[Federal Register Volume 86, Number 120 (Friday, June 25, 2021)]
[Notices]
[Pages 33780-33782]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-13599]


=======================================================================
-----------------------------------------------------------------------

NATIONAL CREDIT UNION ADMINISTRATION


Privacy Act of 1974: Systems of Records

AGENCY: National Credit Union Administration (NCUA)

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974, the National Credit Union 
Administration (NCUA) gives notice of a new proposed Privacy Act system 
of records. The new proposed system is the Mailing, Contact and Other 
Lists System, NCUA-23. This system will support the NCUA's 
communications and outreach efforts to members of the public, and the 
NCUA's statutorily mandated examination and supervision activities of 
credit unions. This system will store information pertaining to 
individuals in the performance of the NCUA's statutory duties.

DATES: Submit comments on or before July 26, 2021. This action will 
take effect without further notice on July 26, 2021 unless comments are 
received that would result in a contrary determination.

ADDRESSES: You may submit comments by any of the following methods, but 
please send comments by one method only:
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.

[[Page 33781]]

     NCUA website: http://www.ncua.gov/RegulationsOpinionsLaws/proposed_regs/proposed_regs.html. Follow the instructions for 
submitting comments.
     Fax: (703) 518-6319. Use the subject line described above 
for email.
     Mail: Address to Melane Conyers-Ausbrooks, Secretary of 
the Board, National Credit Union Administration, 1775 Duke Street, 
Alexandria, Virginia 22314-3428.
     Hand Delivery/Courier: Same as mail address.

FOR FURTHER INFORMATION CONTACT: Ben Hardaway, Director, Division of 
Communications, Office of External Affairs and Communications; Susan 
Brown, Systems Officer, Office of Examination and Insurance; or Rena 
Kim, Privacy Attorney, Office of General Counsel, the National Credit 
Union Administration, 1775 Duke Street, Alexandria, Virginia, 22314.

SUPPLEMENTARY INFORMATION: This notice informs the public of the NCUA's 
proposal to establish and maintain a new system of records. The 
proposed new system is being established under the NCUA's authority 
under the Federal Credit Union Act, 12 U.S.C. 1751, et. seq. The 
information collected in the NCUA-23 system of records will facilitate 
communication with the NCUA's stakeholders, including members of the 
public, providing interested parties with information on the agency's 
initiatives, required reports including the 5300 Call Report, and 
credit union examination and supervision policies and practices. This 
notice satisfies the Privacy Act requirement that an agency publish a 
system of records notice in the Federal Register when there is an 
addition to the agency's systems of records.
    The format of NCUA-23 aligns with the guidance set forth in OMB 
Circular A-108. NCUA-23 and all of the NCUA's Standard Routine Uses are 
published in full below. All of the NCUA's SORNs are available at 
www.ncua.gov.

    By the National Credit Union Administration Board.
Melane Conyers-Ausbrooks,
Secretary of the Board.

SYSTEM NAME AND NUMBER:
    Mailing, Contact and Other Lists--NCUA-23.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    The system is operated and maintained in part by the NCUA staff, 
and in part by third-party vendors. Please contact the system managers 
(below) for more information.

SYSTEM MANAGER(S):
    Director of the Office of External Affairs and Communications, and 
the Director of the Office of Examination and Insurance, National 
Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 
22314-3428.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    12 U.S.C. 1751, et. seq.

PURPOSE(S) OF THE SYSTEM:
    This system of records is maintained for the purposes of supporting 
the National Credit Union Administration's (NCUA's) communications and 
outreach efforts to members of the public and to facilitate the NCUA's 
statutorily mandated examination and supervision activities, including:
    1. Handling requests for informational literature, newsletters, and 
other NCUA materials;
    2. Processing event registrations, conducting surveys, and 
providing information about NCUA-related activities and events and;
    3. Notifying credit unions of mandatory actions and updates that 
they must complete and are related to the NCUA's mission of providing a 
safe and sound credit union system.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by this system are (1) Current and former 
directors, officers, employees, and volunteers of credit unions; (2) 
Members of the public; and (3) NCUA employees and contractors.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records in the system may contain contact information including 
name, title, address, phone number, and email address.

RECORD SOURCE CATEGORIES:
    The information in the system about credit union officials is 
generally provided by credit unions for supervision and examination 
activities. Other information may be from members of the public who 
submit requests for information, subscriptions, inquiries, guidance, 
and other assistance to the NCUA, and those who have registered for 
NCUA events and responded to questionnaires, request forms, feedback 
forms or surveys. NCUA employees and contractors may add or update 
information to the system as part of their assigned duties to handle 
such correspondence, or for credit union supervision and examination 
activities. Whenever practicable, the NCUA collects information about 
an individual directly from that individual.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, these records or information contained 
therein may specifically be disclosed outside the NCUA as a routine use 
pursuant to 5 U.S.C. 552a(b)(3) as follows:
    1. NCUA's Standard Routine Uses apply to this system of records.
    2. To appropriate agencies, entities, and persons for the purpose 
of supervision, enforcement, training, or other outreach activities.
    3. To an entity or person that is the subject of supervision or 
enforcement activities including examinations, investigations, 
administrative proceedings, and litigation, and the attorney or non-
attorney representative for that entity or person.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Electronic records and backups are stored on secure servers, 
approved by NCUA's Office of the Chief Information Officer (OCIO), 
within a FedRAMP-authorized commercial Cloud Service Provider's (CSP) 
Software-as-a-Service solution hosting environment and accessed only by 
authorized personnel. No paper files are maintained.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by any of the following: Name, address, 
phone number, or email address.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained until they become inactive and, in 
accordance with the General Records Retention Schedules issued by the 
National Archives and Records Administration (NARA) or a NCUA records 
disposition schedule approved by NARA.

ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFEGUARDS:
    NCUA and the Cloud Service Provider have implemented the 
appropriate administrative, technical, and physical controls in 
accordance with the Federal Information Security Modernization Act of 
2014, Public Law 113-283, S. 2521, and NCUA's information security 
policies to protect the confidentiality, integrity, and availability of 
the information system and the information contained therein. Access is 
limited only to individuals authorized through NIST-compliant Identity, 
Credential,

[[Page 33782]]

and Access Management policies and procedures. The records are 
maintained behind a layered defensive posture consistent with all 
applicable federal laws and regulations, including OMB Circular A-130 
and NIST Special Publications 800-37.

RECORD ACCESS PROCEDURES:
    Individuals wishing access to their records should submit a written 
request to the Senior Agency Official for Privacy, NCUA, 1775 Duke 
Street, Alexandria, VA 22314, and provide the following information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. The address to which the record information should be sent.
    4. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf. Individuals requesting access 
must also comply with NCUA's Privacy Act regulations regarding 
verification of identity and access to records (12 CFR 792.55).

CONTESTING RECORD PROCEDURES:
    Individuals wishing to request an amendment to their records should 
submit a written request to the Senior Agency Official for Privacy, 
NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following 
information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. A statement specifying the changes to be made in the records and 
the justification therefore.
    4. The address to which the response should be sent.
    5. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf.

NOTIFICATION PROCEDURES:
    Individuals wishing to learn whether this system of records 
contains information about them should submit a written request to the 
Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, 
VA 22314, and provide the following information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. The address to which the record information should be sent.
    4. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf. Individuals requesting access 
must also comply with NCUA's Privacy Act regulations regarding 
verification of identity and access to records (12 CFR 792.55).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    This is a new system.

[FR Doc. 2021-13599 Filed 6-24-21; 8:45 am]
BILLING CODE P