[Privacy Act Issuances (1999)]
[From the U.S. Government Publishing Office, www.gpo.gov]
NATIONAL COUNTERINTELLIGENCE CENTER
Table of Contents
NACIC-1, National Countelligence Center System of Records
Statement of General Routine Uses
The following routine uses apply to, and are incorporated by
reference into each system of records maintained by NACIC. It should
be noted that, before the individual record system notices begin, the
blanket routine uses of the records are published below only once in
the interest of simplicity, economy and to avoid redundancy.
1. Routine Use-Law Enforcement: In the event that a system of
records maintained by NACIC to carry out its functions indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or by
regulation, rule or order issued pursuant thereto, the relevant
records in the system of records maybe referred, as a routine use, to
the appropriate agency whether Federal, state, local or foreign,
charged with the responsibility of investigating or prosecuting such
violation or charged with enforcing or implementing the statute,
rule, regulation or order issued pursuant thereto.
2. Routine Use-Disclosure When Requesting Information: A record
from a system of records maintained by this component may be
disclosed as a routine use to a Federal, state, or local agency
maintaining civil, criminal, or other relevant enforcement
information or other pertinent information, if necessary to obtain
information relevant to a component decision concerning the hiring or
retention of an employee, the issuance of a security clearance, the
letting of a contact, or the issuance of a license, grant or other
benefit.
3. Routine Use-Disclosure of Requested Information: A record from
a system of records maintained by this component may be disclosed to
a Federal agency, in response to its request, in connection with the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant or other
benefit by the requesting agency, to the extent that the information
is relevant and necessary to the requesting agency's decision on the
matter.
4. Routine Use-Congressional: Inquiries from a system of records
maintained by this component maybe made to a Congressional office
from the record of an individual in response to an inquiry from the
Congressional office made at the request of that individual.
5. Routine Use-Disclosures Required by International Agreements:
A record from a system of records maintained by this component may be
disclosed to foreign law enforcement, security, investigatory, or
administrative authorities in order to comply with requirements
imposed by, or to claim rights conferred in, international agreements
and arrangements including those regulating the stationing and status
in foreign countries of Department of Defense military and civilian
personnel.
6. Routine Use-disclosure to the Department of Justice for
Litigation: A record from a system of records maintained by this
component may be disclosed as routine use to any component of the
Department of Justice for the purpose of representing any officer,
employee or member of this component in pending or potential
litigation to which the record is pertinent.
7. Routine Use-Disclosure of Information to the Information
Security Oversight Office (ISOO): A record from a system of records
maintained by this component may be disclosed as a routine use to the
Information Security Oversight Office (ISOO) or any other executive
branch entity authorized to conduct inspections or develop security
classification policy for the purpose of records management
inspections conducted under authority of 44 U.S.C. 2904 and 2906.
8. Routine Use-Disclosure of Information to the National Archives
and Records Administration (NARA): A record from a system of records
maintained by this component may be disclosed as a routine use to the
National Archives and Records Administration (NARA) for the purpose
of records management inspections conducted under authority of 44
U.S.C. 2904 and 2906.
9. Routine Use-Disclosure to the Merit Systems Protection Board:
A record from a system of records maintained by this component may be
disclosed as a routine use to the Merit Systems Protection Board,
including the Office of the Special Counsel for the purpose of
litigation including administrative proceedings, appeals special
studies of the civil service and other merit systems, review of OPM
or component rules and regulations, investigation of alleged or
possible prohibited personnel practices; including administrative
proceedings involving any individual subject of investigation, and
such other functions, promulgated in 5 U.S.C. 1205 and 1206, or as
may be authorized by law.
10. Routine Use-Counterintelligence Purposes: A record from a
system of records maintained by this component may be disclosed as a
routine use outside the U.S. Government for the purpose of
counterintelligence activities authorized by U.S. Law or executive
Order or for the purpose of enforcing laws which protect the national
security of the United States.
NACIC-1
System name:
National Counterintelligence Center System of Records (NACIC-1).
Security classification:
The classification of individual records in the system range from
UNCLASSIFIED to TOP SECRET Codeword.
System location:
National Counterintelligence Center, 3W01 NHB, Washington, DC
20505
Categories of individuals covered by the system:
1. Individuals who are of foreign intelligence or foreign
counterintelligence interest and relate in any manner to foreign
intelligence threats to U.S. national and economic security;
2. Applicants for, and current and former personnel of NACIC who
are federal employees;
3. Individuals associated with NACIC administrative operations or
services including independent contractors, industrial contractor
employees, or individuals otherwise associated with such operations
and services;
4. And, any other individuals authorized access to NACIC
information and facilities.
Categories of records in the system:
1. Counterintelligence Damage Assessments and Incident Files:
Maintained by the NACIC Threat Assessment Office (TAO); records
include copies of the finished assessments of the damage to U.S.
intelligence sources and methods resulting from significant and
particular espionage cases as well as summaries of significant
counterintelligence incidents including the circumstances and
characteristics of the target, the circumstances of the event, and
the particular threat presented;
2. Compromised Names Database: Maintained by the NACIC Threat
Assessment Office (TAO); the database is utilized to notify U.S.
intelligence community personnel whose names were potentially
compromised as a result of espionage or other foreign intelligence
collection activity; the database contains the names of persons
potentially compromised, date of the memo sent to the person or their
employer informing them, and documentary reference(s) to the
compromised information;
3. Computer and Physical Security Files: Maintained by the NACIC
Executive Secretariat Office (ESO); records include the names,
passwords, accesses, and special accesses to both physical locations
and computer systems, relevant audit trails for such accesses, and
particular clearances and certifications of clearances;
4. Publication, Training and Seminar Files: Maintained by NACIC's
Program Integration Office (PIO) Community Training Branch; records
include letters of acceptance, enrollment forms, thank you letters,
lists of attendees, lists of speakers, notes, case studies, syllabi,
training packets, magazine or newspaper articles, and other records
used either for course development purposes or to facilitate the
presentation of seminars;
5. Personnel Files:
a. Specific types of personnel records are maintained by the
NACIC Front Office (FO); these records are maintained in individual
official personnel folders and include, inter alia, papers
documenting personnel actions, performance appraisals,
correspondence, travel documents, contracts, justifications,
memorandums, and administrative material;
b. A second type of personnel records is maintained by the NACIC
Executive Secretariat Office (ESO); these records are Memorandums of
Agreement between the detailee's parent organization and NACIC;
c. The third type of personnel records is maintained by the NACIC
Program Integration Office/Community Training Branch (PIO/CTB); these
records include the training documents;
6. Freedom of Information Act (FOIA)/Privacy Act (PA) Requests
and Legal Files: Files created in response to public requests for
information and/or amendment of records under the FOIA/PA, consisting
of the original request, a copy of the reply thereto, and all related
supporting files which may include the official file copy of
requested record or copy thereof; also, all similar records created
in response to administrative appeals and litigations predicated on
such initial requests;
7. Special Search Files: Files created in response to official
United States or foreign government requests for information which
may include requests from executive, congressional, judicial, or
diplomatic sectors consisting of the original tasking or request, a
copy of the reply thereto, and all related supporting files which may
include the official file copy of the requested record or copy
thereof.
Authority for maintenance of the system:
Section 506(a) of the Federal Records Act of 1950, codified at 44
U.S.C. 3101, and Title 36, Code of Federal Regulations, Chapter XII,
which require Federal agencies to insure that adequate and proper
records are made and preserved to document the organization,
functions, polices, decisions, procedures and transactions and to
protect the legal and financial rights of the Federal Government.
Purpose(s):
NACIC was established by Presidential directive for the purpose
of coordinating national level counterintelligence activities of the
United States. The purposes for the maintenance of these records
include: Coordinating national strategic CI planning efforts,
providing strategic guidance and assessing the effectiveness of CI
operations, facilitating the development of and implementing training
for the CI community, producing national-level foreign intelligence
threat assessments, and coordinating assessments of damage to U.S.
interests resulting from espionage cases.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
See Statement of General Routine Uses.
Disclosure to consumer reporting agencies:
None.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Files are maintained in computerized form and hard copy form;
computerized form may be stored in memory, on disk storage, on
computer tape, and/or on a computer printed listing.
Retrievability:
Names and related information are retrievable by automated or
hand search based on extant indices and automated capabilities
utilized in the normal course of business. Under applicable law and
regulations, NACIC may not permit any organization, public or
private, outside the NACIC to have direct access to NACIC files;
accordingly, all searchers of NACIC databases and paper files will be
performed on site, within NACIC space, by NACIC personnel.
Safeguards:
Records and databases are maintained in a restricted area within
NACIC and are accessed only by NACIC personnel. All employees are
checked to ensure that they hold currently valid security clearances,
are cautioned about divulging classified or other privileged
information contained in NACIC files, and are advised that failure to
abide by these provisions may constitute a violation of federal
criminal law and/or give rise to civil liability. Employees who
resign or retire are also cautioned about divulging information
acquired in their jobs. Registered mail is used to transmit routine
hard copy records while highly classified records are hand carried by
individuals holding appropriate security clearances. Highly
classified or sensitive privacy information, which is electronically
transmitted between NACIC and other offices, is transmitted in
encrypted form to prevent interception.
Retention and disposal:
Records evaluated as historical and permanent will be transferred
to the National Archives after established retention periods and
administrative needs of the NACIC have elapsed.
System manager(s) and address:
Information and privacy Coordinator, Executive Secretariat
Office, National Counterintelligence Center, 3W01 NHB, Washington, DC
20505.
Notification procedure:
See record access procedures, infra.
Record access procedures:
A request for access to a record from the system shall be made in
writing with the envelope and the letter clearly marked ``Privacy Act
Request.'' Your request should include your full name, complete
address, date of birth, place of birth, notarized signature (or
declaration under penalty of perjury), and other identifying data you
may wish to furnish to assist in making a proper search of NACIC
records. A request for access to records must describe the records
sought in sufficient detail to enable NACIC personnel to locate the
system of records containing the record with a reasonable amount of
effort. Whenever possible, a request for access should describe the
nature of the record sought, and the data of the record or the period
in which the record was compiled. The requester must also provide a
return address for transmitting the information. Requests for access
must be addressed to the System Manager as noted above.
Contesting record procedures:
Individuals desiring to contest or amend information maintained
in the system should also direct their request to the System Manager
as noted above. Such requests should delineate the information
believed to be incorrect and should include the information requested
to be substituted or added to the record.
Record source categories:
Record source categories include subject individuals pursuant to
notice, official records and information disseminated to NACIC by
other federal government entities, and official records and
information provided to NACIC by other entities including foreign,
state and local governments as well as individuals and business
entities.
Exemptions claimed for the system:
Notice is hereby given that NACIC intends to exempt from certain
provisions of the Privacy Act the following information pursuant to
the following specified authority:
(a) Records or portions of records in the physical possession of
NACIC which were originated by other federal agencies or which
contain information originated by such agencies shall be deemed to be
in the joint legal custody of and mutually maintained by both
agencies. Accordingly, NACIC shall apply any applicable exemptive
provisions when so informed by those agencies;
(b) Records or portions of records in the physical custody of
NACIC which would reveal intelligence sources and methods in
contravention of the National Security Act of 1947 are, pursuant to
the exemptions previously authorized by the Director of Central
Intelligence under the authority of section (j)(1), exempt from
disclosure of accounting (section (c)(3)), disclosure (section (d)),
notification of collection authority (section (e)(3) (A-D)), and
notification of existence of records (sections (e)(4)(G) and (f)(1));
in such instances where confirmation of the existence of a record may
itself jeopardize intelligence sources and methods, the Coordinator
must neither confirm nor deny the existence of the record and shall
advise the requester that there is no record which is available
pursuant to the Privacy Act;
(c) Records or portions of records in the physical custody of
NACIC which are currently and properly classified pursuant to
Executive Order 12958 (or predecessor or subsequent Order) are, under
the authority of section (k)(1), exempt from disclosure of accounting
(section (c)(3)), disclosure (section (d)), and notification of
existence of records (sections (e)(4)(G) and (f)(1));
(d) Records or portions of records in the physical custody of
NACIC which are investigatory in nature and compiled for law
enforcement purposes, other than material within the scope of section
(j)(2) of the Act, are, under the authority of section (k)(2), exempt
from disclosure (section (d)); provided however, that if an
individual is denied any right, privilege, or benefit to which he/she
is otherwise eligible, as a result of the maintenance of such
material, then such material shall be provided to that individual
except to the extent that the disclosure would reveal the identity of
a source who furnished the information to the United States
Government under an express promise of confidentiality, or, prior to
the effective date of this section, under an implied promise of
confidentiality;
(e) Records or portions of records in the physical custody of
NACIC which are maintained in connection with providing protective
services to the President of the United States or other individuals
pursuant to 18 U.S.C. section 3056 are, under the authority of
section (k)(3), exempt from disclosure (section (d));
(f) Records or portions of records in the physical custody of
NACIC which are required by statute to be maintained and used solely
as statistical records are, under the authority of section (k)(4),
exempt from disclosure (section (d));
(g) Records or portions of records in the physical custody of
NACIC which are investigatory in nature and compiled solely for the
purpose of determining suitability, eligibility, or qualifications
for federal civilian employment, military service, federal contracts,
or access to classified information are, under the authority of
section (k)(5), exempt from disclosure (section (d)); provided that
and only to the extent that disclosure would reveal the identity of a
source who furnished information to the United States Government
under an express promise of confidentiality, or, prior to the
effective date of this section, under an implied promise of
confidentiality;
(h) And, records or portions of records in the physical custody
of NACIC which are testing or examination material used solely to
determine individual qualifications for appointment or promotion in
the federal service are, under the authority of section (k)(6),
exempt from disclosure (section (d)); provided that and only to the
extent that disclosure would compromise the objectivity or fairness
of the testing or examination process.
NATIONAL COUNTERINTELLIGENCE CENTER
Chapter XVIII--National Counterintelligence Center
PART 1801--PUBLIC RIGHTS UNDER THE PRIVACY ACT OF 1974
Subpart A-General
Sec.
1801.1 Authority and purpose.
1801.2 Definitions.
1801.3 Contact for general information and requests.
1801.4 Suggestions and complaints.
Subpart B-Filing Of Privacy Act Requests
1801.11 Preliminary information.
1801.12 Requirements as to form.
1801.13 Requirements as to identification of requester.
1801.14 Fees.
Subpart C-Action On Privacy Act Requests
1801.21 Processing requests for access to or amendment of records.
1801.22 Action and determination(s) by originator(s) or any interested
party.
1801.23 Notification of decision and right of appeal.
Subpart D-Additional Administrative Matters
1801.31 Special procedures for medical and psychological records.
1801.32 Requests for expedited processing.
1801.33 Allocation of resources; agreed extensions of time.
Subpart E-Action On Privacy Act Administrative Appeals
1801.41 Appeal authority.
1801.42 Right of appeal and appeal procedures.
1801.43 Determination(s) by Office Chief(s).
1801.44 Action by appeals authority.
1801.45 Notification of decision and right of judicial review.
Subpart F-Prohibitions
1801.51 Limitations on disclosure.
1801.52 Criminal penalties.
Subpart G-Exemptions
1801.63 Specific exemptions.
Authority: 5 U.S.C. 552a.
Source:64 FR 49884, Sept. 14, 1999.
Subpart A-General
Sec. 1801.1 Authority and purpose.
(a) Authority. This part is issued under the authority of and in order
to implement the Privacy Act of 1974 (5 U.S.C. 552a) and section 102 of
the National Security Act of 1947, as amended (50 U.S.C. 403).
