[Privacy Act Issuances (2001)]
[From the U.S. Government Publishing Office, www.gpo.gov]
NATIONAL COUNTERINTELLIGENCE CENTER
Table of Contents
NACIC-1, National Countelligence Center System of Records
Statement of General Routine Uses
The following routine uses apply to, and are incorporated by
reference into each system of records maintained by NACIC. It should
be noted that, before the individual record system notices begin, the
blanket routine uses of the records are published below only once in
the interest of simplicity, economy and to avoid redundancy.
1. Routine Use-Law Enforcement: In the event that a system of
records maintained by NACIC to carry out its functions indicates a
violation or potential violation of law, whether civil, criminal or
regulatory in nature, and whether arising by general statute or by
regulation, rule or order issued pursuant thereto, the relevant
records in the system of records maybe referred, as a routine use, to
the appropriate agency whether Federal, state, local or foreign,
charged with the responsibility of investigating or prosecuting such
violation or charged with enforcing or implementing the statute,
rule, regulation or order issued pursuant thereto.
2. Routine Use-Disclosure When Requesting Information: A record
from a system of records maintained by this component may be
disclosed as a routine use to a Federal, state, or local agency
maintaining civil, criminal, or other relevant enforcement
information or other pertinent information, if necessary to obtain
information relevant to a component decision concerning the hiring or
retention of an employee, the issuance of a security clearance, the
letting of a contact, or the issuance of a license, grant or other
benefit.
3. Routine Use-Disclosure of Requested Information: A record from
a system of records maintained by this component may be disclosed to
a Federal agency, in response to its request, in connection with the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant or other
benefit by the requesting agency, to the extent that the information
is relevant and necessary to the requesting agency's decision on the
matter.
4. Routine Use-Congressional: Inquiries from a system of records
maintained by this component maybe made to a Congressional office
from the record of an individual in response to an inquiry from the
Congressional office made at the request of that individual.
5. Routine Use-Disclosures Required by International Agreements:
A record from a system of records maintained by this component may be
disclosed to foreign law enforcement, security, investigatory, or
administrative authorities in order to comply with requirements
imposed by, or to claim rights conferred in, international agreements
and arrangements including those regulating the stationing and status
in foreign countries of Department of Defense military and civilian
personnel.
6. Routine Use-disclosure to the Department of Justice for
Litigation: A record from a system of records maintained by this
component may be disclosed as routine use to any component of the
Department of Justice for the purpose of representing any officer,
employee or member of this component in pending or potential
litigation to which the record is pertinent.
7. Routine Use-Disclosure of Information to the Information
Security Oversight Office (ISOO): A record from a system of records
maintained by this component may be disclosed as a routine use to the
Information Security Oversight Office (ISOO) or any other executive
branch entity authorized to conduct inspections or develop security
classification policy for the purpose of records management
inspections conducted under authority of 44 U.S.C. 2904 and 2906.
8. Routine Use-Disclosure of Information to the National Archives
and Records Administration (NARA): A record from a system of records
maintained by this component may be disclosed as a routine use to the
National Archives and Records Administration (NARA) for the purpose
of records management inspections conducted under authority of 44
U.S.C. 2904 and 2906.
9. Routine Use-Disclosure to the Merit Systems Protection Board:
A record from a system of records maintained by this component may be
disclosed as a routine use to the Merit Systems Protection Board,
including the Office of the Special Counsel for the purpose of
litigation, including administrative proceedings, appeals special
studies of the civil service and other merit systems, review of OPM
or component rules and regulations, investigation of alleged or
possible prohibited personnel practices; including administrative
proceedings involving any individual subject of investigation, and
such other functions, promulgated in 5 U.S.C. 1205 and 1206, or as
may be authorized by law.
10. Routine Use-Counterintelligence Purposes: A record from a
system of records maintained by this component may be disclosed as a
routine use outside the U.S. Government for the purpose of
counterintelligence activities authorized by U.S. Law or Executive
Order or for the purpose of enforcing laws which protect the national
security of the United States.
NACIC-1
System name:
National Counterintelligence Center System of Records (NACIC-1).
Security classification:
The classification of individual records in the system range from
UNCLASSIFIED to TOP SECRET Codeword.
System location:
National Counterintelligence Center, 3W01 NHB, Washington, DC
20505
Categories of individuals covered by the system:
1. Individuals who are of foreign intelligence or foreign
counterintelligence interest and relate in any manner to foreign
intelligence threats to U.S. national and economic security;
2. Applicants for, and current and former personnel of NACIC who
are federal employees;
3. Individuals associated with NACIC administrative operations or
services including independent contractors, industrial contractor
employees, or individuals otherwise associated with such operations
and services;
4. And, any other individuals authorized access to NACIC
information and facilities.
