[Federal Register Volume 89, Number 39 (Tuesday, February 27, 2024)]
[Notices]
[Pages 14523-14525]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-03896]


=======================================================================
-----------------------------------------------------------------------

NATIONAL CREDIT UNION ADMINISTRATION


Privacy Act of 1974: Systems of Records

AGENCY: National Credit Union Administration.

[[Page 14524]]


ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: This notice informs the public of the National Credit Union 
Administration's (NCUA's) proposal to modify system of records notice 
NCUA-16. This system allows the NCUA to administer leave transfer and 
leave bank programs.

DATES: Submit comments on or before March 28, 2024. Modifications to 
this system will be effective immediately, and new routine uses will be 
effective on March 28, 2024.

ADDRESSES: You may submit comments by any of the following methods, but 
please send comments by one method only:
     Mail: Address to Melane Conyers-Ausbrooks, Secretary of 
the Board, National Credit Union Administration, 1775 Duke Street, 
Alexandria, Virginia 22314-3428.
     Hand Delivery/Courier: Same as mail address.
     Email: Comments may be sent to [email protected].

FOR FURTHER INFORMATION CONTACT: Jennifer Harrison, Attorney-Advisor, 
Office of General Counsel, (703) 518-6540.

SUPPLEMENTARY INFORMATION: Pursuant to the Privacy Act of 1974, the 
NCUA proposes modifying NCUA-16 to provide new routine uses in 
accordance with Office of Management and Budget (OMB) Memorandum M-17-
12 and to update the format in accordance with OMB Circular A-108. 
Additionally, the NCUA is making substantive changes to the system of 
records notice to reflect that the system covers information used to 
manage the NCUA's leave transfer and leave bank programs.
    The NCUA is making the changes to the following sections of the 
system of records notice: change to System Name, Classification, System 
Location, Authority for Maintenance of the System, Purpose(s) of the 
System, Categories of Individuals Covered by the System, Categories of 
Records in the System, Record Source Categories, Routine Uses of 
Records Maintained in the System, Policies and Practices for Storage of 
Records, Policies and Practices for Retrieval of Records, Policies and 
Practices for Retention and Disposal of Records, Administrative, 
Technical, and Physical Safeguards, Record Access Procedures, 
Contesting Record Procedures, Notification Procedures, Exemptions 
Promulgated for the System, and History.
    The format of the published SORN aligns with the guidance set forth 
in OMB Circular A-108.

    By the National Credit Union Administration Board on February 
21, 2024.
Melane Conyers-Ausbrooks,
Secretary of the Board.

SYSTEM NAME AND NUMBER:
    Leave Transfer and Leave Bank Program Case Files, NCUA-16.

SYSTEM CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Office of Human Resources, National Credit Union Administration 
(NCUA), 1775 Duke Street, Alexandria, VA 22314-3428.

SYSTEM MANAGER(S):
    Director, Office of Human Resources, NCUA, 1775 Duke Street, 
Alexandria, VA 22314-3428.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 6331, et seq.; 5 U.S.C. 6361, et seq.; 12 U.S.C. 
1766(j)(2); 5 CFR part 640, subparts I and J.

PURPOSE(S) OF THE SYSTEM:
    To administer the NCUA leave transfer and leave bank programs.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    NCUA employees who submit applications to become leave recipients 
and donors under the provisions of the Leave Transfer and Leave Bank 
programs.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Leave transfer and leave bank program applications, and medical 
documentation supporting the application to become a leave recipient.