(b) Purpose in general. This part prescribes procedures for a
requester, as defined herein:
(1) To request notification of whether the National
Counterintellingence Center (NACIC) maintains a record concerning them
in any non-exempt portion of a system of records or any non-exempt
system of records;
(2) To request a copy of all non-exempt records or portions of
records;
(3) To request that any such record be amended or augmented; and
(4) To file an administrative appeal to any initial adverse
determination to deny access to or amend a record.
(c) Other purposes. This part also sets forth detailed limitations on
how and to whom NACIC may disclose personal information and gives notice
that certain actions by officers or employees of the United States
Government or members of the public could constitute criminal offenses.
Sec. 1801.2 Definitions.
For purposes of this part, the following terms have the meanings
indicated:
NACIC means the United States National Counterintelligence Center
acting through the NACIC Information and Privacy Coordinator;
Days means calendar days when NACIC is operating and specifically
excludes Saturdays, Sundays, and legal public holidays. Three (3) days
may be added to any time limit imposed on a requester by this part if
responding by U.S. domestic mail; ten (10) days may be added if
responding by international mail;
Control means ownership or the authority of NACIC pursuant to federal
statute or privilege to regulate official or public access to records;
Coordinator means the NACIC Information and Privacy Coordinator who
serves as the NACIC manager of the information review and release
program instituted under the Privacy Act;
Federal agency means any executive department, military department, or
other establishment or entity included in the definition of agency in 5
U.S.C. 552(f);
Interested party means any official in the executive, military,
congressional, or judicial branches of government, United States or
foreign, or U.S. Government contractor who, in the sole discretion of
NACIC, has a subject matter or physical interest in the documents or
information at issue;
Maintain means maintain, collect, use, or disseminate;
Originator means the U.S. Government official who originated the
document at issue or successor in office or such official who has been
delegated release or declassification authority pursuant to law;
Privacy Act or PA means the statute as codified at 5 U.S.C. 552a;
Record means an item, collection, or grouping of information about an
individual that is maintained by NACIC in a system of records;
Requester or individual means a citizen of the United States or an
alien lawfully admitted for permanent residence who is a living being
and to whom a record might pertain;
Responsive record means those documents (records) which NACIC has
determined to be within the scope of a Privacy Act request;
Routine use means, with respect to the disclosure of a record, the use
of such record for a purpose which is compatible with the purpose for
which the record is maintained;
System of records means a group of any records under the control of
NACIC from which records are retrieved by the name of an individual or
by some identifying number, symbol, or other identifying particular
assigned to that individual.
Sec. 1801.3 Contact for general information and requests.
For general information on this part, to inquire about the Privacy Act
program at NACIC, or to file a Privacy Act request, please direct your
communication in writing to the Information and Privacy Coordinator,
Executive Secretariat Office, National Counterintelligence Center, 3W01
NHB, Washington, DC 20505. Requests with the required identification
statement pursuant to Sec. 1801.13 must be filed in original form by
mail. Subsequent communications and any inquiries will be accepted by
mail or facsimile at (703) 874-5844 or by telephone at (703) 874-4121.
Collect calls cannot be accepted.
Sec. 1801.4 Suggestions and complaints.
NACIC welcomes suggestions or complaints with regard to its
administration of the Privacy Act. Letters of suggestion or complaint
should identify the specific purpose and the issues for consideration.
NACIC will respond to all substantive communications and take such
actions as determined feasible and appropriate.
Subpart B--Filing Of Privacy Act Requests
Sec. 1801.11 Preliminary information.
Members of the public shall address all communications to the contact
specified at Sec. 1801.3 and clearly delineate the communication as a
request under the Privacy Act and this regulation. Requests and
administrative appeals on requests, referrals, and coordinations
received from members of the public who owe outstanding fees for
information services at this or other federal agencies will not be
accepted and action on existing requests and appeals will be terminated
in such circumstances.
Sec. 1801.12 Requirements as to form.
(a) In general. No particular form is required. All requests must
contain the identification information required at Sec. 1801.13.
(b) For access. For requests seeking access, a requester should, to
the extent possible, describe the nature of the record sought and the
record system(s) in which it is thought to be included. Requesters may
find assistance from information described in the Privacy Act Issuances
Compilation which is published biennially by the Federal Register. In
lieu of this, a requester may simply describe why and under what
circumstances it is believed that NACIC maintains responsive records;
NACIC will undertake the appropriate searches.
(c) For amendment. For requests seeking amendment, a requester should
identify the particular record or portion subject to the request, state
a justification for such amendment, and provide the desired amending
language.
Sec. 1801.13 Requirements as to identification of requester.
(a) In general. Individuals seeking access to or amendment of records
concerning themselves shall provide their full (legal) name, address,
date and place of birth, and current citizenship status together with a
statement that such information is true under penalty of perjury or a
notarized statement swearing to or affirming identity. If NACIC
determines that this information is not sufficient, NACIC may request
additional or clarifying information.
(b) Requirement for aliens. Only aliens lawfully admitted for
permanent residence (PRAs) may file a request pursuant to the Privacy
Act and this part. Such individuals shall provide, in addition to the
information required under paragraph (a) of this section, their Alien
Registration Number and the date that status was acquired.
(c) Requirement for representatives. The parent or guardian of a minor
individual, the guardian of an individual under judicial disability, or
an attorney retained to represent an individual shall provide, in
addition to establishing the identity of the minor or individual
represented as required in paragraph (a) or (b) of this section,
evidence of such representation by submission of a certified copy of the
minor's birth certificate, court order, or representational agreement
which establishes the relationship and the requester's identity.
(d) Procedure otherwise. If a requester or representative fails to
provide the information in paragraph (a), (b), or (c) of this section
within forty-five (45) days of the date of our request, NACIC will deem
the request closed. This action, of course, would not prevent an
individual from refiling his or her Privacy Act request at a subsequent
date with the required information.
Sec. 1801.14 Fees.
No fees will be charged for any action under the authority of the
Privacy Act, 5 U.S.C. 552a, irrespective of the fact that a request is
or may be processed under the authority of both the Privacy Act and the
Freedom of Information Act.
Subpart C-Action On Privacy Act Requests
Sec. 1801.21 Processing requests for access to or amendment of
records.
(a) In general. Requests meeting the requirements of Sec. 1801.11
through Sec. 1801.13 shall be processed under both the Freedom of
Information Act, 5 U.S.C. 552, and the Privacy Act, 5 U.S.C. 552a, and
the applicable regulations, unless the requester demands otherwise in
writing. Such requests will be processed under both Acts regardless of
whether the requester cites one Act in the request, both, or neither.
This action is taken in order to ensure the maximum possible disclosure
to the requester.
(b) Receipt, recording and tasking. Upon receipt of a request meeting
the requirements of Secs. 1801.11 through 1801.13, NACIC shall within
ten (10) days record each request, acknowledge receipt to the requester,
and thereafter effect the necessary taskings to the office(s) reasonably
believed to hold responsive records.
(c) Effect of certain exemptions. In processing a request, NACIC shall
decline to confirm or deny the existence or nonexistence of any
responsive records whenever the fact of their existence or nonexistence
is itself classified under Executive Order 12958 and that confirmation
of the existence of a record may jeopardize intelligence sources and
methods protected pursuant to section 103(c)(6) of the National Security
Act of 1947. In such circumstances, NACIC, in the form of a final
written response, shall so inform the requester and advise of his or her
right to an administrative appeal.
(d) Time for response. Although the Privacy Act does not mandate a
time for response, our joint treatment of requests under both the
Privacy Act and the FOIA means that the NACIC should provide a response
within the FOIA statutory guideline of ten (10) days on initial requests
and twenty (20) days on administrative appeals. However, the volume of
requests may require that NACIC seek additional time from a requester
pursuant to Sec. 1801.33. In such event, NACIC will inform the requester
in writing and further advise of his or her right to file an
administrative appeal.
Sec. 1801.22 Action and determination(s) by originator(s) or any
interested party.
(a) Initial action for access. NACIC offices tasked pursuant to a
Privacy Act access request shall search all relevant record systems
within their cognizance. They shall:
(1) Determine whether responsive records exist;
(2) Determine whether access must be denied in whole or part and on
what legal basis under both Acts in each such case;
(3) Approve the disclosure of records for which they are the
originator; and
(4) Forward to the Coordinator all records approved for release or
necessary for coordination with or referral to another originator or
interested party as well as the specific determinations with respect to
denials (if any).
(b) Initial action for amendment. NACIC offices tasked pursuant to a
Privacy Act amendment request shall review the official records alleged
to be inaccurate and the proposed amendment submitted by the requester.
If they determine that NACIC's records are not accurate, relevant,
timely or complete, they shall promptly:
(1) Make the amendment as requested;
(2) Write to all other identified persons or agencies to whom the
record has been disclosed (if an accounting of the disclosure was made)
and inform of the amendment; and
(3) Inform the Coordinator of such decisions.
(c) Action otherwise on amendment request. If the NACIC office records
manager declines to make the requested amendment (or declines to make
the requested amendment) but agrees to augment the official records,
that manager shall promptly:
(1) Set forth the reasons for refusal; and
(2) Inform the Coordinator of such decision and the reasons therefore.
(d) Referrals and coordinations. As applicable and within ten (10)
days of receipt by the Coordinator, any NACIC records containing
information originated by other NACIC offices shall be forwarded to
those entities for action in accordance with paragraphs (a), (b), or (c)
of this section and return. Records originated by other federal agencies
or NACIC records containing other federal information shall be forwarded
to such agencies within ten (10) days of our completion of initial
action in the case for action under their regulations and direct
response to the requester (for other NACIC records) or return to NACIC
(for NACIC records).
(e) Effect of certain exemptions. This section shall not be construed
to allow access to systems of records exempted by the Director, NACIC
pursuant to subsections (j) and (k) of the Privacy Act or where those
exemptions require that NACIC can neither confirm nor deny the existence
or nonexistence of responsive records.
Sec. 1801.23 Notification of decision and right of appeal.
Within ten (10) days of receipt of responses to all initial taskings
and subsequent coordinations (if any), and dispatch of referrals (if
any), NACIC will provide disclosable records to the requester. If a
determination has been made not to provide access to requested records
(in light of specific exemptions) or that no records are found, NACIC
shall so inform the requester, identify the denying official, and advise
of the right to administrative appeal.
Subpart D--Additional Administrative Matters
Sec. 1801.31 Special procedures for medical and psychological
records.
(a) In general. When a request for access or amendment involves
medical or psychological records and when the originator determines that
such records are not exempt from disclosure, NACIC will, after
consultation with the Director of Medical Services, CIA, determine:
(1) Which records may be sent directly to the requester and
(2) Which records should not be sent directly to the requester because
of possible medical or psychological harm to the requester or another
person.
(b) Procedure for records to be sent to physician. In the event that
NACIC determines, in accordance with paragraph (a)(2) of this section,
that records should not be sent directly to the requester, NACIC will
notify the requester in writing and advise that the records at issue can
be made available only to a physician of the requester's designation.
Upon receipt of such designation, verification of the identity of the
physician, and agreement by the physician:
(1) To review the documents with the requesting individual,
(2) To explain the meaning of the documents, and
(3) To offer counseling designed to temper any adverse reaction, NACIC
will forward such records to the designated physician.
(c) Procedure if physician option not available. If within sixty (60)
days of paragraph (a)(2) of this section, the requester has failed to
respond or designate a physician, or the physician fails to agree to the
release conditions, NACIC will hold the documents in abeyance and advise
the requester that this action may be construed as a technical denial.
NACIC will also advise the requester of the responsible official and of
his or her rights to administrative appeal and thereafter judicial
review.
Sec. 1801.32 Requests for expedited processing.
(a) All requests will be handled in the order received on a strictly
``first-in, first-out'' basis. Exceptions to this rule will only be made
in circumstances that NACIC deems to be exceptional. In making this
determination, NACIC shall consider and must decide in the affirmative
on all of the following factors:
(1) That there is a genuine need for the records; and
(2) That the personal need is exceptional; and
(3) That there are no alternative forums for the records sought; and
(4) That it is reasonably believed that substantive records relevant
to the stated needs may exist and be deemed releasable.
(b) In sum, requests shall be considered for expedited processing only
when health, humanitarian, or due process considerations involving
possible deprivation of life or liberty create circumstances of
exceptional urgency and extraordinary need. In accordance with
established judicial precedent, requests more properly the scope of
requests under the Federal Rules of Civil or Criminal Procedure (or
equivalent state rules) will not be granted expedited processing under
this or related (e.g., Freedom of Information Act) provisions unless
expressly ordered by a federal court of competent jurisdiction.
Sec. 1801.33 Allocation of resources; agreed extensions of time.
(a) In general. NACIC components shall devote such personnel and other
resources to the responsibilities imposed by the Privacy Act as may be
appropriate and reasonable considering:
(1) The totality of resources available to the component,
(2) The business demands imposed on the component by the Director,
NACIC or otherwise by law,
(3) The information review and release demands imposed by the Congress
or other governmental authority, and
(4) The rights of all members of the public under the various
information review and disclosure laws.
(b) Discharge of Privacy Act responsibilities. Offices shall exercise
due diligence in their responsibilities under the Privacy Act and must
allocate a reasonable level of resources to requests under the Act in a
strictly ``first-in, first-out'' basis and utilizing two or more
processing queues to ensure that smaller as well as larger (i.e.,
project) cases receive equitable attention. The Information and Privacy
Coordinator is responsible for management of the NACIC-wide program
defined by this part and for establishing priorities for cases
consistent with established law. The Director, NACIC shall provide
policy and resource direction as necessary and shall render decisions on
administrative appeals.
(c) Requests for extension of time. While the Privacy Act does not
specify time requirements, our joint treatment of requests under the
FOIA means that when NACIC is unable to meet the statutory time
requirements of the FOIA, NACIC may request additional time from a
requester. In such instances NACIC will inform a requester of his or her
right to decline our request and proceed with an administrative appeal
or judicial review as appropriate.
Subpart E--Action On Privacy Act Administrative Appeals
Sec. 1801.41 Appeal authority.
The Director, NACIC will make final NACIC decisions from appeals of
initial adverse decisions under the Privacy Act and such other
information release decisions made under 32 CFR parts 1800, 1802, and
1803 of this chapter. Matters decided by the Director, NACIC will be
deemed a final decision by NACIC.
Sec. 1801.42 Right of appeal and appeal procedures.
(a) Right of Appeal. A right of administrative appeal exists whenever
access to any requested record or any portion thereof is denied, no
records are located in response to a request, or a request for amendment
is denied. NACIC will apprise all requesters in writing of their right
to appeal such decisions to the Director, NACIC through the Coordinator.
(b) Requirements as to time and form. Appeals of decisions must be
received by the Coordinator within forty-five (45) days of the date of
NACIC's initial decision. NACIC may, for good cause and as a matter of
administrative discretion, permit an additional thirty (30) days for the
submission of an appeal. All appeals to the Director, NACIC shall be in
writing and addressed as specified in Sec. 1801.3. All appeals must
identify the documents or portions of documents at issue with
specificity, provide the desired amending language (if applicable), and
may present such information, data, and argument in support as the
requester may desire.
(c) Exceptions. No appeal shall be accepted if the requester has
outstanding fees for information services at this or another federal
agency. In addition, no appeal shall be accepted if the information in
question has been the subject of an administrative review within the
previous two (2) years or is the subject of pending litigation in the
federal courts.
(d) Receipt, recording, and tasking. NACIC shall promptly record each
administrative appeal, acknowledge receipt to the requester in writing,
and thereafter effect the necessary taskings to the office chief in
charge of the office(s) which originated or has an interest in the
record(s) subject to the appeal.
Sec. 1801.43 Determination(s) by Office Chiefs.
Each Office Chief in charge of an office which originated or has an
interest in any of the records subject to the appeal, or designee, is a
required party to any appeal; other interested parties may become
involved through the request of the Coordinator when it is determined
that some or all of the information is also within their official
cognizance. These parties shall respond in writing to the Coordinator
with a finding as to the exempt or non-exempt status of the information
including citations to the applicable exemption and/or their agreement
or disagreement as to the requested amendment and the reasons therefore.