Categories of records in the system:
1. Counterintelligence Damage Assessments and Incident Files:
Maintained by the NACIC Threat Assessment Office (TAO); records
include copies of the finished assessments of the damage to U.S.
intelligence sources and methods resulting from significant and
particular espionage cases as well as summaries of significant
counterintelligence incidents including the circumstances and
characteristics of the target, the circumstances of the event, and
the particular threat presented;
2. Compromised Names Database: Maintained by the NACIC Threat
Assessment Office (TAO); the database is utilized to notify U.S.
intelligence community personnel whose names were potentially
compromised as a result of espionage or other foreign intelligence
collection activity; the database contains the names of persons
potentially compromised, date of the memo sent to the person or their
employer informing them, and documentary reference(s) to the
compromised information;
3. Computer and Physical Security Files: Maintained by the NACIC
Executive Secretariat Office (ESO); records include the names,
passwords, accesses, and special accesses to both physical locations
and computer systems, relevant audit trails for such accesses, and
particular clearances and certifications of clearances;
4. Publication, Training and Seminar Files: Maintained by NACIC's
Program Integration Office (PIO) Community Training Branch; records
include letters of acceptance, enrollment forms, thank you letters,
lists of attendees, lists of speakers, notes, case studies, syllabi,
training packets, magazine or newspaper articles, and other records
used either for course development purposes or to facilitate the
presentation of seminars;
5. Personnel Files:
a. Specific types of personnel records are maintained by the
NACIC Front Office (FO); these records are maintained in individual
official personnel folders and include, inter alia, papers
documenting personnel actions, performance appraisals,
correspondence, travel documents, contracts, justifications,
memorandums, and administrative material;
b. A second type of personnel records is maintained by the NACIC
Executive Secretariat Office (ESO); these records are Memorandums of
Agreement between the detailee's parent organization and NACIC;
c. The third type of personnel records is maintained by the NACIC
Program Integration Office/Community Training Branch (PIO/CTB); these
records include the training documents;
6. Freedom of Information Act (FOIA)/Privacy Act (PA) Requests
and Legal Files: Files created in response to public requests for
information and/or amendment of records under the FOIA/PA, consisting
of the original request, a copy of the reply thereto, and all related
supporting files which may include the official file copy of
requested record or copy thereof; also, all similar records created
in response to administrative appeals and litigations predicated on
such initial requests;
7. Special Search Files: Files created in response to official
United States or foreign government requests for information which
may include requests from executive, congressional, judicial, or
diplomatic sectors consisting of the original tasking or request, a
copy of the reply thereto, and all related supporting files which may
include the official file copy of the requested record or copy
thereof.
Authority for maintenance of the system:
Section 506(a) of the Federal Records Act of 1950, codified at 44
U.S.C. 3101, and Title 36, Code of Federal Regulations, Chapter XII,
which require Federal agencies to insure that adequate and proper
records are made and preserved to document the organization,
functions, polices, decisions, procedures and transactions and to
protect the legal and financial rights of the Federal Government.
Purpose(s):
NACIC was established by Presidential directive for the purpose
of coordinating national level counterintelligence activities of the
United States. The purposes for the maintenance of these records
include: Coordinating national strategic CI planning efforts,
providing strategic guidance and assessing the effectiveness of CI
operations, facilitating the development of and implementing training
for the CI community, producing national-level foreign intelligence
threat assessments, and coordinating assessments of damage to U.S.
interests resulting from espionage cases.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
See Statement of General Routine Uses.
Disclosure to consumer reporting agencies:
None.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Files are maintained in computerized form and hard copy form;
computerized form may be stored in memory, on disk storage, on
computer tape, and/or on a computer printed listing.
Retrievability:
Names and related information are retrievable by automated or
hand search based on extant indices and automated capabilities
utilized in the normal course of business. Under applicable law and
regulations, NACIC may not permit any organization, public or
private, outside the NACIC to have direct access to NACIC files;
accordingly, all searchers of NACIC databases and paper files will be
performed on site, within NACIC space, by NACIC personnel.
Safeguards:
Records and databases are maintained in a restricted area within
NACIC and are accessed only by NACIC personnel. All employees are
checked to ensure that they hold currently valid security clearances,
are cautioned about divulging classified or other privileged
information contained in NACIC files, and are advised that failure to
abide by these provisions may constitute a violation of federal
criminal law and/or give rise to civil liability. Employees who
resign or retire are also cautioned about divulging information
acquired in their jobs. Registered mail is used to transmit routine
hard copy records while highly classified records are hand carried by
individuals holding appropriate security clearances. Highly
classified or sensitive privacy information, which is electronically
transmitted between NACIC and other offices, is transmitted in
encrypted form to prevent interception.