RECORD SOURCE CATEGORIES:
    Individual, individual's designated representative, individual's 
leave records, and other Federal employees.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, these records or information contained 
therein may specifically be disclosed outside the NCUA as a routine use 
pursuant to 5 U.S.C. 552a(b)(3) as follows:
    1. If a record in a system of records indicates a violation or 
potential violation of civil or criminal law or a regulation, and 
whether arising by general statute or particular program statute, or by 
regulation, rule, or order, the relevant records in the system or 
records may be disclosed as a routine use to the appropriate agency, 
whether Federal, State, local, or foreign, charged with the 
responsibility of investigating or prosecuting such violation or 
charged with enforcing or implementing the statute, rule, regulation, 
or order issued pursuant thereto;
    2. A record from a system of records may be disclosed as a routine 
use to a member of Congress or to a congressional staff member in 
response to an inquiry from the congressional office made at the 
request of the individual about whom the record is maintained;
    3. Records in a system of records may be disclosed as a routine use 
to the Department of Justice, when: (a) NCUA, or any of its components 
or employees acting in their official capacities, is a party to 
litigation; or (b) Any employee of NCUA in his or her individual 
capacity is a party to litigation and where the Department of Justice 
has agreed to represent the employee; or (c) The United States is a 
party in litigation, where NCUA determines that litigation is likely to 
affect the agency or any of its components, is a party to litigation or 
has an interest in such litigation, and NCUA determines that use of 
such records is relevant and necessary to the litigation;
    4. Records in a system of records may be disclosed as a routine use 
in a proceeding before a court or adjudicative body before which NCUA 
is authorized to appear (a) when NCUA or any of its components or 
employees are acting in their official capacities; (b) where NCUA or 
any employee of NCUA in his or her individual capacity has agreed to 
represent the employee; or (c) where NCUA determines that litigation is 
likely to affect the agency or any of its components, is a party to 
litigation or has an interest in such litigation, and NCUA determines 
that use of such records is relevant and necessary to the litigation;
    5. A record from a system of records may be disclosed as a routine 
use to contractors, experts, consultants, and the agents thereof, and 
others performing or working on a contract, service, cooperative 
agreement, or other assignment for NCUA when necessary to accomplish an 
agency function or administer an employee benefit program. Individuals 
provided information under this routine use are subject to the same 
Privacy Act requirements and limitations on disclosure as are 
applicable to NCUA employees;
    6. To appropriate agencies, entities, and persons when (1) the NCUA 
suspects or has confirmed that there has been a breach of the system of 
records, (2) the NCUA has determined that as a result of the suspected 
or confirmed

[[Page 14525]]

breach there is a risk of harm to individuals, the NCUA (including its 
information systems, programs, and operations), the Federal Government, 
or national security; and (3) the disclosure made to such agencies, 
entities, and persons is reasonably necessary to assist in connection 
with the NCUA's efforts to respond to the suspected or confirmed breach 
or to prevent, minimize, or remedy such harm; and
    7. To another Federal agency or Federal entity, when the NCUA 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Electronic records and backups are stored on secure servers, 
approved by NCUA's Office of the Chief Information Officer (OCIO), and 
accessed only by authorized personnel.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by name.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained and disposed in accordance with the General 
Records Retention Schedules issued by the National Archives and Records 
Administration (NARA) or an NCUA records disposition schedule approved 
by NARA.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    NCUA has implemented the appropriate administrative, technical, and 
physical controls in accordance with the Federal Information Security 
Modernization Act of 2014, Pub. L. 113-283, S. 2521, and NCUA's 
information security policies to protect the confidentiality, 
integrity, and availability of the information system and the 
information contained therein. Access is limited only to individuals 
authorized through NIST-compliant Identity, Credential, and Access 
Management policies and procedures. The records are maintained behind a 
layered defensive posture consistent with all applicable Federal laws 
and regulations, including Office of Management and Budget (OMB) 
Circular A-130 and NIST Special Publication 800-37.

RECORD ACCESS PROCEDURES:
    Individuals wishing access to their records should submit a written 
request to the Senior Agency Official for Privacy, NCUA, 1775 Duke 
Street, Alexandria, VA 22314, and provide the following information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. The address to which the record information should be sent.
    4. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf. Individuals requesting access 
must also comply with NCUA's Privacy Act regulations regarding 
verification of identity and access to records (12 CFR 792.55).

CONTESTING RECORD PROCEDURES:
    Individuals wishing to request an amendment to their records should 
submit a written request to the Senior Agency Official for Privacy, 
NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following 
information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. A statement specifying the changes to be made in the records and 
the justification therefore.
    4. The address to which the response should be sent.
    5. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf.

NOTIFICATION PROCEDURES:
    Individuals wishing to learn whether this system of records 
contains information about them should submit a written request to the 
Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, 
VA 22314, and provide the following information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. The address to which the record information should be sent.
    4. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf. Individuals requesting access 
must also comply with NCUA's Privacy Act regulations regarding 
verification of identity and access to records (12 CFR 792.55).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    71 FR 77807 (Dec. 27, 2006); 75 FR 41539 (July 16, 2010).

[FR Doc. 2024-03896 Filed 2-26-24; 8:45 am]
BILLING CODE 7535-01-P