Each response shall be provided expeditiously on a ``first-in, first-
out'' basis taking into account the business requirements of the parties
and consistent with the information rights of members of the general
public under the various information review and release laws.
Sec. 1801.44 Action by appeals authority.
(a) Preparation of docket. The Coordinator shall provide a summation
memorandum for consideration of the Director, NACIC; the complete record
of the request consisting of the request, the document(s) (sanitized and
full text) at issue, and the findings of any concerned office chiefs or
designee(s).
(b) Decision by the Director, NACIC. The Director, NACIC shall
personally decide each case; no personal appearances shall be permitted
without the express permission of the Director, NACIC.
Sec. 1801.45 Notification of decision and right of judicial review.
(a) In general. The Coordinator shall promptly prepare and communicate
the decision of the Director, NACIC to the requester. With respect to
any decision to deny information or deny amendment, that correspondence
shall state the reasons for the decision, identify the officer
responsible, and include a notice of the right to judicial review.
(b) For amendment requests. With further respect to any decision to
deny an amendment, that correspondence shall also inform the requester
of the right to submit within forty-five (45) days a statement of his or
her choice which shall be included in the official records of NACIC. In
such cases, the applicable record system manager shall clearly note any
portion of the official record which is disputed, append the requester's
statement, and provide copies of the statement to previous recipients
(if any are known) and to any future recipients when and if the disputed
information is disseminated in accordance with a routine use.
Subpart F--Prohibitions
Sec. 1801.51 Limitations on disclosure.
No record which is within a system of records shall be disclosed by
any means of communication to any individual or to another agency,
except pursuant to a written request by, or with the prior written
consent of, the individual to whom the record pertains, unless
disclosure of the record would be:
(a) To those officers and employees of NACIC which maintains the
record who have a need for the record in the performance of their
duties;
(b) Required under the Freedom of Information Act, 5 U.S.C. 552;
(c) For a routine use as defined in Sec. 1801.02(m), as contained in
the Privacy Act Issuances Compilation which is published biennially in
the Federal Register, and as described in sections (a)(7) and (e)(4)(D)
of the Act;
(d) To the Bureau of the Census for purposes of planning or carrying
out a census or survey or related activity pursuant to the provisions of
U.S.C. Title 13;
(e) To a recipient who has provided NACIC with advance adequate
written assurance that the record will be used solely as a statistical
research or reporting record, and the record is to be transferred in a
form that is not individually identifiable;
(f) To the National Archives and Records Administration as a record
which has sufficient historical or other value to warrant its continued
preservation by the United States Government, or for evaluation by the
Archivist of the United States or designee to determine whether the
record has such value;
(g) To another agency or to an instrumentality of any governmental
jurisdiction within or under the control of the United States for a
civil or criminal law enforcement activity if the activity is authorized
by law, and if the head of that agency or instrumentality has made a
written request to NACIC specifying the particular information desired
and the law enforcement activity for which the record is sought;
(h) To a person pursuant to a showing of compelling circumstances
affecting the health or safety of an individual if upon such disclosure
notification is transmitted to the last known address of such
individual;
(i) To either House of Congress, or, to the extent of matter within
its jurisdiction, any committee or subcommittee thereof, any joint
committee of Congress or subcommittee of any such joint committee;
(j) To the Comptroller General or any of his authorized
representatives in the course of the performance of the duties of the
General Accounting Office; or
(k) To any agency, government instrumentality, or other person or
entity pursuant to the order of a court of competent jurisdiction of the
United States or constituent states.
Sec. 1801.52 Criminal penalties.
(a) Unauthorized disclosure. Criminal penalties may be imposed against
any officer or employee of NACIC who, by virtue of employment, has
possession of or access to NACIC records which contain information
identifiable with an individual, the disclosure of which is prohibited
by the Privacy Act or by these rules, and who, knowing that disclosure
of the specific material is so prohibited, willfully discloses the
material in any manner to any person or agency not entitled to receive
same.
(b) Unauthorized maintenance. Criminal penalties may be imposed
against any officer or employee of NACIC who willfully maintains a
system of records without meeting the requirements of section (e)(4) of
the Privacy Act, 5 U.S.C. 552a. The Coordinator and the Director of
NACIC are authorized independently to conduct such surveys and inspect
such records as necessary from time to time to ensure that these
requirements are met.
(c) Unauthorized requests. Criminal penalties may be imposed upon any
person who knowingly and willfully requests or obtains any record
concerning an individual from NACIC under false pretenses.
Subpart G--Exemptions
Sec. 1801.63 Specific exemptions.
Pursuant to authority granted in section (k) of the Privacy Act, the
Director, NACIC has determined to exempt from section (d) of the Privacy
Act those portions and only those portions of all systems of records
maintained by NACIC that would consist of, pertain to, or otherwise
reveal information that is:
(a) Classified pursuant to Executive Order 12958 (or successor or
prior Order) and thus subject to the provisions of 5 U.S.C. 552(b)(1)
and 5 U.S.C. 552a(k)(1);
(b) Investigatory in nature and compiled for law enforcement purposes,
other than material within the scope of section (j)(2) of the Act;
provided however, that if an individual is denied any right, privilege,
or benefit to which they are otherwise eligible, as a result of the
maintenance of such material, then such material shall be provided to
that individual except to the extent that the disclosure would reveal
the identity of a source who furnished the information to the United
States Government under an express promise of confidentiality, or, prior
to the effective date of this section, under an implied promise of
confidentiality;
(c) Maintained in connection with providing protective services to the
President of the United States or other individuals pursuant to 18
U.S.C. 3056;
(d) Required by statute to be maintained and used solely as
statistical records;
(e) Investigatory in nature and compiled solely for the purpose of
determining suitability, eligibility, or qualifications for federal
civilian employment, military service, federal contracts, or access to
classified information, but only to the extent that the disclosure of
such material would reveal the identity of a source who furnished
information to the United States Government under an express promise of
confidentiality, or, prior to the effective date of this section, under
an implied promise of confidentiality;
(f) Testing or examination material used solely to determine
individual qualifications for appointment or promotion in the federal
service the disclosure of which would compromise the objectivity or
fairness of the testing or examination process; or
(g) Evaluation material used to determine potential for promotion in
the armed services, but only to the extent that the disclosure of such
material would reveal the identity of a source who furnished information
to the United States Government under an express promise of
confidentiality, or, prior to the effective date of this section, under
an implied promise of confidentiality.
NATIONAL CREDIT UNION ADMINISTRATION
TABLE OF CONTENTS
List of Systems
1. Employee Suitability and Security Investigations Containing
Adverse Information, NCUA.
2. Grievance Records, NCUA.
3. Payroll Records System, NCUA.
4. Verified Employee Mailing List, NCUA.
5. Travel Advance and Voucher Information System, NCUA.
6. New Examiner Training Files, NCUA.
7. Region I Employee Development/Correspondence Records, NCUA.
8. Region II Employee Development/Correspondence Records, NCUA.
9. Region III Employee Development/Correspondence Records, NCUA.
10. Region IV Employee Development/Correspondence Records, NCUA.
11. Region V Employee Development/Correspondence Records, NCUA.
12. Region VI Employee Development/Correspondence Records, NCUA.
13. Emergency Information (Employee) File, NCUA.
14. Employee Injury File, NCUA.
15. Investigative Reports Involving Any Crime, Suspected Crime or
Suspicious Activity Against a Credit Union, NCUA.
16. Freedom of Information Act Bills Delinquent 30 Days or More,
NCUA.
17. Acquired Assets and Share Payout Records System, NCUA.
18. Member Accounts, Credit Unions Closed for Involuntary
Liquidation, NCUA.
19. Trusteed Account Records System, NCUA.
20. Office of Inspector General (OIG) Investigative Records,
NCUA.
21. Consumer Complaints Against Federal Credit Unions, NCUA.
22. Litigation Case Files, NCUA.
Note-- See Appendices for general ``routine uses'' applicable to
each system of records and for a listing of the locations of NCUA
Regional Offices.
NCUA-1
System name:
Employee Suitability and Security Investigations Containing
Adverse Information, NCUA.
System location:
Office of Human Resources, National Credit Union Administration,
1775 Duke Street, Alexandria, VA. 22314-3428.
Categories of individuals covered by the system:
NCUA employees on whom a routine Office of Personnel Management
(OPM) security investigation has been conducted, the results of which
contain adverse information.
Categories of records in the system:
Arrest records and/or information on moral character, integrity,
or loyalty to the United States.
Authority for maintenance of the system:
Records maintained pursuant to OPM requirements. A separate
notice is published because these records are maintained separately
to provide extraordinary safeguards against unwarranted access and
disclosures.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) Records are reviewed by the NCUA Security Officer (the
Director of Human Resources). If the records are determined to be of
a substantive nature, they are referred to the appropriate Associate
Regional Director or Office Director for whatever action, if any, is
deemed necessary. (2) Standard routine uses as set forth in Appendix
A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained on paper hard copy.
Retrievability:
Records are indexed by name.
Safeguards:
Records are maintained in a locked file cabinet accessible only
to the Security Officer and his/her designated assistant.
Retention and disposal:
If the investigation is favorable to the employee, the record is
destroyed. If the investigation uncovers adverse information, the
record is held for two years.
System manager(s) and address:
Security Officer, National Credit Union Administration, 1775 Duke
Street, Alexandria, VA 22314-3428.
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the system manager listed above. If there is no record
on the individual, the individual will be so advised.
Record access procedure:
Upon request, the system manager will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
system manager listed above.
Record source categories:
OPM Security Investigations Index, FBI Headquarters investigative
files, fingerprint index of arrest records, Defense Central Index of
Investigations, employers within the last five years, listed
references, and personal associates, school registrars and responsive
law enforcement agencies.
Systems exempted from certain provisions of the act:
In addition to any exemption to which this system is subject by
Notices published by or regulations promulgated by the OPM, the
system is subject to a specific exemption pursuant to 5 U.S.C.
552a(k)(5) to the extent that disclosures would reveal a source who
furnished information under an express promise of confidentiality, or
prior to September 27, 1975, under an express or implied promise of
confidentiality.
NCUA-2
System name: Grievance Records, NCUA.
System location:
Personnel Office, National Credit Union Administration, 1776 G
Street NW, Washington, DC 20456.
Categories of individuals covered by the system:
Current or former Federal employees who have submitted grievances
with NCUA in accordance with part 771 of the OPM's regulations. These
case files contain all documents related to the grievance, including
statements of witnesses, reports of interviews and hearings,
examiners' findings and recommendations, a copy of the original and
final decision with related correspondence and exhibits.
Authority for maintenance of the system:
5 U.S.C. 1302, 3301, and 3302, E.O. 10577, 3 CFR 1954-1958 Comp.,
p. 218; E.O. 10987; 3 CFR 1959-1963 Comp., p. 519.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) Information is used by the appropriate Federal, State, or
local agency responsible for investigating, prosecuting, enforcing,
or implementing a statute, rule, regulation, or order where the
disclosing agency becomes aware of an indication of a violation or
potential violation of civil or criminal law or regulations.
(2) Information is used by any source from which additional
information is requested in the course of processing a grievance to
the extent necessary to identify the individual, inform the source of
the purpose(s) of the request, and identify the type of information
requested.
(3) Information is used by a Federal agency in response to its
request in connection with the hiring or retention of an employee,
the issuance of a security clearance, the conducting of a security or
suitability investigation of an individual, the classifying of jobs,
the letting of a contract, or the issuance of a license, grant, or
other benefit by the requesting agency, to the extent that the
information is relevant and necessary to the requesting agency's
decision on the matter.
(4) Information is used by the congressional office from the
record of an individual in response to an inquiry from that
congressional office made at the request of that individual.
(5) Information is used by another Federal agency or by a court
when the Government is party to a judicial proceeding before the
court.
(6) Information is used by the National Archives and Records
Administration (General Services Administration) in records
management inspections conducted under authority of 44 U.S.C. 2904
and 2906.
(7) Information is used by NCUA in the production of summary
descriptive statistics and analytical studies in support of the
function for which the records are collected and maintained, or for
related work force studies. While published statistics and studies do
not contain individual identifiers, in some instances, the selection
of elements of data included in the study may be structured in such a
way as to make the data individually identifiable by inference.
(8) Information is used by officials of the Office of Personnel
Management, the Merit Systems Protection Board, including the Office
of the Special Counsel, the Federal Labor Relations Authority and its
General Counsel, or the Equal Employment Opportunity Commission when
requested in performance of their authorized duties.
(9) Information (that is relevant to the subject matter involved
in a pending judicial or administrative proceeding) is used to
respond to a request for discovery or for appearance of a witness.
(10) Information is used by officials of labor organizations
reorganized under the Civil Service Reform Act when relevant and
necessary to their duties of exclusive representation concerning
personnel policies, practices, and matters affecting work conditions.
(11) Standard routine uses as set forth in appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained in file folders.
Retrievability:
Records are retrievable by the names of the individuals on whom
they are maintained.
Safeguards:
Records are maintained in lockable metal filing cabinets to which
only authorized personnel have access.
Retention and disposal:
Records are disposed of three (3) years after closing of the
case. Disposal is by shredding or burning.
System manager(s) and address:
Director, Personnel Office, National Credit Union Administration,
1776 G Street, NW, Washington, DC 20456.
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the system manager listed above. If there is no record
on the individual, the individual will be so advised.
Record access procedures:
Upon request, the system manager will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Request to amend or correct a record should be directed to the
system manager listed above.
Record source categories:
Individual on whom the record is maintained; testimony of
witness; agency officials; related correspondence from organization
or persons.
NCUA-3
System name: Payroll Records System, NCUA.
System location:
(1) Controller's Office, National Credit Union Administration,
1776 G Street, NW, Washington, DC 20456.
(2) General Services Administration, Region VI, Kansas City,
Missouri.
Categories of individuals covered by the system:
Employees of NCUA.
Categories of records in the system:
Salary and related payroll data, including time and attendance
information.
Authority for maintenance of the system:
5 U.S.C. 703; 44 U.S.C. 3301.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) Information is used to ensure proper compensation to all NCUA
employees and to formulate financial reports and plans used within
the agency or is sent to the General Services Administration (GAS).
(2) Also, information is used to document time worked and provide a
record of attendance to support payment of salaries and use of
annual, sick, and nonpaid leave. (3) Users of the time and attendance
information include the employee's supervisor, the office's
timekeeper, the payroll officer, and the GSA National Payroll Center
in Kansas City, Missouri. (4) Further information in this system is
used to make reportings to state and local taxing authorities. (5)
Standard routine uses as set forth in appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are retrieved by name or social security number.
Safeguards:
Records are maintained in secured offices, accessible by written
authorization only.
Retention and disposal:
Records are retained and disposed in accordance with GSA policy.
System manager(s) and address:
(1) Primary: Payroll Officer, Controller's Office, National
Credit Union Administration, 1776 G Street, NW, Washington, DC 20456;
(2) Secondary: Office Timekeepers, National Credit Union
Administration, Central Office (1776 G Street, NW, Washington, DC
20456) and Regional Offices (see Appendix B for Regional Offices'
addresses).
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the system manager listed above. If there is no record
on the individual, the individual will be so advised.
Record access procedures:
Upon request, the system manager will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
system manager listed above.
Record source categories:
Information is primarily obtained from the individual whom the
record concerns, the Office of Personnel Management, and the GSA.
Also, time and attendance information is prepared and submitted by
the timekeeper in a given employee's office.
NCUA-4
System name: Verified Employee Mailing List.
System location:
Office of Information Systems, National Credit Union
Administration, 1776 G Street NW, Washington, DC 20456.