Retention and disposal:
Records evaluated as historical and permanent will be transferred
to the National Archives after established retention periods and
administrative needs of the NACIC have elapsed.
System manager(s) and address:
Information and privacy Coordinator, Executive Secretariat
Office, National Counterintelligence Center, 3W01 NHB, Washington, DC
20505.
Notification procedure:
See record access procedures, infra.
Record access procedures:
A request for access to a record from the system shall be made in
writing with the envelope and the letter clearly marked ``Privacy Act
Request.'' Your request should include your full name, complete
address, date of birth, place of birth, notarized signature (or
declaration under penalty of perjury), and other identifying data you
may wish to furnish to assist in making a proper search of NACIC
records. A request for access to records must describe the records
sought in sufficient detail to enable NACIC personnel to locate the
system of records containing the record with a reasonable amount of
effort. Whenever possible, a request for access should describe the
nature of the record sought, and the data of the record or the period
in which the record was compiled. The requester must also provide a
return address for transmitting the information. Requests for access
must be addressed to the System Manager as noted above.
Contesting record procedures:
Individuals desiring to contest or amend information maintained
in the system should also direct their request to the System Manager
as noted above. Such requests should delineate the information
believed to be incorrect and should include the information requested
to be substituted or added to the record.
Record source categories:
Record source categories include subject individuals pursuant to
notice, official records and information disseminated to NACIC by
other federal government entities, and official records and
information provided to NACIC by other entities including foreign,
state and local governments as well as individuals and business
entities.
Exemptions claimed for the system:
Notice is hereby given that NACIC intends to exempt from certain
provisions of the Privacy Act the following information pursuant to
the following specified authority:
(a) Records or portions of records in the physical possession of
NACIC which were originated by other federal agencies or which
contain information originated by such agencies shall be deemed to be
in the joint legal custody of and mutually maintained by both
agencies. Accordingly, NACIC shall apply any applicable exemptive
provisions when so informed by those agencies;
(b) Records or portions of records in the physical custody of
NACIC which would reveal intelligence sources and methods in
contravention of the National Security Act of 1947 are, pursuant to
the exemptions previously authorized by the Director of Central
Intelligence under the authority of section (j)(1), exempt from
disclosure of accounting (section (c)(3)), disclosure (section (d)),
notification of collection authority (section (e)(3) (A-D)), and
notification of existence of records (sections (e)(4)(G) and (f)(1));
in such instances where confirmation of the existence of a record may
itself jeopardize intelligence sources and methods, the Coordinator
must neither confirm nor deny the existence of the record and shall
advise the requester that there is no record which is available
pursuant to the Privacy Act;
(c) Records or portions of records in the physical custody of
NACIC which are currently and properly classified pursuant to
Executive Order 12958 (or predecessor or subsequent Order) are, under
the authority of section (k)(1), exempt from disclosure of accounting
(section (c)(3)), disclosure (section (d)), and notification of
existence of records (sections (e)(4)(G) and (f)(1));
(d) Records or portions of records in the physical custody of
NACIC which are investigatory in nature and compiled for law
enforcement purposes, other than material within the scope of section
(j)(2) of the Act, are, under the authority of section (k)(2), exempt
from disclosure (section (d)); provided however, that if an
individual is denied any right, privilege, or benefit to which he/she
is otherwise eligible, as a result of the maintenance of such
material, then such material shall be provided to that individual
except to the extent that the disclosure would reveal the identity of
a source who furnished the information to the United States
Government under an express promise of confidentiality, or, prior to
the effective date of this section, under an implied promise of
confidentiality;
(e) Records or portions of records in the physical custody of
NACIC which are maintained in connection with providing protective
services to the President of the United States or other individuals
pursuant to 18 U.S.C. section 3056 are, under the authority of
section (k)(3), exempt from disclosure (section (d));
(f) Records or portions of records in the physical custody of
NACIC which are required by statute to be maintained and used solely
as statistical records are, under the authority of section (k)(4),
exempt from disclosure (section (d));
(g) Records or portions of records in the physical custody of
NACIC which are investigatory in nature and compiled solely for the
purpose of determining suitability, eligibility, or qualifications
for federal civilian employment, military service, federal contracts,
or access to classified information are, under the authority of
section (k)(5), exempt from disclosure (section (d)); provided that
and only to the extent that disclosure would reveal the identity of a
source who furnished information to the United States Government
under an express promise of confidentiality, or, prior to the
effective date of this section, under an implied promise of
confidentiality;
(h) And, records or portions of records in the physical custody
of NACIC which are testing or examination material used solely to
determine individual qualifications for appointment or promotion in
the federal service are, under the authority of section (k)(6),
exempt from disclosure (section (d)); provided that and only to the
extent that disclosure would compromise the objectivity or fairness
of the testing or examination process.
