Federal Register, Volume 84 Issue 58 (Tuesday, March 26, 2019)

[Federal Register Volume 84, Number 58 (Tuesday, March 26, 2019)]
[Notices]
[Pages 11333-11334]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-05740]


-----------------------------------------------------------------------

NATIONAL CREDIT UNION ADMINISTRATION


Privacy Act of 1974: Systems of Records

AGENCY: National Credit Union Administration (NCUA).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974, the National Credit Union 
Administration (NCUA) gives notice of a new proposed Privacy Act system 
of records. The new proposed system is the NCUA Connect, NCUA-21. The 
NCUA Connect system will carry out the NCUA's statutorily mandated 
credit union examination and supervision activities. Specifically, this 
system is the interface through which authorized users access NCUA's 
other major examination, supervision, and reporting related systems.

DATES: Submit comments on or before April 25, 2019. This action will be 
effective without further notice on April 25, 2019 unless comments are 
received that would result in a contrary determination.

ADDRESSES: You may submit comments by any of the following methods, but 
please send comments by one method only:
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     NCUA Website: http://www.ncua.gov/RegulationsOpinionsLaws/proposed_regs/proposed_regs.html. Follow the instructions for 
submitting comments.
     Email: Address to [email protected]. Include ``[Your 
name]--Comments on `NCUA Connect, NCUA-21 SORN' '' in the email subject 
line.
     Fax: (703) 518-6319. Use the subject line described above 
for email.
     Mail: Address to Gerard Poliquin, Secretary of the Board, 
National Credit Union Administration, 1775 Duke Street, Alexandria, 
Virginia 22314-3428.
     Hand Delivery/Courier: Same as mail address.

FOR FURTHER INFORMATION CONTACT: Director of the Office of Business 
Innovation, the National Credit Union Administration, 1775 Duke Street, 
Alexandria, Virginia, 22314, or Rena Kim, Privacy Attorney, Office of 
General Counsel, the National Credit Union Administration, 1775 Duke 
Street, Alexandria, Virginia 22314. Telephone number (703) 548-2398.

SUPPLEMENTARY INFORMATION: This notice informs the public of NCUA's 
proposal to establish and maintain a new system of records. The 
proposed new system is being established under NCUA's authority in the 
Federal Credit Union Act, 12 U.S.C. 1751, et seq. The information 
collected in the NCUA Connect, NCUA-21 system of records is designed to 
provide a one-stop entry point for internal and external users, which 
should enhance user experience, while also streamlining security 
activities. This notice satisfies the Privacy Act requirement that an 
agency publish a system of records notice in the Federal Register when 
there is an addition to the agency's systems of records. The format of 
NCUA Connect, NCUA-21 aligns with the guidance set forth in OMB 
Circular A-108. NCUA-21 and all of NCUA's Standard Routine Uses are 
published in full below. All of the NCUA's SORNs are available at 
www.ncua.gov.

    By the National Credit Union Administration Board on March 20, 
2019.
Gerard Poliquin,
Secretary of the Board.

SYSTEM NAME AND NUMBER
    NCUA Connect, NCUA-21.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    The system is operated and maintained in part by NCUA staff, and in 
part by third-party vendors. Please contact the system managers (below) 
for more information.

SYSTEM MANAGER(S):
    Director of the Office of Business Innovation, National Credit 
Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-
3428.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    12 U.S.C. 1751, et seq.

PURPOSE(S) OF THE SYSTEM:
    This system of records is maintained for the purpose of carrying 
out the NCUA's statutorily mandated examination and supervision 
activities. Specifically, this system is the interface through which 
authorized users access NCUA's other major examination, supervision, 
and reporting related systems. It is designed to provide a one-stop 
entry point for internal and external users, which should enhance user 
experience, while also streamlining security activities.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by this system are (1) Current and former 
directors, officers, employees, and agents of credit unions; (2) 
Current and former credit union service organization representatives; 
(3) Other individuals engaged in business with the NCUA for a specific 
purpose (such as outside counsel); and (4) NCUA employees and 
contractors, and State Supervisory Authority staff.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records in the system contain basic log-in information, including 
username, password, email address, and role. The system also contains 
log-in/access records.

RECORD SOURCE CATEGORIES:
    The sources of information in the system are the individual users, 
or someone acting on their behalf (such as an administrator in their 
organization, or an NCUA employee or contractor).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, these records or information contained 
therein may specifically be disclosed outside NCUA

[[Page 11334]]

as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    1. NCUA's Standard Routine Uses apply to this system of records.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Electronic records and backups are stored on dedicated secure 
instance, approved by NCUA's Office of the Chief Information Officer 
(OCIO), within a FedRAMP-authorized commercial Cloud Service Provider's 
(CSP) Infrastructure as a Service (IaaS) hosting environment and 
accessed only by authorized personnel. No paper files are maintained.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by name, username, affiliated organization, 
email, role, or date.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained in accordance with the General Records 
Retention Schedules issued by the National Archives and Records 
Administration (NARA) or a NCUA records disposition schedule approved 
by NARA. Records existing on computer storage media are destroyed 
according to the applicable NIST-compliant media sanitization policy.

ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFEGUARDS:
    NCUA has implemented the appropriate administrative, technical, and 
physical controls in accordance with the Federal Information Security 
Modernization Act of 2014, Public Law 113-283, S. 2521, and NCUA's 
information security policies to protect the confidentiality, 
integrity, and availability of the information system and the 
information contained therein. Access is limited to individuals 
authorized through NIST-compliant Identity, Credential, and Access 
Management policies and procedures. The records are maintained behind a 
layered defensive posture consistent with all applicable federal laws 
and regulations, including OMB Circular A-130 and NIST Special 
Publications 800-37.

RECORD ACCESS PROCEDURES:
    Individuals wishing access to their records should submit a written 
request to the Senior Agency Official for Privacy, NCUA, 1775 Duke 
Street, Alexandria, VA 22314, and provide the following information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. The address to which the record information should be sent.
    4. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf. Individuals requesting access 
must also comply with NCUA's Privacy Act regulations regarding 
verification of identity and access to records (12 CFR 792.55).

CONTESTING RECORD PROCEDURES:
    Individuals wishing to request an amendment to their records should 
submit a written request to the Senior Agency Official for Privacy, 
NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following 
information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. A statement specifying the changes to be made in the records and 
the justification therefore.
    4. The address to which the response should be sent.
    5. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf.

NOTIFICATION PROCEDURES:
    Individuals wishing to learn whether this system of records 
contains information about them should submit a written request to the 
Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, 
VA 22314, and provide the following information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. The address to which the record information should be sent.
    4. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf. Individuals requesting access 
must also comply with NCUA's Privacy Act regulations regarding 
verification of identity and access to records (12 CFR 792.55).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    This is a new system.

[FR Doc. 2019-05740 Filed 3-25-19; 8:45 am]
BILLING CODE 7535-01-P