Categories of individuals covered by the system:
NCUA employees.
Categories of records in the system:
This system contains the following information for each employee:
Name, address, telephone number, birthdate, ethnic and sex codes, GS
grade, employee type, and employee identification number.
Authority for maintenance of the system:
5 U.S.C. 301; 44 U.S.C. 3301.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) Information is used to produce mailing labels and make
reporting to the EEO Director and other NCUA employees with an
official need for a listing of NCUA employees. (2) Also, the
information is used to generate an NCUA telephone directory for
distribution to all NCUA employees. (3) Standard routine uses as set
forth in appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained on computer readable media.
Retrievability:
Records are retrievable by employee name or identification
number.
Safeguards:
Accessibility is limited to specific written requests. The file
itself is password protected.
Retention and disposal:
Information is maintained on active, retired, and deceased
employees for an indefinite period of time.
System manager(s) and address:
Personnel Office, National Credit Union Administration, 1776 G
Street NW, Washington, DC 20456.
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the system manager listed above. If there is no record
on the individual, the individual will be so advised.
Record access procedures:
Upon request, the system manager will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
system manager listed above.
Record source categories:
NCUA Form 1042 is completed for each new employee by personnel
staff or the regional office manager. Form 1051 is completed by same
to report changes.
NCUA-5
System name: Travel Advance and Voucher Information System,
NCUA.
System location:
Controller's Office, National Credit Union Administration, 1776 G
Street NW, Washington, DC 20456.
Categories of individuals covered by the system:
All NCUA employees who have traveled in the course of performing
their duty and who have been reimbursed for the expense of such
travel.
Categories of records in the system:
This system contains information from the following forms: Travel
Vouchers (NCUA 1012), Reimnbursement for COS Expenses (NCUA 1302)
Authorization of Moving and Related Travel Expenses for COS (NCUA
11301), Travel Orders (NCUA 1500), Suspension Statements (NCUA 1399),
Application for Advance of Funds (NCUA 1399), and Travel Voucher
Cover Sheet (NCUA 1364).
Authority for maintenance of the system:
5 U.S.C. 5701-5752; Executive Order 11609 (July 22, 1971);
Executive Order 11012 (March 27, 1962); 5 U.S.C. 4101-4118; Federal
Travel Regulations, FPMR 101-7, Chapter 2, Section 6.3.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) Records are used to provide documentary support for
reimbursements to employees for on-the-job travel expenses.
(2) Users of the information include first and second line
supervisors, NCUA accounting staff, and budgeting staff.
(3) Standard routine uses as set forth in appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored in paper hard copy form and in an on-line ADP
system.
Retrievability:
Records are retrievable by social security number.
Safeguards:
The paper hard copy records are maintained in secured offices.
The computer disc is located in a secured office and its access
is limited to user employees who know the logical identification
access number.
Retention and disposal:
Records are maintained in the Division of Financial Operations
until the annual GAO audit is completed. After the audit, the paper
hard copy records are stored in a Federal Records Center for a
minimum of three years and the computer disc is purged.
System manager(s) and address:
Director, Accounting Services Division, Controller's Office,
National Credit Union Administration, 1776 G Street NW, Washington,
DC 20456.
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the system manager listed above. If there is no record
on the individual, the individual will be so advised.
Record access procedures:
Upon request, the system manager will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
system manager listed above.
Record source categories:
Records are prepared by the individual whom the record concerns.
NCUA-6
System name: New Examiner Training Files, NCUA.
System location:
(1) Regional Office where new employee is assigned (See appendix
B for Regional Office's locations.)
(2) Office of Examination and Insurance, National Credit Union
Administration, 1776 G Street NW, Washington, DC 20456. At the end of
the training period in the Region, the records are transferred to the
Personnel Office.
Categories of individuals covered by the system:
NCUA examiners, from entry level to one year on staff.
Categories of records in the system:
Biweekly training reports, training progress reports, on-the-job
trainers' evaluations of classroom training, trainees' evaluation of
training program.
Authority for maintenance of the system:
5 U.S.C. 4101-4116.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) Information is used to determine the retention or termination
of a new examiner after 23 weeks of on-the-job training. (2) Standard
routine uses as set forth in appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored on paper hard copy.
Retrievability:
Records are retrievable by employee name.
Safeguards:
Records are maintained in metal file cabinets in secured offices
of each Regional Office and in secured offices in the Washington
Central Offices.
Retention and disposal:
Records are purged annually for those employees no longer
participating in the program.
System manager(s) and address:
(1) Files are maintained in NCUA's six Regional Offices (see
appendix B for Regional Office's locations).
(2) Office of Examination and Insurance, National Credit Union
Administration, 1776 G Street NW, Washington, DC 20456. At the end of
the training period in the Region, the records are transferred to the
Personnel Office.
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the system manager listed above. If there is no record
on the individual, the individual will be so advised.
Record access procedures:
Upon request, the system manager will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
system manager listed above.
Record source categories:
Individual on whom the record is maintained; on-the-job trainers;
supervisors; Office of Personnel Management.
NCUA-7
System name: Region I Employee Development/Correspondence
Records, NCUA.
System location:
Region I Regional Office, National Credit Union Administration, 9
Washington Square, Washington Avenue Extension, Albany, New York
12205.
Categories of individuals covered by the system:
NCUA Region I employees.
Categories of records in the system:
The system contains information on NCUA examiners and
professional staff related to some or all of the following areas:
Work performance appraisals; district management; chartering efforts;
reactions from FCU officials; personal development plans; copies of
personnel records; supply and equipment information; training; work
performance; suggestions; awards; travel vouchers; and data on leave
and pay activities. Also, the system contains information on NCUA
clerical staff related to: Work performance and development
activities, which may include work product samples; memos or
notations from professional staff; personal development plans;
evaluations by superiors; copies of personnel records; and data on
pay and leave activity.
Authority for maintenance of the system:
5 U.S.C. 301; 44 U.S.C. 3301.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) The information in this system is used for recording time and
attendance, controlling equipment inventories, training staff,
evaluating employee work performance, and conducting general
administrative matters. (2) Standard routine uses as set forth in
appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained on paper hard copy.
Retrievability:
Records are indexed alphabetically by name.
Safeguards:
Physical security consists of maintaining records in locked metal
file cabinets within secured offices.
Retention and disposal:
Current and relevant information is maintained generally for a
period of at least one to two years. Obsolete material is maintained
in the same file cabinets and is periodically destroyed or returned
to the originator.
System manager(s) and address:
Administrative Officer, Region I Regional Office, National Credit
Union Administration, 9 Washington Square, Washington Avenue
Extension, Albany, New York 12205.
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the Regional Director where the system is located. If
there is no record on the individual, the individual will be so
advised.
Record access procedures:
Upon request, the Regional Director will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
Regional Director.
Record source categories:
Sources may include the individual whom the record concerns,
supervisors of the individual, fellow employees, credit union
officials, administrative officer or office assistant, and other
persons whom the individual may encounter in the course of work
performance. For payroll- and personnel-related information, the
sources may include the General Service Administration and Office of
Personnel Management.
NCUA-8
System name: Region II Employee Development/Correspondence
Records, NCUA.
System location:
Region II Regional Office, National Credit Union Administration,
Eighth Floor, 1776 G Street NW, Washington, DC 20006.
Categories of individuals covered by the system:
NCUA Region II employees.
Categories of records in the system:
The system contains information on NCUA examiners and
professional staff related to some or all of the following areas:
Work performance appraisals; district management; chartering efforts;
reactions from FCU officials; personal development plans; copies of
personnel records; supply and equipment information; training; work
performance; suggestions; training awards; travel vouchers; and data
on leave and pay activities. Also, the system contains information on
NCUA clerical staff related to: Work performance and development
activities, which may include work product samples; memos or
notations from professional staff; personal development plans;
evaluations by superiors; copies of personnel records; and data on
pay and leave activity.
Authority for maintenance of the system:
5 U.S.C. 301; 44 U.S.C. 3301.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) The information in this system is used for recording time and
attendance, controlling equipment inventories, training staff,
evaluating employee work performance, and conducting general
administrative matters.
(2) Standard routine uses as set forth in appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are indexed alphabetically by name.
Safeguards:
Physical security consists of maintaining records in locked metal
file cabinets within secured offices.
Retention and disposal:
Current and relevant information is maintained generally for a
period of one to two years. Obsolete material is maintained in the
same file cabinets and is periodically destroyed or returned to the
originator.
System manager(s) and address:
Director, Division of Administration, Region II Regional Office,
National Credit Union Administration, Suite 800, 1700 G Street NW,
Washington, DC 20006.
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the Regional Director where the system is located. If
there is no record on the individual, the individual will be so
advised.
Record access procedures:
Upon request, the Regional Director will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
Regional Director.
Record source categories:
Sources may include the individual whom the record concerns,
supervisors of the individual, fellow employees, credit union
officials, and other persons whom the individual encounters in the
course of work performance. For payroll- and personnel-related
information, the sources may include the General Services
Administration and the Office of Personnel Management.
NCUA-9
System name: Region III Employee Development/Correspondence
Records, NCUA.
System location:
Region III Regional Office, National Credit Union Administration,
7000 Central Parkway, Suite 1600, Atlanta, GA 30328.
Categories of individuals covered by the system:
NCUA Region III employees.
Categories of records in the system:
The system contains information on NCUA examiners and
professional staff related to some or all of the following areas:
Work performance appraisals; district management; chartering efforts;
reactions from FCU officials; personal development plans; copies of
personnel records; supply and equipment information; training; work
performance; suggestions; awards; travel vouchers; and data on leave
and pay activities. Also, the system contains information on NCUA
clerical staff related to: Work performance and development
activities, which may include work product samples; memos or
notations from professional staff; personal development plans;
evaluations by superiors; copies of personnel records; and data on
pay and leave activity.
Authority for maintenance of the system:
5 U.S.C. 301; 44 U.S.C. 3301.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) The information in this system is used for recording time and
attendance, controlling equipment inventories, training staff,
evaluating employee work performance, and conducting general
administrative matters.
(2) Standard routine uses as set forth in appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained on paper hard copy.
Retrievability:
Records are indexed alphabetically by name.
Safeguards:
Physical security consists of maintaining records in locked metal
file cabinets within secured offices.
Retention and disposal:
Current and relevant information generally for a period of one to
two years. Obsolete material is maintained in the same file cabinets
and is periodically destroyed or returned to the originator.
System manager(s) and address:
Administrative Officer, Region III Regional Office, National
Credit Union Administration, 7000 Central Parkway, Suite 1600,
Atlanta, GA 30328.
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the Regional Director where the system is located. If
there is no record on the individual, the individual will be so
advised.
Record access procedures:
Upon request, the Regional Director will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
Regional Director.
Record source categories:
Sources may include the individual whom the record concerns,
supervisors of the individual, fellow employees, credit union
officials, and other persons whom the individual encounters in the
course of work performance. For payroll- and personnel-related
information, the sources may include the General Service
Administration and the Office of Personnel Management.
NCUA-10
System name: Region IV Employee Development/Correspondence
Records, NCUA.
System location:
Region IV Regional Office, National Credit Union Administration,
300 Park Boulevard, Itasca, IL 60143.
Categories of individuals covered by the system:
NCUA Region IV employees.
Categories of records in the system:
The system contains information on NCUA examiners and
professional staff related to some or all of the following areas:
Work performance appraisals; district management: Chartering efforts;
reactions from FCU officials; personal development plans; copies of
personnel records; supply and equipment information; training; work
performance; suggestions; awards; travel vouchers; and data on leave
and pay activities. Also, the system contains information on NCUA
clerical staff related to: Work performance and development
activities, which may include work product samples; memos or
notations from professional staff; personal development plans;
evaluations by superiors; copies of personnel records; and data on
pay and leave activity.
Authority for maintenance of the system:
5 U.S.C. 301: 44 U.S.C. 3301.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) The information in this system is used for recording time and
attendance, controlling equipment inventories, training staff,
evaluating employee work performance, and conducting general
administrative matters.
(2) Standard routine uses as set forth in appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained on paper hard copy.
Retrievability:
Records are indexed alphabetically by names, NCUA employee
numbers, and NCUA property inventory (decal) numbers.
Safeguards:
Physical security consists of maintaining records in metal file
cabinets within secured offices.
Retention and disposal:
Current and relevant information is maintained generally for a
period of one to two years. Obsolete material is maintained in the
same file cabinets and periodically destroyed or returned to the
originator.
System manager(s) and address:
Director of Administration, Region IV Regional Office, National
Credit Union Administration, 300 Park Boulevard, Itasca, IL 60143.
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the Regional Director where the system is located. If
there is no record on the individual, the individual will be so
advised.
Record access procedures:
Upon request, the Regional Director will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Records to amend or correct a record should be directed to the
Regional Director.
Record source categories:
Source may include the individual whom the record concerns,
supervisors of the individual, fellow employees, credit union
officials, and other persons whom the individual encounters in the
course of work performance. For payroll- and personnel-related
information, the sources may include the General Services
Administration and the Office of Personnel Management.
NCUA-11
System name: Region V Employee Development/Correspondence
Records, NCUA.
System location:
(1) Region V Regional Office, National Credit Union
Administration, 4807 Spicewood Springs Road, Building 5, Austin,
Texas 78759.
(2) Region V, Austin Suboffice, 320 6th Street, Room 202, Sioux
City, Iowa 51101
(3) Development files on the examiners are maintained by the
Supervisory Examiners in their home offices, not in the Regional
Office.
Categories of individuals covered by the system:
NCUA Region V employees.
Categories of records in the system:
The system contains information on NCUA examiners and
professional staff related to some or all of the following areas:
Work performance appraisals; district management; chartering efforts;
reactions from FCU officials; personal development plans; copies of
personnel records; supply and equipment information; training; work
performance; suggestions; awards; travel vouchers; and data on leave
and pay activities. Also, the system contains information on NCUA
clerical staff related to: Work performance and development
activities, which may include work product samples; memos or
notations from professional staff; personal development plans;
evaluations by superiors; copies of personnel records; and data on
pay and leave activity.
Authority for maintenance of the system:
5 U.S.C. 301: 44 U.S.C. 3301.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) The information in this system is used for recording time and
attendance, controlling equipment inventories, training staff,
evaluating employee work performance, and conducting general
administrative matters.
(2) Standard routine uses as set forth in appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained on paper hard copy.
Retrievability:
Records are indexed alphabetically by name.
Safeguards:
Physical security consists of maintaining records in metal file
cabinets within secured offices. Cabinets may be locked depending on
the nature of the information which they contain.
Retention and disposal:
Current and relevant information is maintained generally for a
period of one to two years. Obsolete material is maintained in the
same file cabinets and is periodically destroyed or returned to the
originator.
System manager(s) and address:
Regional Director, Region V Regional Office, National Credit
Union Administration, 4807 Spicewood Springs Road, Building 5,
Austin, TX 78759.
Notification procedure:
Examiners may inquire as to whether the system contains a
development record pertaining to the individual by addressing a
request in person or by mail to the examiner's supervisory examiner
at the supervisory examiner's home office. All other individuals may
inquire as to whether the system contains a record pertaining to the
individual by addressing a request in person or by mail to the
Regional Director where the system is located. If there is no record
on the individual, the individual will be so advised.
Record access procedures:
Upon request, the Regional Director or the appropriate
supervisory examiner will set forth the procedures for gaining access
to available records.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
Regional Director.
Record source categories:
Sources may include the individual whom the record concerns
supervisors of the individual, fellow employees, credit union
officials, and other persons whom the individual encounters in the
course of work performance. For payroll- and personnel-related
information, the sources may include the General Services
Administration and the Office of Personnel Management.
NCUA-12
System name: Region VI Employee Development/Correspondence
Records, NCUA.