NATIONAL COUNTERINTELLIGENCE CENTER
Chapter XVIII--National Counterintelligence Center
PART 1801--PUBLIC RIGHTS UNDER THE PRIVACY ACT OF 1974
Subpart A-General
Sec.
1801.1 Authority and purpose.
1801.2 Definitions.
1801.3 Contact for general information and requests.
1801.4 Suggestions and complaints.
Subpart B-Filing Of Privacy Act Requests
1801.11 Preliminary information.
1801.12 Requirements as to form.
1801.13 Requirements as to identification of requester.
1801.14 Fees.
Subpart C-Action On Privacy Act Requests
1801.21 Processing requests for access to or amendment of records.
1801.22 Action and determination(s) by originator(s) or any interested
party.
1801.23 Notification of decision and right of appeal.
Subpart D-Additional Administrative Matters
1801.31 Special procedures for medical and psychological records.
1801.32 Requests for expedited processing.
1801.33 Allocation of resources; agreed extensions of time.
Subpart E-Action On Privacy Act Administrative Appeals
1801.41 Appeal authority.
1801.42 Right of appeal and appeal procedures.
1801.43 Determination(s) by Office Chief(s).
1801.44 Action by appeals authority.
1801.45 Notification of decision and right of judicial review.
Subpart F-Prohibitions
1801.51 Limitations on disclosure.
1801.52 Criminal penalties.
Subpart G-Exemptions
1801.63 Specific exemptions.
Authority: 5 U.S.C. 552a.
Source:64 FR 49884, Sept. 14, 1999.
Subpart A-General
Sec. 1801.1 Authority and purpose.
(a) Authority. This part is issued under the authority of and in order
to implement the Privacy Act of 1974 (5 U.S.C. 552a) and section 102 of
the National Security Act of 1947, as amended (50 U.S.C. 403).
(b) Purpose in general. This part prescribes procedures for a
requester, as defined herein:
(1) To request notification of whether the National
Counterintellingence Center (NACIC) maintains a record concerning them
in any non-exempt portion of a system of records or any non-exempt
system of records;
(2) To request a copy of all non-exempt records or portions of
records;
(3) To request that any such record be amended or augmented; and
(4) To file an administrative appeal to any initial adverse
determination to deny access to or amend a record.
(c) Other purposes. This part also sets forth detailed limitations on
how and to whom NACIC may disclose personal information and gives notice
that certain actions by officers or employees of the United States
Government or members of the public could constitute criminal offenses.
Sec. 1801.2 Definitions.
For purposes of this part, the following terms have the meanings
indicated:
NACIC means the United States National Counterintelligence Center
acting through the NACIC Information and Privacy Coordinator;
Days means calendar days when NACIC is operating and specifically
excludes Saturdays, Sundays, and legal public holidays. Three (3) days
may be added to any time limit imposed on a requester by this part if
responding by U.S. domestic mail; ten (10) days may be added if
responding by international mail;
Control means ownership or the authority of NACIC pursuant to federal
statute or privilege to regulate official or public access to records;
Coordinator means the NACIC Information and Privacy Coordinator who
serves as the NACIC manager of the information review and release
program instituted under the Privacy Act;
Federal agency means any executive department, military department, or
other establishment or entity included in the definition of agency in 5
U.S.C. 552(f);
Interested party means any official in the executive, military,
congressional, or judicial branches of government, United States or
foreign, or U.S. Government contractor who, in the sole discretion of
NACIC, has a subject matter or physical interest in the documents or
information at issue;
Maintain means maintain, collect, use, or disseminate;
Originator means the U.S. Government official who originated the
document at issue or successor in office or such official who has been
delegated release or declassification authority pursuant to law;
Privacy Act or PA means the statute as codified at 5 U.S.C. 552a;
Record means an item, collection, or grouping of information about an
individual that is maintained by NACIC in a system of records;
Requester or individual means a citizen of the United States or an
alien lawfully admitted for permanent residence who is a living being
and to whom a record might pertain;
Responsive record means those documents (records) which NACIC has
determined to be within the scope of a Privacy Act request;
Routine use means, with respect to the disclosure of a record, the use
of such record for a purpose which is compatible with the purpose for
which the record is maintained;
System of records means a group of any records under the control of
NACIC from which records are retrieved by the name of an individual or
by some identifying number, symbol, or other identifying particular
assigned to that individual.
