court or adjudicative body before which NCUA 
is authorized to appear (a) when NCUA or any of its components or 
employees are acting in their official capacities; (b) where NCUA or 
any employee of NCUA in his or her individual capacity has agreed to 
represent the employee; or (c) where NCUA determines that litigation is 
likely to affect the agency or any of its components, is a party to 
litigation or has an interest in such litigation, and NCUA determines 
that use of such records is relevant and necessary to the litigation, 
provided, however, NCUA determines that disclosure of the records to 
the Department of Justice is a use of the information contained in the 
records that is compatible with the purpose for which the records were 
collected.
    10. A record from a system of records may be disclosed to 
contractors, experts, consultants, and the agents thereof, and others 
performing or working on a contract, service, cooperative agreement, or 
other assignment for NCUA when necessary to accomplish an agency 
function or administer an employee benefit program. Individuals 
provided information under this routine use are subject to the same 
Privacy Act requirements and limitations on disclosure as are 
applicable to NCUA employees.
    11. A record from a system of records may be disclosed to 
appropriate agencies, entities, and persons when (1) NCUA suspects or 
has confirmed that the security or confidentiality of information in 
the system of records has been compromised; (2) NCUA has determined 
that as a result of the suspected or confirmed compromise there is a 
risk of harm to economic or property interests, identity theft or 
fraud, or harm to the security or integrity of this system or other 
systems or programs (whether maintained by NCUA or another agency or 
entity) that rely upon the compromised information; and (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with NCUA's efforts to respond to the 
suspected or confirmed compromise and prevent, minimize, or remedy such 
harm.
    12. A record from a system of records may be shared with the Office 
of Management and Budget (OMB) in connection with the review of private 
relief legislation as set forth in OMB Circular A-19 at any stage of 
the legislative coordination and clearance process as set forth in that 
circular.

[FR Doc. 2016-27948 Filed 11-18-16; 8:45 am]
 BILLING CODE 4510-FW-P