System location:
(1) Region VI Regional Office, National Credit Union
Administration, 2890 N. Main Street, Suite 101, Walnut Creek, CA
94596.
(2) Development files on the examiners are maintained by the
supervisory examiners in their home offices, not in the Regional
Office.
Categories of individuals covered by the system:
NCUA Region VI employees.
Categories of records in the system:
The system contains information of NCUA examiners and
professional staff related to some or all of the following areas:
Work performance appraisals; district management; chartering efforts;
reactions from FCU officials; personnel records; supply and equipment
information; training; work performance; suggestions; awards; travel
vouchers; and data on leave and pay activities. Also, the system
contains information on NCUA clerical staff related to: Work
performance and development activities, which may include work
product samples; memos or notations from professional staff; personal
development plans; evaluations by superiors; copies of personnel
records; and data on pay and leave activity.
Authority for maintenance of the system:
5 U.S.C. 301; 44 U.S.C. 3301
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) The information in this system is used for recording time and
attendance, controlling equipment inventories, training staff, and
conducting general administrative matters.
(2) Standard routine uses as set forth in appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained on paper hard copy.
Retrievability:
Records are indexed alphabetically by name.
Safeguards:
Physical security consists of maintaining records in metal file
cabinets within secured offices. Cabinets may be locked depending on
the nature of the information which they contain.
Retention and disposal:
Current and relevant information is maintained generally for a
period of one to two years. Obsolete materials are maintained in the
same file cabinets and are periodically destroyed or returned to the
originator.
System manager(s) and address:
Administrative Officer, Region VI Regional Office, National
Credit Union Administration, 2890 N. Main Street, Suite 101, Walnut
Creek, CA 94596.
Notification procedure:
Examiners may inquire as to whether the system contains a
development record pertaining to the individual by addressing a
request in person or by mail to the examiner's supervisory examiner
at the supervisory examiner's home office. All other individuals may
inquire as to whether the system contains a record pertaining to the
individual by addressing a request in person or by mail to the
Regional Director where the system is located. If there is no record
on the individual, the individual will be so advised.
Record access procedures:
Upon request, the Regional Director or the appropriate
supervisory examiner will set forth the procedures for gaining access
to available records.
Record source categories:
Sources may include the individual whom the record concerns,
supervisors of the individual, fellow employees, credit union
officials, and other persons whom the individual encounters in the
course of work performance. For payroll- and personnel-related
information, the sources may include the General Services
Administration and the Office of Personnel Management.
NCUA-13
System name: Emergency Information (Employee) File, NCUA.
System location:
Personnel Office, National Credit Union Administration, 1776 G
Street, NW, Washington, DC 20456.
Categories of individuals covered by the system:
This system contains personal information on an employee, i.e.,
height, weight, hair color, eye color, current address, and telephone
number. Also, this system identifies the individual to contact in
case of an emergency involving the employee.
Authority for maintenance of the system:
5 U.S.C. 301.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) The Personnel Office uses certain personal information for
preparing the employee ID cards. (2) The information on the
individual to contact in cases of emergency is used by Personnel and
others on a need-to-know basis. (3) The Security Officer maintains a
list of all employees, with their addresses and telephone numbers.
This list is updated monthly. The listed information is used when
there is a national emergency. (4) Standard routine uses as set forth
in appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored on paper hard copy.
Retrievability:
Records are indexed alphabetically by name.
Safeguards:
Records are maintained in locked file drawer.
Retention and disposal:
Records are disposed of after an employee is separated from the
agency.
System manager(s) and address:
(1) Director, Personnel Office, National Credit Union
Administration, 1776 G Street, NW, Washington, DC 20456. (2) Security
Officer, Administrative Office, at the same address above.
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the appropriate system manager listed above. If there
is no record on the individual, the individual will be so advised.
Record access procedures:
Upon request, the system manager will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
appropriate system manager listed above.
Record source categories:
Individual on whom the record is maintained.
NCUA-14
System name: Employee Injury File, NCUA.
System location:
Personnel Office, National Credit Union Administration, 1776 G
Street, NW, Washington, DC 20456.
Categories of individuals covered by the system:
Any employee who has sustained a job-related injury or disease.
Categories of records in the system:
Copies of reports submitted by individual who has sustained a
job-related injury or disease. Copies of any further claims made
regarding the same injury or disease or any other material required
for documenting and adjudicating the claim.
Authority for maintenance of the system:
Occupational Safety and Health Act of 1970, 29 CFR part 1960.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) Information is maintained to provide appropriate data to the
Department of Labor, when needed, for adjudication of a claim, (2)
Further, information is used for reporting purposes as required by
the Department of Labor on a recurring basis. (3) Use of information
is limited to the Personnel Office. (4) Standard routine use as set
forth in appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored on paper.
Retrievability:
Records are indexed by NCUA Region, and date of injury.
Safeguards:
Records are maintained in locked file drawer.
Retention and disposal:
Records are disposed of five years after the year to which they
relate.
System manager(s) and address:
Director, Personnel Office, National Credit Union Administration,
1776 G Street, NW, Washington, DC 20456.
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the system manager listed above. If there is no record
on the individual, then individual will be so advised.
Record access procedures:
Upon request, the system manager will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
system manager listed above.
Record source categories:
Individual on whom the record is maintained; superiors of
individual; individual's physician; hospital attending individual;
Department of Labor.
NCUA-15
System name:
Investigative Reports Involving Any Crime, Suspected Crime or
Suspicious Activity Against a Credit Union, NCUA.
System location:
Office of General Counsel, National Credit Union Administration,
1775 Duke Street, Alexandria, VA 22314-3428. Computerized records of
Suspicious Activity Reports (SAR), with status updates, are managed
by the Financial Crimes Enforcement Network (FinCEN), Department of
the Treasury, pursuant to a contractual agreement, and are stored in
Detroit, Michigan. Authorized personnel at NCUA's Central Office and
six regional offices have on-line access to the computerized database
managed by FinCEN through individual work stations that are linked to
the database central computer.
Categories of individuals covered by the system:
Directors, officers, committee members, employees, agents, and
persons participating in the conduct of the affairs of federally
insured credit unions who are reported to be involved in suspected
criminal activity or suspicious financial transactions and are
referred to law enforcement officials; and other individuals who have
been involved in irregularities, violations of law, or unsafe or
unsound practices referenced in documents received by the NCUA in the
course of exercising its supervisory functions.
Categories of records in the system:
Inter- and intra-agency correspondence, memoranda and reports.
The SAR contains information identifying the credit union involved,
the suspected person, the type of suspicious activity involved, and
any witnesses.
Authority for maintenance of the system:
12 U.S.C. 1786 and 1789.
Purpose(s):
The overall system serves as a NCUA repository for investigatory
or enforcement information related to its responsibility to examine
and supervise federally insured credit unions. The system maintained
by FinCEN serves as the database for the cooperative storage,
retrieval, analysis, and use of information relating to Suspicious
Activity Reports made to or by the NCUA Board, the Federal Reserve
Board, the Office of the Comptroller of the Currency, the Federal
Deposit Insurance Corporation, the Office of Thrift Supervision,
(collectively, the federal financial regulatory agencies), and FinCEN
to various law enforcement agencies for possible criminal, civil, or
administrative proceedings based on known or suspected violations
affecting or involving persons, financial institutions, or other
entities under the supervision or jurisdiction of such federal
financial regulatory agencies.
Routine uses of records maintained in the system, including
categories of users, and the purposes of such uses:
Information in these records may be used to:
(1) Determine if any further agency action should be taken.
(2) Provide the federal financial regulatory agencies and FinCEN
with information relevant to their operations;
(3) Disclose information to third parties during the course of an
investigation to the extent necessary to obtain information pertinent
to the investigation;
(4) With regard to formal or informal enforcement actions;
release information pursuant to 12 U.S.C. 1786(s), which requires the
NCUA Board to publish and make available to the public final orders
and written agreements, and modifications thereto; and
(5) Standard routine uses as set forth in appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The records will be maintained in electronic data processing
systems and paper files.
Retrievability:
Computer output and file folders are retrievable by indexes of
data fields, including name of the credit union, NCUA Region, and
individuals' names.
Safeguards:
Paper records and word processing discs are stored at the NCUA in
lockable metal file cabinets. The database maintained by FinCEN
complies with applicable security requirements of the Department of
the Treasury. On-line access to the information in the database is
limited to authorized individuals who have been designated by each
federal financial regulatory agency and FinCEN, and each such
individual has been issued a nontransferable identifier or password.
Retention and disposal:
Records are maintained indefinitely.
System manager(s) and address:
General Counsel, NCUA, 1775 Duke Street, Alexandria, VA 22314-
3428.
Notification procedure:
Inquiries should be sent to the System Manager as noted above.
Record access procedures:
Same as ``Notification procedure'' above.
Contesting records procedures:
Same as ``Notification procedure'' above.
Record source categories:
Information received by the NCUA Board from various sources,
including, but not limited to law enforcement and other agency
personnel involved in sending inquiries to the NCUA Board, NCUA
examiners, credit union officials, employees, and members. The
information maintained by FinCEN is compiled from SAR and related
historical and updating forms compiled by financial institutions, the
NCUA Board, and the other federal financial regulatory agencies for
law enforcement purposes.
System exempted from certain provisions of the Act:
This system is exempt from 5 U.S.C. 552a(c)(3), (d)(1), (d)(2),
(d)(3), (d)(4), (e)(1), (e)(4) (G), (H) and (I), and (f) of the
Privacy Act pursuant to 5 U.S.C. 552a(k)(2).
Appendix B--List of Regional Offices (Addresses and States Covered
by Each Region)
I. NCUA Region I Office: 9 Washington Square, Washington Avenue
Extension, Albany, NY 12205, Phone: 518-464-4180, FAX: 518-464-4195.
States covered: Connecticut, Maine, Massachusetts, New Hampshire, New
York, Rhode Island, Vermont.
II. NCUA Region II Office: 1775 Duke Street, Suite 4206,
Alexandria, VA 22314-3437, Phone: 703-838-0401, FAX: 703-838-0571.
States covered: Delaware, District of Columbia, Maryland, New Jersey,
Pennsylvania, Virginia, West Virginia.
III. NCUA Region III Office: 7000 Central Parkway, Suite 1600,
Atlanta, GA 30328, Phone: 404-396-4042, FAX: 404-698-8211. States
covered: Alabama, Arkansas, Florida, Georgia, Kentucky, Louisiana,
Mississippi, North Carolina, Puerto Rico, South Carolina Tennessee,
Virgin Islands.
IV. NCUA Region IV Office: 4225 Naperville Road, Suite 125,
Lisle, IL 60532, Phone: 708-245-1000, FAX: 708-245-1016. States
covered: Illinois, Indiana, Michigan, Missouri, Ohio, Wisconsin.
V. NCUA Region V Office: 4807 Spicewood Springs Road, Suite 5200,
Austin, TX 78759-8490, Phone 512-482-4500, FAX: 512-482-4511. States
covered: Arizona, Colorado, Iowa, Kansas, Minnesota, Nebraska, New
Mexico, North Dakota, Oklahoma, South Dakota, Texas, Utah, Wyoming.
VI. NCUA Region VI Office: 2300 Clayton Road, Suite 1350,
Concord, CA 94520, Phone: 510-825-6125, FAX: 510-486-3729. States
covered: Alaska, American Samoa, California, Guam, Hawaii, Idaho,
Montana, Nevada, Oregon, Washington.
NCUA-16
System name: Freedom of Information Act Bills Delinquent 30-
Days or More, NCUA.
System location:
Administrative Office, National Credit Union Administration, 1776
G Street, NW, Washington, DC 20456.
Categories of individuals covered by the system:
This system of records includes information pertaining to any
Freedom of Information Act (FOIA) requestor who has an outstanding
payment of at least 30 days due NCUA as a result of processing their
FOIA request.
Categories of records in the system:
The system contains the following information for any person or
organization having an outstanding bill of 30 days or more for FOIA
services: Requestor's name, company name or organization, address,
date of invoice, invoice number, amount due, phone number.
Authority for maintenance of the system:
12 U.S.C. 1789.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
Records in this system are used to identify requestors who are at
least 30 days delinquent in their payments. These records will be
used by the NCUA for collection of the amount due, as well as to
identify subsequent requests made by the same individuals. The
information may also be disclosed to a consumer reporting agency. The
information disclosed to a consumer reporting agency is limited to:
(1) Information necessary to establish the identity of the
individual, including name, address, and taxpayer identification
number; (2) the amount, status, and history of the claim; and (3) the
agency or program under which the claim arose.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained on paper hard copy and computer disk.
Retrievability:
Records in this system are retrievable by requestor's name,
company name or organization, date of invoice, and invoice number.
Safeguards:
Physical security consists of storing records on a password
protected floppy diskette and a hard copy secured in a metal file
cabinet which is accessible only to those individuals responsible for
collecting outstanding payments.
Retention and disposal:
Records are retained until payment is received. Once payment is
received, all information is deleted from the system.
System manager(s) and address:
Freedom of Information Officer, Administrative Office, National
Credit Union Administration, 1776 G Street, NW, Washington, DC 20456.
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the system manager listed above. If there is no record
on the individual, the individual will be so advised.
Record access procedures:
Upon request, the system manager will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
system manager listed above.
Record source categories:
The source of records for this system of records is the FOIA
request files.
NCUA-17
System name: Acquired Assets and Share Payout Records System,
NCUA.
System location:
Records within this system of records are located at one of two
NCUA Liquidation Centers: Region II (Capital) and Region V (Austin)
for a period of time necessary to answer inquiries of credit union
members and to transfer share and loan record information to the
Director, Department of Insurance, National Credit Union
Administration, 1776 G Street, NW, Washington, DC 20456 or an outside
purchaser or a loan collection servicer. After such time, the
remaining records are transferred for storage to one of twelve
General Services Administration record storage centers. For
liquidations occurring in Regions I, II or III records are located in
Region II. For liquidations occurring in Regions IV, V or VI, records
are located in Region V, (see appendix B for states covered by each
Regional Office).
Categories of individuals covered by the system:
Members of liquidating federally-insured credit unions.
Categories of records in the system:
Share and account balances; personal data regarding income and
debts; payment history.
Authority for maintenance of the system:
12 U.S.C. 1787.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) Data used for payment of insurance claims to shareholders in
liquidating federally-insured credit unions. (2) Also, data is used
in the collection of outstanding loans, which may include referral of
information to the General Accounting Office or the Department of
Justice. (3) Generally, information is used for all purposes
necessary to close out the affairs of the liquidated credit union and
carry out all appropriate liquidations-related functions of NCUA,
including referral of necessary information to facilitate a purchase
of the credit union's assets by NCUA or sale to a third party (before
or after such purchase), referral of noncredit information address
locators, or referral of information to a surety company in pursuit
of a fidelity bond claim. (4) Standard routine uses as set forth in
appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Information is initially compiled on data conversion sheets
prepared by NCUA examiners acting as on-site liquidators. This data
is stored on computer disks, from which loan registers may be
prepared and furnished to NCUA Regional Offices or prospective
purchasers of the assets of closed credit unions. In addition to data
stored on computer disks, the following records are maintained on
paper hard copy; data conversion sheets, loan registers, essential
share and loan documents, and members' filed claim forms. Copies of
share and loan documents, incoming payments, and loan portfolios may
also be maintained on microfilm copy.
Retrievability:
Records are indexed by name of member and by name of closed
insured credit union.
Safeguards:
Records are maintained in secured offices.
Retention and disposal:
Information is disposed of five years after date of charter
cancellation.
System manager(s) and address:
(1) NCUA Region II Regional Office, Eighth Floor, 1776 G Street,
NW, Washington, DC 20006. (2) NCUA Region V Regional Office,
Spicewood Springs Road, Building 5, Austin, TX 78759.