Sec. 1801.3 Contact for general information and requests.
For general information on this part, to inquire about the Privacy Act
program at NACIC, or to file a Privacy Act request, please direct your
communication in writing to the Information and Privacy Coordinator,
Executive Secretariat Office, National Counterintelligence Center, 3W01
NHB, Washington, DC 20505. Requests with the required identification
statement pursuant to Sec. 1801.13 must be filed in original form by
mail. Subsequent communications and any inquiries will be accepted by
mail or facsimile at (703) 874-5844 or by telephone at (703) 874-4121.
Collect calls cannot be accepted.
Sec. 1801.4 Suggestions and complaints.
NACIC welcomes suggestions or complaints with regard to its
administration of the Privacy Act. Letters of suggestion or complaint
should identify the specific purpose and the issues for consideration.
NACIC will respond to all substantive communications and take such
actions as determined feasible and appropriate.
Subpart B--Filing Of Privacy Act Requests
Sec. 1801.11 Preliminary information.
Members of the public shall address all communications to the contact
specified at Sec. 1801.3 and clearly delineate the communication as a
request under the Privacy Act and this regulation. Requests and
administrative appeals on requests, referrals, and coordinations
received from members of the public who owe outstanding fees for
information services at this or other federal agencies will not be
accepted and action on existing requests and appeals will be terminated
in such circumstances.
Sec. 1801.12 Requirements as to form.
(a) In general. No particular form is required. All requests must
contain the identification information required at Sec. 1801.13.
(b) For access. For requests seeking access, a requester should, to
the extent possible, describe the nature of the record sought and the
record system(s) in which it is thought to be included. Requesters may
find assistance from information described in the Privacy Act Issuances
Compilation which is published biennially by the Federal Register. In
lieu of this, a requester may simply describe why and under what
circumstances it is believed that NACIC maintains responsive records;
NACIC will undertake the appropriate searches.
(c) For amendment. For requests seeking amendment, a requester should
identify the particular record or portion subject to the request, state
a justification for such amendment, and provide the desired amending
language.
Sec. 1801.13 Requirements as to identification of requester.
(a) In general. Individuals seeking access to or amendment of records
concerning themselves shall provide their full (legal) name, address,
date and place of birth, and current citizenship status together with a
statement that such information is true under penalty of perjury or a
notarized statement swearing to or affirming identity. If NACIC
determines that this information is not sufficient, NACIC may request
additional or clarifying information.
(b) Requirement for aliens. Only aliens lawfully admitted for
permanent residence (PRAs) may file a request pursuant to the Privacy
Act and this part. Such individuals shall provide, in addition to the
information required under paragraph (a) of this section, their Alien
Registration Number and the date that status was acquired.
(c) Requirement for representatives. The parent or guardian of a minor
individual, the guardian of an individual under judicial disability, or
an attorney retained to represent an individual shall provide, in
addition to establishing the identity of the minor or individual
represented as required in paragraph (a) or (b) of this section,
evidence of such representation by submission of a certified copy of the
minor's birth certificate, court order, or representational agreement
which establishes the relationship and the requester's identity.
(d) Procedure otherwise. If a requester or representative fails to
provide the information in paragraph (a), (b), or (c) of this section
within forty-five (45) days of the date of our request, NACIC will deem
the request closed. This action, of course, would not prevent an
individual from refiling his or her Privacy Act request at a subsequent
date with the required information.
Sec. 1801.14 Fees.
No fees will be charged for any action under the authority of the
Privacy Act, 5 U.S.C. 552a, irrespective of the fact that a request is
or may be processed under the authority of both the Privacy Act and the
Freedom of Information Act.
Subpart C-Action On Privacy Act Requests
Sec. 1801.21 Processing requests for access to or amendment of
records.
(a) In general. Requests meeting the requirements of Sec. 1801.11
through Sec. 1801.13 shall be processed under both the Freedom of
Information Act, 5 U.S.C. 552, and the Privacy Act, 5 U.S.C. 552a, and
the applicable regulations, unless the requester demands otherwise in
writing. Such requests will be processed under both Acts regardless of
whether the requester cites one Act in the request, both, or neither.
This action is taken in order to ensure the maximum possible disclosure
to the requester.
(b) Receipt, recording and tasking. Upon receipt of a request meeting
the requirements of Secs. 1801.11 through 1801.13, NACIC shall within
ten (10) days record each request, acknowledge receipt to the requester,
and thereafter effect the necessary taskings to the office(s) reasonably
believed to hold responsive records.
(c) Effect of certain exemptions. In processing a request, NACIC shall
decline to confirm or deny the existence or nonexistence of any
responsive records whenever the fact of their existence or nonexistence
is itself classified under Executive Order 12958 and that confirmation
of the existence of a record may jeopardize intelligence sources and
methods protected pursuant to section 103(c)(6) of the National Security
Act of 1947. In such circumstances, NACIC, in the form of a final
written response, shall so inform the requester and advise of his or her
right to an administrative appeal.
(d) Time for response. Although the Privacy Act does not mandate a
time for response, our joint treatment of requests under both the
Privacy Act and the FOIA means that the NACIC should provide a response
within the FOIA statutory guideline of ten (10) days on initial requests
and twenty (20) days on administrative appeals. However, the volume of
requests may require that NACIC seek additional time from a requester
pursuant to Sec. 1801.33. In such event, NACIC will inform the requester
in writing and further advise of his or her right to file an
administrative appeal.
Sec. 1801.22 Action and determination(s) by originator(s) or any
interested party.
(a) Initial action for access. NACIC offices tasked pursuant to a
Privacy Act access request shall search all relevant record systems
within their cognizance. They shall:
(1) Determine whether responsive records exist;
(2) Determine whether access must be denied in whole or part and on
what legal basis under both Acts in each such case;
(3) Approve the disclosure of records for which they are the
originator; and
(4) Forward to the Coordinator all records approved for release or
necessary for coordination with or referral to another originator or
interested party as well as the specific determinations with respect to
denials (if any).
(b) Initial action for amendment. NACIC offices tasked pursuant to a
Privacy Act amendment request shall review the official records alleged
to be inaccurate and the proposed amendment submitted by the requester.
If they determine that NACIC's records are not accurate, relevant,
timely or complete, they shall promptly:
(1) Make the amendment as requested;
(2) Write to all other identified persons or agencies to whom the
record has been disclosed (if an accounting of the disclosure was made)
and inform of the amendment; and
(3) Inform the Coordinator of such decisions.
(c) Action otherwise on amendment request. If the NACIC office records
manager declines to make the requested amendment (or declines to make
the requested amendment) but agrees to augment the official records,
that manager shall promptly:
(1) Set forth the reasons for refusal; and
(2) Inform the Coordinator of such decision and the reasons therefore.
(d) Referrals and coordinations. As applicable and within ten (10)
days of receipt by the Coordinator, any NACIC records containing
information originated by other NACIC offices shall be forwarded to
those entities for action in accordance with paragraphs (a), (b), or (c)
of this section and return. Records originated by other federal agencies
or NACIC records containing other federal information shall be forwarded
to such agencies within ten (10) days of our completion of initial
action in the case for action under their regulations and direct
response to the requester (for other NACIC records) or return to NACIC
(for NACIC records).
(e) Effect of certain exemptions. This section shall not be construed
to allow access to systems of records exempted by the Director, NACIC
pursuant to subsections (j) and (k) of the Privacy Act or where those
exemptions require that NACIC can neither confirm nor deny the existence
or nonexistence of responsive records.
Sec. 1801.23 Notification of decision and right of appeal.
Within ten (10) days of receipt of responses to all initial taskings
and subsequent coordinations (if any), and dispatch of referrals (if
any), NACIC will provide disclosable records to the requester. If a
determination has been made not to provide access to requested records
(in light of specific exemptions) or that no records are found, NACIC
shall so inform the requester, identify the denying official, and advise
of the right to administrative appeal.
Subpart D--Additional Administrative Matters
Sec. 1801.31 Special procedures for medical and psychological
records.
(a) In general. When a request for access or amendment involves
medical or psychological records and when the originator determines that
such records are not exempt from disclosure, NACIC will, after
consultation with the Director of Medical Services, CIA, determine:
(1) Which records may be sent directly to the requester and
(2) Which records should not be sent directly to the requester because
of possible medical or psychological harm to the requester or another
person.
(b) Procedure for records to be sent to physician. In the event that
NACIC determines, in accordance with paragraph (a)(2) of this section,
that records should not be sent directly to the requester, NACIC will
notify the requester in writing and advise that the records at issue can
be made available only to a physician of the requester's designation.
Upon receipt of such designation, verification of the identity of the
physician, and agreement by the physician:
(1) To review the documents with the requesting individual,
(2) To explain the meaning of the documents, and
(3) To offer counseling designed to temper any adverse reaction, NACIC
will forward such records to the designated physician.
(c) Procedure if physician option not available. If within sixty (60)
days of paragraph (a)(2) of this section, the requester has failed to
respond or designate a physician, or the physician fails to agree to the
release conditions, NACIC will hold the documents in abeyance and advise
the requester that this action may be construed as a technical denial.