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the system manager listed above. If there is no record
on the individual, the individual will be so advised. Written
inquiries should include name of inquirer, name of closed insured
credit union of which inquirer was a member, and share and loan
account numbers, if known, in addition to any requirements of part
790 of NCUA rules and regulations (12 CFR part 790).
Record access procedures:
Upon request, the system manager will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
system manager listed above.
Record source categories:
Individual on whom the record is maintained; outside address
locators; and share and loan account files of the liquidating credit
union of which the individual was a member.
NCUA-18
System name: Member Accounts; Credit Unions Closed for
Involuntary Liquidations, NCUA.
System location:
Records within this system of records are located at one of two
NCUA Liquidation Centers: Region II (Capital) and Region V (Austin)
for a period of time necessary to answer inquiries of credit union
members and to transfer share and loan record information to the
Director, Examination and Insurance, National Credit Union
Administration, 1776 G Street, NW, Washington, DC 20456 or an outside
purchaser or a loan collection services. After such time, the
remaining records are transferred for storage to one of twelve
General Services Administration record storage centers.
Categories of individuals covered by the system:
Information is maintained on those individuals who were members
or employees of a federally-insured credit union closed for
liquidation and for which the Board served as liquidating agent
pursuant to 12 U.S.C. 1787. Records in this system are subject to the
provisions of the Privacy Act only upon completion of the liquidation
of a closed federally-insured credit union and three years after the
cancellation of the credit union charter. Prior to such time, records
of a closed insured credit union which are held by the Board, only in
its capacity as liquidating agent for the closed credit union, are
not ``agency records'' within the meaning of the Privacy Act, and
thus the provisions of the Act have no applicability.
Categories of records in the system:
This system contains information concerning an individual's
membership in and share and loan transactions with the credit union
which has been closed for liquidation; membership card; individual
share and loan ledgers; notes; security documents; promissory notes
and extension agreements, if any. Also included are employee payroll
records and data. As further explained above, in the ``Categories of
Individuals * * *'' portion of this descriptive system notice,
records of a closed insured credit union are generally subject to the
provisions of the Privacy Act after completion of the liquidation of
the credit union and three years after the cancellation of the credit
union charter.
Authority for maintenance of the system:
12 U.S.C. 1766(c) and 1787.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) Actions necessary to close out the affairs of liquidating
federally-insured credit union, including: (a) Referral of
information to affected credit union members, the NCUA Loan
Management System, and any purchasers of the closed credit union's
assets; (b) referral of information to the credit union's surety in
pursuit of fidelity information to any appropriate agency or official
in the course of collecting a claim of the United States. (2)
Standard routine uses as set forth in appendix A. (While it is the
full intent to comply with the spirit of the Privacy Act with regard
to records maintained within this described system, it should again
be noted that the provisions of the Privacy Act of 1974, including a
limitation of routine uses to those described herein, do not
technically apply to the records until they become ``agency''
records, i.e., until such time as they revert to NCUA three years
after the cancellation of the charter of a closed credit union.)
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records on individual credit union members or employees in this
system of records are maintained on member account documents as
compiled by individual credit unions prior to entering liquidation.
Retrievability:
Member and employee records are generally ordered or indexed by
account number.
Safeguards:
Records within this system are maintained under the control of a
designated agent for the liquidating agent who makes only such
disclosures from the records as are necessary or part of
responsibilities under the Federal Credit Union Act (12 U.S.C. 1751-
1795).
Retention and disposal:
The records are maintained in one of the two liquidation centers
indicated under the location section of this notice, for a period
necessary to answer inquiries of credit union members and transfer
appropriate share and loan information. The records are disposed of
five years after charter cancellation.
System manager(s) and address:
The system managers for this system of records are the two
Regional Directors located at the Regional Offices at which the
liquidation centers are located.
Notification procedure:
If an individual wants to find out whether the records of a
closed credit union within this system inlude records pertaining to
that individual, the individual should contact by mail or in person,
the Regional Director for Region II if the closed credit union was
located in Region I, II or III, or the Regional Director of Region V
if the closed credit union was located in Regions IV, V or VI, (see
address in appendix B). The inquiry should contain the name of the
closed credit union, the inquirer's credit union account number (if
known), a description of the records sought, the approximate dates
covered by the record, and the name of the system of records. If
there is no record on the individual, the individual will be so
advised.
Record access procedures:
Upon request, the Regional Director will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
Regional Director for Region II if the closed credit union was
located in Regions I, II or III, or the Regional Director for Region
V if the closed credit union was located in Region IV, V or VI.
Record source categories:
The sole source of information for this system or records is the
member-related files and accounting records of federally-insured
credit unions which have been closed for liquidation and for which
the Board, or its designee, serves as liquidating agent.
NCUA-19
System name: Trusteed Account Records System, NCUA.
System location:
Records within this system of records are located at one of two
NCUA Liquidation Centers: Region II (Capital) and Region V (Austin)
for a period of time necessary to answer inquiries of credit union
members and to transfer share and loan record information to the
Director, Office of Examination and Insurance, National Credit Union
Administration, 1776 G Street, NW, Washington, DC 20456 or an outside
purchaser or a loan collection services. After such time, the
remaining records are transferred for storage to one of twelve
General Services Administration record storage centers.
Categories of individuals covered by the system:
Share balance and last known addresses of individuals by whom or
on whose behalf insured share account payout claims have been filed.
Authority for maintenance of the system:
12 U.S.C. 1787.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) Information is used to ensure proper payment of all trusteed
account funds. (2) Standard routine uses as set forth in appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained on computer printout forms or accounting
work papers and members account statements.
Retrievability:
Records are retrievable by individual name, credit union name, or
a combination thereof.
Safeguards:
Records are stored in secured offices.
Retention and disposal:
Records are maintained until processing of claims is completed
and, thereafter, are escheated to the appropriate state agency.
System manager(s) and address:
The system managers for this system of records are the two
regional Directors located at the liquidation centers listed in
``SYSTEM LOCATION'' above.
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the system manager listed above. If there is no record
on the individual, the individual will be so advised.
Record access procedures:
Upon request, the system manager will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
system manager listed above.
Record source categories:
Files of federally-insured credit unions which are closed for
liquidation.
NCUA-20
System name:
Office of Inspector General (OIG) Investigative Records, NCUA.
System location:
Office of Inspector General, NCUA, 1775 Duke Street, Alexandria,
VA 22314-3428.
Categories of individuals covered by the system:
Subjects of investigation, complainants, and witnesses referred
to in complaints or actual investigative cases, reports, accompanying
documents, and correspondence prepared by, compiled by, or referred
to the OIG.
Categories of records in the system:
The system is comprised of paper files of all OIG and some
predecessor Office of Internal Auditor reports, correspondence,
cases, matters, cross-indices, memorandums, materials, legal papers,
evidence, exhibits, data, and workpapers pertaining to all closed and
pending investigations and inspections.
Authority for maintenance of the system:
The Inspector General Act of 1978, as amended, 5 USC App.3; 12
USC 1766.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The National Credit Union Administration Office of Inspector
General (NCUA/OIG) may disclose information contained in a record in
this system of records without the consent of the individual if the
disclosure is compatible with the purpose for which the record was
collected, under the following routine uses:
1. NCUA/OIG may disclose information from this system of records
as a routine use to any public or private source, including a
federal, state, or local agency maintaining civil, criminal, or other
relevant enforcement information or other pertinent information, but
only to the extent necessary for the OIG to obtain information from
those sources relevant to an OIG investigation, audit, inspection, or
other inquiry.
2. NCUA/OIG may disclose information from this system of records
as a routine use to the Department of Justice to the extent necessary
to obtain its legal advice on any matter relevant to an OIG
investigation, audit, inspection, or other inquiry related to the
responsibilities of the OIG.
3. NCUA/OIG may disclose information from this system of records
for the purposes set forth in Appendix A of the agency's system of
records notice, published at 53 FR No.186, page 37373 (September 26,
1988.)
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Information contained in this system is stored manually in files.
Retrievability:
Information is retrieved in files by case number, general subject
matter, or name of the subject of investigation.
Safeguards:
Case reports and workpapers are maintained in approved security
containers and locked filing cabinets in a locked room. Associated
paper records are stored in locked metal filing cabinets, safes, or
similar secure facilities.
Retention and disposal:
Investigative Case Files
1. Case files are normally destroyed when they are 5 years old.
2. Significant cases (those that result in national media
attention, congressional investigation, or substantive changes in
agency policy or procedures)--To be determined by the National
Archives and Records Administration on a case-by-case basis.
System manager(s) and address:
Inspector General, National Credit Union Administration, 1775
Duke Street, Alexandria, VA 22314.
Notification procedure:
This System of Records is generally exempt from the notice,
access, and amendment requirements of the Privacy Act. However, the
NCUA will entertain written requests to the systems manager on a case
by case basis for notification regarding whether this system of
records contains information about an individual. Requests should be
marked ``Privacy Act request,'' state the name and address of the
requester, and provide a notarized statement, or other documentation,
e.g., copy of a driver's license, attesting to the individual's
identity. Requests submitted on behalf of other persons must include
their written, notarized authorizations. Such requests in the form
prescribed may also be presented in person at the Office of Inspector
General, Room 5041, National Credit Union Administration, 1775 Duke
Street, Alexandria, VA 22314. Simultaneously with requesting
notification of inclusion in this system of records, the individual
may request record access as described in the following section on
``Record Access Procedures.''
Record access procedures:
Same as ``Notification procedure.''
Contesting record procedures:
Same as ``Notification procedure.''
Record source categories:
The OIG collects information from many sources, including the
subject individuals, employees of the NCUA, other government
employees, and witnesses and informants, and non-governmental
sources.
Systems exempted from certain provisions of the act:
Pursuant to 5 USC 552a(j)(2), this system of records is exempt
from subsections (c)(3) and (4), (d), (e)(1), (e)(2), (e)(3),
(e)(4)(G), (e)(4)(H), (e)(4)(I), (e)(5), (e)(8), (f) and (g) of the
Act. This exemption applies to information in the system that relates
to criminal law enforcement and meets the criteria of the (j)(2)
exemption. Pursuant to 5 USC 552(k)(2), to the extent that the system
contains investigative material compiled for law enforcement
purposes, other than material within the scope of subsection (j)(2),
this system of records is exempt from 5 USC 552a(c)(3), (d), (e)(1),
(e)(4)(G), (H), and (I), and (f). The exemption rule is contained in
12 CFR 792.34 of the NCUA regulations.
NCUA-21
System name: Consumer Complaints Against Federal Credit Unions,
NCUA.
System location:
Information is maintained in NCUA's six Regional Offices (see
appendix B for Regional Offices' locations).
Categories of individuals covered by the system:
Persons who submit complaints concerning operating Federal credit
unions.
Categories of records in the system:
Complaint letters, investigation reports, and related
correspondence concerning the complainants and the involved Federal
credit union.
Authority for maintenance of the system:
12 U.S.C. 1766(i)(1) and 1789(a)(7); 5 U.S.C. 301; 15 U.S.C.
1601-1693.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) Information may be disclosed to officials of Federal credit
unions and other persons mentioned in a complaint or identified
during an investigation. (2) Disclosures may be made to the Federal
Reserve Board, other Federal financial regulatory agencies, the
Federal Financial Institutions Examination Council, the White House
Office of Consumer Affairs, and the Congress or any of its authorized
committees in fulfilling reporting requirements or assessing
implementation of applicable laws and regulations. (Such disclosures
will be made in a nonidentifiable manner when feasible and
appropriate.) (3) Referrals may also be made to other Federal and
nonfederal supervisory or regulatory authorities when the subject
matter is a complaint or inquiry which is more properly within such
agency's jurisdiction. (4) Standard routine uses as set forth in
appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored on paper or computer media.
Retrievability:
Records are retrievable from files by Federal credit union name,
by complainant name, or assigned control number.
Safeguards:
Records are maintained in secured offices in either a file
cabinet or on computer media.
Retention and disposal:
Records are retained for three years, then destroyed. Consumer's
name, Federal credit union's name, subject of complaint, date
received, and date resolved are kept indefinitely.
System manager(s) and address:
The information is maintained in NCUA's six Regional Offices (see
appendix B for Regional Offices' location).
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the system manager listed above. If there is no record
on the individual, the individual will be so advised.
Record access procedures:
Upon request, the system manager will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Request to amend or correct a record should be directed to the
system manager listed above.
Record source categories:
Complainant (and his or her representative, which may include,
e.g., a member of Congress or an attorney); Federal credit union
officials; employees and members of the credit union involved; and
NCUA examiners and central files on Federal credit unions.
NCUA-22
System name: Litigation Case Files, NCUA.
System location:
Office of General Counsel, National Credit Union Administration,
1776 G Street, NW, Washington, DC 20456.
Categories of individuals covered by the system:
Records are maintained in files by the case name of individuals
who are: The subject of NCUA investigations made in contemplation of
legal action; involved in civil litigation with NCUA; involved in
administrative proceedings; involved in litigation of interest to
NCUA; or pursuing tort claims.
Categories of records in the system:
Records in case files include: Investigative reports relating to
possible felonies or violations of the Federal Credit Union Act;
transcripts of testimony or affidavits; documents and other
evidentiary matter, pleadings and other documents filed in court;
orders filed or issued in civil, administrative or criminal
proceedings; correspondence relating to investigatory or litigation
matters; information provided by the individual under investigation
or from a Federal credit union; and other memoranda gathered and
prepared by staff in performance of their duties.
Authority for maintenance of the system:
12 U.S.C. 1766, 1786, 1787, and 1789; 28 U.S.C. 2671-2680.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) The staff of the Office of General Counsel may use such
records to render legal advice concerning investigations or courses
of legal action; to represent NCUA in all judicial and administrative
proceedings in which NCUA or any of its employees who, within the
scope of employment and in an official capacity, is a party; or to
intervene as an amicus curiae. (2) Standard routine uses set forth in
appendix A.
System manager(s) and address:
General Counsel, National Credit Union Administration, 1776 G
Street, NW, Washington, DC 20456.
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the system manager listed above. If there is no record
on the individual, the individual will be so advised.
Record access procedures:
Requests to amend or correct a record should be directed to the
system manager listed above.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
system manager listed above.
Record source categories:
Record source categories vary depending upon the legal issue but
generally are obtained from the following: NCUA staff and internal
agency memoranda; Federal employees and private parties involved in
torts; contracts; Federal credit union files or officials; general
law texts and sources; law enforcement officers; witnesses and
others; administrative and court pleadings, transcripts or judicial
orders/decisions; evidence gathered in connection with the matter
involved; and from individuals to whom the records relate.
Systems exempted from certain provisions of the act:
This system is subject to the specific exemption provided by 5
U.S.C. 552a(k)(2), as the system of records is investigatory material
compiled for law enforcement purposes.
Appendix A--Standard Routine Uses Applicable to NCUA Systems of
Records
1. In the event that a system of records maintained by this
Agency to carry out its functions indicates a violation or potential
violation of law, whether civil, criminal, or regulatory in nature,
and whether arising by general statute or particular program statute,
or by regulation, rule, or order issued pursuant thereto, the
relevant records in the system or records may be referred, as a
``routine use,'' to the appropriate agency, whether Federal, State,
local, or foreign, charged with the responsibility of investigating
or prosecuting such violation or charged with enforcing or
implementing the statute, rule, regulation, or order issued pursuant
thereto.
2. A record from a system of records may be disclosed as a
``routine use'' to a Federal, State, or local agency which maintains
civil, criminal, or other relevant enforcement information or other
pertinent information, such as current licenses, if necessary, to
obtain information relevant to an agency decision concerning the
hiring or retention of an employee, the issuance of a security
clearance, the letting of a contract, or the issuance of a license,
grant, or other benefit.