NACIC will also advise the requester of the responsible official and of
his or her rights to administrative appeal and thereafter judicial
review.
Sec. 1801.32 Requests for expedited processing.
(a) All requests will be handled in the order received on a strictly
``first-in, first-out'' basis. Exceptions to this rule will only be made
in circumstances that NACIC deems to be exceptional. In making this
determination, NACIC shall consider and must decide in the affirmative
on all of the following factors:
(1) That there is a genuine need for the records; and
(2) That the personal need is exceptional; and
(3) That there are no alternative forums for the records sought; and
(4) That it is reasonably believed that substantive records relevant
to the stated needs may exist and be deemed releasable.
(b) In sum, requests shall be considered for expedited processing only
when health, humanitarian, or due process considerations involving
possible deprivation of life or liberty create circumstances of
exceptional urgency and extraordinary need. In accordance with
established judicial precedent, requests more properly the scope of
requests under the Federal Rules of Civil or Criminal Procedure (or
equivalent state rules) will not be granted expedited processing under
this or related (e.g., Freedom of Information Act) provisions unless
expressly ordered by a federal court of competent jurisdiction.
Sec. 1801.33 Allocation of resources; agreed extensions of time.
(a) In general. NACIC components shall devote such personnel and other
resources to the responsibilities imposed by the Privacy Act as may be
appropriate and reasonable considering:
(1) The totality of resources available to the component,
(2) The business demands imposed on the component by the Director,
NACIC or otherwise by law,
(3) The information review and release demands imposed by the Congress
or other governmental authority, and
(4) The rights of all members of the public under the various
information review and disclosure laws.
(b) Discharge of Privacy Act responsibilities. Offices shall exercise
due diligence in their responsibilities under the Privacy Act and must
allocate a reasonable level of resources to requests under the Act in a
strictly ``first-in, first-out'' basis and utilizing two or more
processing queues to ensure that smaller as well as larger (i.e.,
project) cases receive equitable attention. The Information and Privacy
Coordinator is responsible for management of the NACIC-wide program
defined by this part and for establishing priorities for cases
consistent with established law. The Director, NACIC shall provide
policy and resource direction as necessary and shall render decisions on
administrative appeals.
(c) Requests for extension of time. While the Privacy Act does not
specify time requirements, our joint treatment of requests under the
FOIA means that when NACIC is unable to meet the statutory time
requirements of the FOIA, NACIC may request additional time from a
requester. In such instances NACIC will inform a requester of his or her
right to decline our request and proceed with an administrative appeal
or judicial review as appropriate.
Subpart E--Action On Privacy Act Administrative Appeals
Sec. 1801.41 Appeal authority.
The Director, NACIC will make final NACIC decisions from appeals of
initial adverse decisions under the Privacy Act and such other
information release decisions made under 32 CFR parts 1800, 1802, and
1803 of this chapter. Matters decided by the Director, NACIC will be
deemed a final decision by NACIC.
Sec. 1801.42 Right of appeal and appeal procedures.
(a) Right of Appeal. A right of administrative appeal exists whenever
access to any requested record or any portion thereof is denied, no
records are located in response to a request, or a request for amendment
is denied. NACIC will apprise all requesters in writing of their right
to appeal such decisions to the Director, NACIC through the Coordinator.
(b) Requirements as to time and form. Appeals of decisions must be
received by the Coordinator within forty-five (45) days of the date of
NACIC's initial decision. NACIC may, for good cause and as a matter of
administrative discretion, permit an additional thirty (30) days for the
submission of an appeal. All appeals to the Director, NACIC shall be in
writing and addressed as specified in Sec. 1801.3. All appeals must
identify the documents or portions of documents at issue with
specificity, provide the desired amending language (if applicable), and
may present such information, data, and argument in support as the
requester may desire.
(c) Exceptions. No appeal shall be accepted if the requester has
outstanding fees for information services at this or another federal
agency. In addition, no appeal shall be accepted if the information in
question has been the subject of an administrative review within the
previous two (2) years or is the subject of pending litigation in the
federal courts.
(d) Receipt, recording, and tasking. NACIC shall promptly record each
administrative appeal, acknowledge receipt to the requester in writing,
and thereafter effect the necessary taskings to the office chief in
charge of the office(s) which originated or has an interest in the
record(s) subject to the appeal.
Sec. 1801.43 Determination(s) by Office Chiefs.
Each Office Chief in charge of an office which originated or has an
interest in any of the records subject to the appeal, or designee, is a
required party to any appeal; other interested parties may become
involved through the request of the Coordinator when it is determined
that some or all of the information is also within their official
cognizance. These parties shall respond in writing to the Coordinator
with a finding as to the exempt or non-exempt status of the information
including citations to the applicable exemption and/or their agreement
or disagreement as to the requested amendment and the reasons therefore.