3. A record from a system of records may be disclosed as a
``routine use'' to a Federal agency, in response to its request, for
a matter concerning the hiring or retention of an employee, the
issuance of a security clearance, the reporting of an investigation
of an employee, the letting of a contract, or the issuance of a
license, grant, or other benefit by the requesting agency, to the
extent that the information is relevant and necessary to the
requesting agency's decision in the matter.
4. A record from a system of records may be disclosed as a
``routine use'' to an authorized appeal grievance examiner, formal
complaints examiner, equal employment opportunity investigator,
arbitrator or other duly authorized official engaged in investigation
or settlement of a grievance, complaint, or appeal filed by an
employee. Further, a record from any system of records may be
disclosed as a ``routine use'' to the Office of Personnel Management
in accordance with the agency's responsibility for evaluation and
oversight of Federal personnel management.
5. A record from a system of records may be disclosed as a
``routine use'' to officers and employees of a Federal agency for
purposes of audit.
6. A record from a system of records may be disclosed as a
``routine use'' to a member of Congress or to a congressional staff
member in response to an inquiry from the congressional office made
at the request of the individual about whom the record is maintained.
7. A record from a system of records may be disclosed as a
``routine use'' to the officers and employees of the General Services
Administration (GSA) in connection with administrative services
provided to this Agency under agreement with GSA.
8. It shall be a routine use of the records maintained by this
agency to disclose them to the Department of Justice when
(a) The Agency, or any component thereof; or
(b) Any employee of the Agency in his or her official capacity;
or
(c) Any employee of the Agency in his or her individual capacity
where the Department of Justice has agreed to represent the employee;
or
(d) The United States, where the Agency determines the litigation
is likely to affect the agency or any of its components, is a party
to litigation or has an interest in such litigation, and the use of
such records by the Department of Justice is deemed by the Agency to
be relevant and necessary to the litigation, provided, however, that
in each case, the Agency determines that disclosure of the records to
the Department of Justice is a use of the information contained in
the records that is compatible with the purpose for which the records
were collected.
9. It shall be a routine use of records maintained by this Agency
to disclose them in a proceeding before a court or adjudicative body
before which the agency is authorized to appear, when
(a) The Agency, or any component thereof; or
(b) Any employee of the Agency in his or her official capacity;
or
(c) Any employee of the Agency in his or her individual capacity
where the Agency has agreed to represent the employee; or
(d) The United States, where the Agency determines that
litigation is likely to affect the agency or any of its components,
is a party to litigation or has an interest in such litigation, and
the Agency determines that use of such records is relevant and
necessary to the litigation, provided, however, that in each case,
the Agency determines that disclosure of the records to the
Department of Justice is a use of the information contained in the
records that is compatible with the purpose for which the records
were collected.
Appendix B--List of Regional Offices (Addresses and States Covered
by Each Region)
I. NCUA Region I Regional Office: 9 Washington Square, Washington
Square Extension, Albany, NY 12205, Phone: (518) 472-4554.
States covered: Connecticut, Maine, Massachusetts, New Hampshire,
New Jersey, New York, Puerto Rico, Rhode Island, Vermont, Virgin
Islands.
II. NCUA Region II Regional Office: Eighth Floor, 1776 G Street,
Washington, DC 20006, Phone: (202) 682-1900.
States covered: District of Columbia, Delaware, Maryland,
Pennsylvania, Virginia, West Virginia.
III. NCUA Region III Regional Office: 7000 Central Parkway, Suite
1600, Atlanta, GA 30328, Phone: (404) 396-4042.
States covered: Arkansas, Alabama, Republic of Panama, Florida,
Georgia, Kentucky, Louisiana, Mississippi, North Carolina, Tennessee,
South Carolina.
IV. NCUA Region IV Regional Office: 300 Park Boulevard, Suite
155, Itasca IL 60143, Phone: (312) 250-6000.
States covered: Illinois, Indiana, Iowa, Michigan, Minnesota,
Missouri, North Dakota, Ohio, South Dakota, Wisconsin.
V. NCUA Region V Regional Office: 4807 Spicewood Springs Road,
Building 5, Austin, TX 78759, Phone: (512) 482-4500.
States covered: Arizona, Colorado, Iowa, Kansas, Minnesota,
Nebraska, New Mexico, North Dakota, South Dakota, Oklahoma, Texas,
Utah, Wyoming.
VI. NCUA Region VI Regional Office: 2890 N. Main Street, Suite
101, Walnut Creek, CA 94596, Phone: (415) 486-3490.
States covered: Alaska, California, Guam, Hawaii, Idaho, Montana,
Nevada, Oregon, Washington.
NATIONAL CREDIT UNION ADMINISTRATION
Title 12--Banks and Banking
Chapter VII-National Credit Union Administration
PART 792-REQUESTS FOR INFORMATION UNDER THE FREEDOM OF INFORMATION ACT
AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED
INFORMATION
Subpart E--The Privacy Act
Sec.
792.52 Scope.
792.53 Definitions.
792.54 Procedures for requests pertaining to individual records in a
system of records.
792.55 Times, places, and requirements for identification of individuals
making requests and identification of records requested.
792.56 Notice of existence of records, access decisions and disclosure
of requested information; time limits.
792.57 Special procedures: Information furnished by other agencies;
medical records.
792.58 Requests for correction or amendment to records; administrative
review of requests.
792.59 Appeal of initial determination.
792.60 Disclosure of record to person other than the individual to whom
it pertains.
792.61 Accounting for disclosures.
792.62 Requests for accounting for disclosures.
792.63 Collection of information from individuals; information forms.
792.64 Contracting for the operation of a system of records.
792.65 Fees.
792.66 Exemptions.
792.67 Security of systems of records.
792.68 Use and collection of Social Security numbers.
792.69 Training and employee standards of conduct with regard to
privacy.
Authority: 12 U.S.C. 1766(a) and 1789(a)(7); 5 U.S.C. App. 3. Subpart
B is also issued under 5 U.S.C. 552a.
Source: 54 FR 18476, May 1, 1989. Redesignated at 63 FR 14338, Mar.
25, 1998.
Subpart E-The Privacy Act
Sec. 792.52 Scope.
This subpart governs requests made of NCUA under the Privacy Act (5
U.S.C. 552a). The regulation applies to all records maintained by NCUA
which contain personal information about an individual and some means of
identifying the individual, and which are contained in a system of
records from which information may be retrieved by use of an identifying
particular; sets forth procedures whereby individuals may seek and gain
access to records concerning themselves and request amendments of those
records; and sets forth requirements applicable to NCUA employees'
maintaining, collecting, using, or disseminating such records.
Sec. 792.53 Definitions.
For purposes of this subpart:
(a) Individual means a citizen of the United States or an alien
lawfully admitted for permanent residence.
(b) Maintain includes maintain, collect, use, or disseminate.
(c) Record means any item, collection, or grouping of information
about an individual that is maintained by NCUA, and that contains the
name, or an identifying number, symbol, or other identifying particular
assigned to the individual.
(d) System of records means a group of any records under NCUA's
control from which information is retrieved by the name of the
individual or by some identifying number, symbol, or other identifying
particular assigned to the individual.
(e) Routine use means, with respect to the disclosure of a record, the
use of such record for a purpose which is compatible with the purpose
for which it was collected.
(f) Statistical record means a record in a system of records
maintained for statistical research or reporting purposes only and not
used in whole or in part in making any determination about an
identifiable individual, except as provided by section 8 of title 13 of
the United States Code.
Sec. 792.54 Procedures for requests pertaining to individual records
in a system of records.
(a) An individual seeking notification of whether a system of records
contains a record pertaining to that individual, or an individual
seeking access to information or records pertaining to that individual
which are available under the Privacy Act shall present a request to the
NCUA official identified in the access procedure section of the ``Notice
of Systems of Records'' published in the Federal Register which
describes the system of records to which the individual's request
relates. An individual who does not have access to the Federal Register
and who is unable to determine the appropriate official to whom a
request should be submitted may submit a request to the Director of the
Administrative Office, National Credit Union Administration, 1775 Duke
Street, Alexandria, VA 22314-3428, in which case the request will then
be referred to the appropriate NCUA official and the date of receipt of
the request will be determined as the date of receipt by the official.
(b) In addition to meeting the identification requirements set forth
in Sec. 792.55, an individual seeking notification or access, either in
person or by mail, shall describe the nature of the record sought, the
approximate dates covered by the record, and the system in which it is
thought to be included, as described in the ``Notice of Systems of
Records'' published in the Federal Register.
[54 FR 18476, May 1, 1989, as amended at 59 FR 36041, July 15, 1994; 64
FR 57365, Oct. 25, 1999]
Sec. 792.55 Times, places, and requirements for identification of
individuals making requests and identification of records requested.
(a) The following standards are applicable to an individual submitting
requests either in person or by mail under Sec. 792.54:
(1) If not personally known to the NCUA official responding to the
request, an individual seeking access to records about that individual
in person shall establish identity by the presentation of a single
document bearing a photograph (such as a passport or identification
badge) or by the presentation of two items of identification which do
not bear a photograph but do bear both a name and address (such as a
driver's license or credit card);
(2) An individual seeking access to records about that individual by
mail may establish identity by a signature, address, date of birth,
employee identification number if any, and one other identifier such as
a photocopy of driver's license or other document. If less than all of
this requisite identifying information is provided, the NCUA official
responding to the request may require further identifying information
prior to any notification or responsive disclosure.
(3) An individual seeking access to records about that individual by
mail or in person, who cannot provide the required documentation or
identification, may provide a notarized statement affirming identity and
recognition of the penalties for false statements pursuant to 18 U.S.C.
1001.
(b) The parent or guardian of a minor or a person judicially
determined to be incompetent shall, in addition to establishing identity
of the minor or other person as required in paragraph (a) of this
section, furnish a copy of a birth certificate showing parentage or a
court order establishing guardianship.
(c) An individual may request by telephone notification of the
existence of and access to records about that individual and contained
in a system of records. In such a case, the NCUA official responding to
the request shall require, for the purpose of comparison and
verification of identity, at least two items of identifying information
(such as date of birth, home address, social security number) already
possessed by the NCUA. If the requisite identifying information is not
provided, or otherwise at the discretion of the responsible NCUA
official, an individual may be required to submit the request by mail or
in person in accordance with paragraph (a) of this section.
(d) An individual seeking to review records about that individual may
be accompanied by another person of their own choosing. In such cases,
the individual seeking access shall be required to furnish a written
statement authorizing discussion of that individual's records in the
accompanying person's presence.
(e) In addition to the requirements set forth in paragraphs (a), (b)
and (c) of this section, the published ``Notice of System of Records''
for individual systems may include further requirements of
identification where necessary to retrieve the individual records from
the system.
[54 FR 18476, May 1, 1989, as amended at 64 FR 57365, Oct. 25, 1999]
Sec. 792.56 Notice of existence of records, access decisions and
disclosure of requested information; time limits.
(a) The NCUA official identified in the record access procedure
section of the ``Notice of Systems of Records'' and identified in
accordance with Sec. 792.542(a), by an individual seeking notification
of, or access to, a record, shall be responsible: (1) For determining
whether access is available under the Privacy Act; (2) for notifying the
requesting individual of that determination; and (3) for providing
access to information determined to be available. In the case of an
individual access request made in person, information determined to be
available shall be provided by allowing a personal review of the record
or portion of a record containing the information requested and
determined to be available, and the individual shall be allowed to have
a copy of all or any portion of available information made in a form
comprehensible to him. In the case of an individual access request made
by mail, information determined to be available shall be provided by
mail, unless the individual has requested otherwise.
(b) The following time limits shall be applicable to the required
determinations, notification and provisions of access set forth in
paragraph (a) of this section:
(1) A request concerning a single system of records which does not
require consultation with or requisition of records from another agency
shall be responded to within 10 working days after receipt of the
request;
(2) A request requiring requisition of records from or consultation
with another agency shall be responded to within 10 working days after
such requisition or resolution of the required consultation. Such
required requisition or consultation shall be initiated within 10
working days after receipt of the request;
(3) If a request under paragraphs (b)(1) or (2) of this section
presents unusual difficulties in determining whether the records
involved are exempt from disclosure, the Director of the Administrative
Office may, upon written request of the official responsible for action
upon the record request, extend the time period established by these
regulations for an additional 15 working days.
(c) Nothing in this section shall be construed to allow an individual
access to any information compiled in reasonable anticipation of a civil
action or proceeding, or any information exempted from the access
provisions of the Privacy Act.
[54 FR 18476, May 1, 1989, as amended at 59 FR 36042, july 15, 1994; 64
FR 57365, Oct. 25, 1999]
Sec. 792.57 Special procedures: Information furnished by other
agencies; medical records.
(a) When a request for records or information from NCUA includes
information furnished by other Federal agencies, the NCUA official
responsible for action on the request shall consult with the appropriate
agency prior to making a decision to disclose or refuse access to the
record, but the decision whether to disclose the record shall be made in
the first instance by the NCUA official.
(b) When an individual requests medical records concerning that
individual, the NCUA official responsible for action on the request may
advise the individual that the records will be provided only to a
physician designated in writing by the individual. Upon receipt of the
designation and upon proper verification of identity, the NCUA official
shall permit the physician to review the records or to receive copies of
the records by mail. The determination of which records should be made
available directly to the individual and which records should not be
disclosed directly because of possible harm to the individual shall be
made by the NCUA official responsible for action on the request.
Sec. 792.58 Requests for correction or amendment to a record;
administrative review of requests.
(a) An individual may request amendment of a record concerning that
individual by addressing a request, either in person or by mail, to the
NCUA official identified in the ``contesting record procedures'' section
of the ``Notice of Systems of Records'' published in the Federal
Register and describing the system of records which contains the record
sought to be amended. The request must indicate the particular record
involved, the nature of the correction sought, and the justification for
the correction or amendment. Requests made by mail should be addressed
to the responsible NCUA official at the address specified in the
``Notice of Systems of Records'' describing the system of records which
contains the contested record. An individual who does not have access to
the NCUA's ``Notice of Systems of Records,'' and to whom the appropriate
address is otherwise unavailable may submit a request to the Director of
the Administrative Office, National Credit Union Administration, 1775
Duke Street, Alexandria, VA 22314-3428 in which case the request will
then be referred to the appropriate NCUA official. The date of receipt
of the request will be determined as of the date of receipt by that
official.
(b) Within 10 working days of receipt of the request, the appropriate
NCUA official shall advise the individual that the request has been
received. The appropriate NCUA official shall then promptly (under
normal circumstances, not later than 30 working days after receipt of
the request) advise the individual that the record is to be amended or
corrected, or inform the individual of rejection of the request to amend
the record, the reason for the rejection, and the procedures established
by Sec. 792.27 for the individual to request a review of that rejection.
[54 FR 18476, May 1, 1989, as amended at 59 FR 36041, July 15, 1994]
Sec. 792.59 Appeal of initial determination.
(a) A rejection, in whole or in part, of a request to amend or correct
a record may be appealed to the General Counsel within 30 working days
of receipt of notice of the rejection. Appeals shall be in writing, and
shall set forth the specific item of information sought to be corrected
and the documentation justifying the correction. Appeals shall be
addressed to the Office of General Counsel, National Credit Union
Administration, 1775 Duke Street, Alexandria, VA 22314-3428. Appeals
shall be decided within 30 working days of receipt unless the General
Counsel, for good cause, extends such period for an additional 30
working days.
(b) Within the time limits set forth in paragraph (a) of this section,
the General Counsel shall either advise the individual of a decision to
amend or correct the record, or advise the individual of a determination
that an amendment or correction is not warranted on the facts, in which
case the individual shall be advised of the right to provide for the
record a ``Statement of Disagreement'' and of the right to further
appeal pursuant to the Privacy Act. For records under the jurisdiction
of the Office of Personnel Management, appeals will be made pursuant to
that agency's regulations.
(c) A statement of disagreement may be furnished by the individual.
The statement must be sent, within 30 days of the date of receipt of the
notice of General Counsel refusal to authorize correction, to the
General Counsel, National Credit Union Administration, 1775 Duke Street,
Alexandria, VA 22314-3428. Upon receipt of a statement of disagreement
in accordance with this section, the General Counsel shall take steps to
ensure that the statement is included in the system of records
containing the disputed item and that the original item is so marked to
indicate that there is a statement of dispute and where, within the
system of records, that statement may be found.
(d) When a record has been amended or corrected or a statement of
disagreement has been furnished, the system manger for the system of
records containing the record shall, within 30 days thereof, advise all
prior recipients of information to which the amendment or statement of
disagreement relates whose identity can be determined by an accounting
made as required by the Privacy Act of 1974 or any other accounting
previously made, of the amendment or statement of disagreement. When a
statement of disagreement has been furnished, the system manager shall
also provide any subsequent recipient of a disclosure containing
information to which the statement relates with a copy of the statement
and note the disputed portion of the information disclosed. A concise
statement of the reasons for not making the requested amendment may also
be provided if deemed appropriate.
(e) If access is denied because of an exemption, the individual shall
be notified of the right to appeal that determination to the General
Counsel within 180 days after receipt of the determination. Such an
appeal shall be determined within 30 days.
[54 FR 18476, May 1, 1989, as amended at 59 FR 36041, July 15, 1994]
Sec. 792.60 Disclosure of record to person other than the individual
to whom it pertains.
No record or item of information concerning an individual which is
contained in a system of records maintained by NCUA shall be disclosed
by any means of communication to any person, or to another agency,
without the prior written consent of the individual to whom the record
or item of information pertains, unless the disclosure would be--
(a) To an employee of the NCUA who has need for the record in the
performance of duty;
(b) Required by the Freedom of Information Act;
(c) For a routine use as described in the ``Notice of Systems of
Records,'' published in the Federal Register, which describes the system
of records in which the record or item of information is contained;
(d) To the Bureau of the Census for purposes of planning or carrying
out a census or survey or related activity pursuant to the provisions of
Title 13 of the United States Code;
(e) To a recipient who has provided the NCUA with advance adequate
written assurance that the record or item will be used soley as a
statistical research or reporting record, and the record is to be
transferred in a form that is not individually identifiable;
(f) To the National Archives and Records Administration as a record or
item which has sufficient historical or other value to warrant its
continued preservation by the United States Government, or for
evaluation by the Archivist of the United States or the designee of the
Archivist to determine whether the record has such value;
(g) To another agency or to an instrumentality of any governmental
jurisdiction within or under the control of the United States for a
civil or criminal law enforcement activity if the activity is authorized
by law, and if the head of the agency or instrumentality has made a
written request to NCUA specifying the particular portion desired and
the law enforcement activity for which the record or item is sought;
(h) To a person pursuant to a showing of compelling circumstances
affecting the health or safety of an individual if, upon such
disclosure, notification is transmitted to the last known address of
such individual;
(i) To either House of Congress, or, to the extent of matter within
its jurisdiction, any committee or subcommittee thereof, any joint
committee of Congress or subcommittee of any such joint committee;
(j) To the Comptroller General, or any of his authorized
representatives, in the course of the performance of the duties of the
General Accounting Office; or
(k) Pursuant to the order of a court of competent jurisdiction; or
(l) To a consumer reporting agency in accordance with section 3711(f)
of Title 31 of the United States Code (31 U.S.C. 3711(f)).
Sec. 792.61 Accounting for disclosures.
(a) Each system manager identified in the ``Notice of Systems of
Records'' as published in the Federal Register for each system of
records maintained by the NCUA, shall establish a system of accounting
for all disclosures of information or records concerning individuals and
contained in the system of records, made outside NCUA. Accounting
procedures may be established in the least expensive and most convenient
form that will permit the system manager to advise individuals, promptly
upon request, of the persons or agencies to which records concerning
them have been disclosed.
(b) Accounting records, at a minimum, shall include the information
disclosed, the name and address of the person or agency to whom
disclosure was made, and the date of disclosure. When records are
transferred to the National Archives and Records Administration for
storage in records centers, the accounting pertaining to those records
shall be transferred with the records themselves.
(c) Any accounting made under this section shall be retained for at
least five years or the life of the record, whichever is longer, after
the disclosure for which the accounting is made.
Sec. 792.62 Requests for accounting for disclosures.
At the time of the request for access or correction or at any other
time, an individual may request an accounting of disclosures made of the
individual's record outside the NCUA. Request for accounting shall be
directed to the system manager. Any available accounting, whether kept
in accordance with the requirements of the Privacy Act or under
procedures established prior to September 27, 1975, shall be made
available to the individual, except that an accounting need not be made
available if it relates to:
(a) A disclosure made pursuant to the Freedom of Information Act (5
U.S.C. 552);
(b) A disclosure made within the NCUA;
(c) A disclosure made to a law enforcement agency pursuant to 5 U.S.C.
552a(b)(7);
(d) A disclosure which has been exempted from the provisions of 5
U.S.C. 552a(c)(3) pursuant to 5 U.S.C. 552a(j) or (k).
Sec. 792.63 Collection of information from individuals; information
forms.
(a) The system manager, as identified in the ``Notice of Systems of
Records'' published in the Federal Register for each system of records
maintained by the Administration, shall be responsible for reviewing all
forms developed and used to collect information from or about
individuals for incorporation into the system of records.
(b) The purpose of the review shall be to eliminate any requirement
for information that is not relevant and necessary to carry out an NCUA
function and to accomplish the following objectives:
(1) To ensure that no information concerning religion, political
beliefs or activities, association memberships (other than those
required for a professional license), or the exercise of other First
Amendment rights is required to be disclosed unless such requirement of
disclosure is expressly authorized by statute or is pertinent to and
within the scope of any authorized law enforcement activity;
(2) To ensure that the form or accompanying statement makes clear to
the individual which information by law must be disclosed and the
authority for that requirement, and which information is voluntary;
(3) To ensure that the form or accompanying statement makes clear the
principal purpose or purposes for which the information is being
collected, and states concisely the routine uses that will be made of
the information;
(4) To ensure that the form or accompanying statement clearly
indicates to the individual the existing rights, benefits or privileges
not to provide all or part of the requested information; and
(5) To ensure that any form requesting disclosure of a social security
number, or an accompanying statement, clearly advises the individual of
the statute or regulation requiring disclosure of the number, or clearly
advises the individual that disclosure is voluntary and that no
consequence will flow from a refusal to disclose it, and the uses that
will be made of the number whether disclosed mandatorily or voluntarily.
(c) Any form which does not meet the objectives specified in the
Privacy Act and this section shall be revised to conform thereto.
Sec. 792.64 Contracting for the operation of a system of records.
(a) No NCUA component shall contract for the operation of a system of
records by or on behalf of the Agency without the express approval of
the NCUA Board.
(b) Any contract which is approved shall continue to ensure compliance
with the requirements of the Privacy Act. The contracting component
shall have the responsibility for ensuring that the contractor complies
with the contract requirements relating to the Privacy Act.
Sec. 792.65 Fees.
(a) Fees pursuant to 5 U.S.C. 552a(f)(5) shall be assessed for actual
copies of records provided to individuals on the following basis, unless
the NCUA official determining access waives the fee because of the
inability of the individual to pay or the cost of collecting the fee
exceeds the fee:
(1) For actual copies of documents, 25 cents per page; and
(2) For copying information, if any, maintained in nondocument form,
the direct cost to NCUA may be assessed.
(b) If it is determined that access fees chargeable under this section
will amount to more than $25, and the individual has not indicated in
advance willingness to pay fees as high as are anticipated, the
individual shall be notified of the amount of the anticipated fees
before copies are made, and the individual's access request shall not be
considered to have been received until receipt by NCUA of written
agreement to pay.
Sec. 792.66 Exemptions.
(a) NCUA maintains three systems of records which are exempted from
some of the provisions of the Privacy Act. In paragraph (b) of this
section, those systems of records are identified by System Name and
System Number, as stated in the NCUA's ``Notice of Systems of Records,''
published in the Federal Register. The provisions from which each system
is exempted and the reasons therefor are also set forth.
(b)(1) System NCUA-1, entitled ``Employee Security Investigations
Containing Adverse Information,'' consists of adverse information about
NCUA employees which has been obtained as a result of routine Office of
Personnel Management Security Investigations. To the extent that NCUA
maintains records in this system pursuant to Office of Personnel
Management guidelines which require or may require retrieval of
information by use of individual identifiers, those records are
encompassed by and included in the Office of Personnel Management
Government-Wide System of Records Number 4, entitled ``Personnel
Investigations Records,'' and thus are subject to the applicable
specific exemptions promulgated by the Office of Personnel Management.
Additionally, in order to ensure the protection of properly confidential
sources, particularly as to those records which are not maintained
pursuant to such Office of Personnel Management requirements, the
records in these systems of records are exempted, pursuant to section
(k)(5) of the Privacy Act (5 U.S.C. 552a(k)(5)), from section (d) of the
Act (5 U.S.C. 552a(d)). To the extent that disclosure of a record would
reveal the identity of a confidential source, NCUA need not grant access
to that record by its subject. Information which would reveal a
confidential source shall, however, whenever possible, be extracted or
summarized in a manner which protects the source and the summary or
extract shall be provided to the requesting individual.
(2) System NCUA-15, entitled ``Investigative Reports Involving Any
Suspicious Activity Against a Credit Union, NCUA,'' consists of a
limited number of records about individuals suspected or involvement in
felonies or infractions under the Federal Credit Union Act or criminal
statutes. These records are maintained in an overall context of general
investigative information concerning crimes against credit unions. To
the extent that individually identifiable information is maintained,
however, for purposes of protecting the security of any investigations
by appropriate law enforcement authorities and promoting the successful
prosecution of all actual criminal activity, the records in this system
are exempted, pursuant to section (k)(2) of the Privacy Act (5 U.S.C.
552a(k)(2)), from sections (c)(3), and (d)). NCUA need not make an
accounting of previous disclosures of a record in this system of records
available to its subject, the NCUA need not grant access to any records
in this system of records by their subject. Further, whenever
individuals request records about themselves and maintained in this
system of records, the NCUA shall, to the extent necessary to realize
the above-stated purposes, neither confirm nor deny the existence of the
records but shall advise the individuals only that no records available
to them pursuant to the Privacy Act of 1974 have been identified.
However, should review of the record reveal that the information
contained therein has been used or is being used to deny the individuals
any right, privilege or benefit for which they are eligible or to which
they would otherwise be entitled under Federal law, the individuals
shall be advised of the existence of the information and shall be
provided the information, except to the extent disclosure would identify
a confidential source. Information which would identify a confidential
source shall, if possible, be extracted or summarized in a manner which
protects the source and the summary or extract shall be provided to the
requesting individual.
(3) System NCUA-20, entitled, ``Office of Inspector General (OIG)
Investigative Records,'' consists of OIG records of closed and pending
investigations of individuals alleged to have been involved in criminal
violations. The records in this system are exempted pursuant to Sections
(k)(2) of the Privacy Act, 5 U.S.C. 552a(k)(2), from sections (c)(3);
(d); (e)(1); (e)(4)(G); (e)(4)(H); (e)(4)(I); and (f). The records in
this system are also exempted pursuant to Section (j)(2) of the Privacy
Act, 5 U.S.C. 552a(j)(2), from sections (c)(3); (c)(4); (d); (e)(1);
(e)(2); (e)(3); and (g).
(c) For purposes of this section, a ``confidential source'' means a
source who furnished information to the Government under an express
promise that the identity of the source would remain confidential, or,
prior to September 27, 1976, under an implied promise that the identity
of the source would be held in confidence.
[54 FR 18476, May 1, 1989, as amended at 60 FR 31912, June 19, 1995]
Sec. 792.67 Security of systems of records.
(a) Each system manager, with the approval of the head of that Office,
shall establish administrative and physical controls to insure the
protection of a system of records from unauthorized access or disclosure
and from physical damage or destruction. The controls instituted shall
be proportional to the degree of sensitivity of the records, but at a
minimum must insure: that records are enclosed in a manner to protect
them from public view; that the area in which the records are stored is
supervised during all business hours to prevent unauthorized personnel
from entering the area or obtaining access to the records; and that the
records are inaccessible during nonbusiness hours.
(b) Each system manager, with the approval of the head of that Office,
shall adopt access restriction to insure that only those individuals
within the agency who have a need to have access to the records for the
performance of duty have access. Procedures shall also be adopted to
prevent accidental access to or dissemination of records.
Sec. 792.68 Use and collection of Social Security numbers.
The head of each NCUA Office shall take such measures as are necessary
to ensure that employees authorized to collect information from
individuals are advised that individuals may not be required without
statutory or regulatory authorization to furnish Social Security
numbers, and that individuals who are requested to provide Social
Security numbers voluntarily must be advised that furnishing the number
is not required and that no penalty or denial of benefits will flow from
the refusal to provide it.
Sec. 792.69 Training and employee standards of conduct with regard
to privacy.
(a) The Director of the Administrative Office, with advice from the
General Counsel, shall be responsible for training NCUA employees in the
obligations imposed by the Privacy Act and this subpart.
(b) The head of each NCUA Office shall be responsible for assuring
that employees subject to that person's supervision are advised of the
provisions of the Privacy Act, including the criminal penalties and
civil liabilities provided therein, and that such employees are made
aware of their responsibilities to protect the security of personal
information, to assure its accuracy, relevance, timeliness, and
completeness, to avoid unauthorized disclosure either orally or in
writing, and to insure that no information system concerning
individuals, no matter how small or specialized, is maintained without
public notice.
(c) With respect to each system of records maintained by NCUA, Agency
employees shall:
(1) Collect no information of a personal nature from individuals
unless authorized to collect it to achieve a function or carry out an
NCUA responsibility;
(2) Collect from individuals only that information which is necessary
to NCUA functions or responsibilities;
(3) Collect information, wherever possible, directly from the
individual to whom it relates;
(4) Inform individuals from whom information is collected of the
authority for collection, the purposes thereof, the routine uses that
will be made of the information, and the effects, both legal and
practical of not furnishing the information;
(5) Not collect, maintain, use, or disseminate information concerning
an individual's religious or political beliefs or activities or his
membership in associations or organizations, unless:
(i) The individual has volunteered such information for his own
benefit;
(ii) The information is expressly authorized by statute to be
collected, maintained, used, or disseminated; or
(iii) Activities involved are pertinent to and within the scope of an
authorized investigation or adjudication.
(6) Advise their supervisors of the existence or contemplated
development of any record system which retrieves information about
individuals by individual identifier.
(7) Maintain an accounting, in the prescribed form, of all
dissemination of personal information outside NCUA, whether made orally
or in writing;
(8) Disseminate no information concerning individuals outside NCUA
except when authorized by 5 U.S.C. 552a or pursuant to a routine use as
set forth in the ``routine use'' section of the ``Notice of Systems of
Records'' published in the Federal Register.
(9) Maintain and process information concerning individuals with care
in order to ensure that no inadvertent disclosure of the information is
made either within or outside NCUA; and
(10) Call to the attention of the proper NCUA authorities any
information in a system maintained by NCUA which is not authorized to be
maintained under the provisions of the Privacy Act, including
information on First Amendment activities, information that is
inaccurate, irrelevant or so incomplete as to risk unfairness to the
individuals concerned.
(c) Heads of offices within NCUA shall, at least annually, review the
record systems subject to their supervision to ensure compliance with
the provisions of the Privacy Act.
[54 FR 18476, May 1, 1989, as amended at 59 FR 36042, July 15 1994]