Each response shall be provided expeditiously on a ``first-in, first-
out'' basis taking into account the business requirements of the parties
and consistent with the information rights of members of the general
public under the various information review and release laws.
Sec. 1801.44 Action by appeals authority.
(a) Preparation of docket. The Coordinator shall provide a summation
memorandum for consideration of the Director, NACIC; the complete record
of the request consisting of the request, the document(s) (sanitized and
full text) at issue, and the findings of any concerned office chiefs or
designee(s).
(b) Decision by the Director, NACIC. The Director, NACIC shall
personally decide each case; no personal appearances shall be permitted
without the express permission of the Director, NACIC.
Sec. 1801.45 Notification of decision and right of judicial review.
(a) In general. The Coordinator shall promptly prepare and communicate
the decision of the Director, NACIC to the requester. With respect to
any decision to deny information or deny amendment, that correspondence
shall state the reasons for the decision, identify the officer
responsible, and include a notice of the right to judicial review.
(b) For amendment requests. With further respect to any decision to
deny an amendment, that correspondence shall also inform the requester
of the right to submit within forty-five (45) days a statement of his or
her choice which shall be included in the official records of NACIC. In
such cases, the applicable record system manager shall clearly note any
portion of the official record which is disputed, append the requester's
statement, and provide copies of the statement to previous recipients
(if any are known) and to any future recipients when and if the disputed
information is disseminated in accordance with a routine use.
Subpart F--Prohibitions
Sec. 1801.51 Limitations on disclosure.
No record which is within a system of records shall be disclosed by
any means of communication to any individual or to another agency,
except pursuant to a written request by, or with the prior written
consent of, the individual to whom the record pertains, unless
disclosure of the record would be:
(a) To those officers and employees of NACIC which maintains the
record who have a need for the record in the performance of their
duties;
(b) Required under the Freedom of Information Act, 5 U.S.C. 552;
(c) For a routine use as defined in Sec. 1801.02(m), as contained in
the Privacy Act Issuances Compilation which is published biennially in
the Federal Register, and as described in sections (a)(7) and (e)(4)(D)
of the Act;
(d) To the Bureau of the Census for purposes of planning or carrying
out a census or survey or related activity pursuant to the provisions of
U.S.C. Title 13;
(e) To a recipient who has provided NACIC with advance adequate
written assurance that the record will be used solely as a statistical
research or reporting record, and the record is to be transferred in a
form that is not individually identifiable;
(f) To the National Archives and Records Administration as a record
which has sufficient historical or other value to warrant its continued
preservation by the United States Government, or for evaluation by the
Archivist of the United States or designee to determine whether the
record has such value;
(g) To another agency or to an instrumentality of any governmental
jurisdiction within or under the control of the United States for a
civil or criminal law enforcement activity if the activity is authorized
by law, and if the head of that agency or instrumentality has made a
written request to NACIC specifying the particular information desired
and the law enforcement activity for which the record is sought;
(h) To a person pursuant to a showing of compelling circumstances
affecting the health or safety of an individual if upon such disclosure
notification is transmitted to the last known address of such
individual;
(i) To either House of Congress, or, to the extent of matter within
its jurisdiction, any committee or subcommittee thereof, any joint
committee of Congress or subcommittee of any such joint committee;
(j) To the Comptroller General or any of his authorized
representatives in the course of the performance of the duties of the
General Accounting Office; or
(k) To any agency, government instrumentality, or other person or
entity pursuant to the order of a court of competent jurisdiction of the
United States or constituent states.
Sec. 1801.52 Criminal penalties.
(a) Unauthorized disclosure. Criminal penalties may be imposed against
any officer or employee of NACIC who, by virtue of employment, has
possession of or access to NACIC records which contain information
identifiable with an individual, the disclosure of which is prohibited
by the Privacy Act or by these rules, and who, knowing that disclosure
of the specific material is so prohibited, willfully discloses the
material in any manner to any person or agency not entitled to receive
same.
(b) Unauthorized maintenance. Criminal penalties may be imposed
against any officer or employee of NACIC who willfully maintains a
system of records without meeting the requirements of section (e)(4) of
the Privacy Act, 5 U.S.C. 552a. The Coordinator and the Director of
NACIC are authorized independently to conduct such surveys and inspect
such records as necessary from time to time to ensure that these
requirements are met.
(c) Unauthorized requests. Criminal penalties may be imposed upon any
person who knowingly and willfully requests or obtains any record
concerning an individual from NACIC under false pretenses.
Subpart G--Exemptions
Sec. 1801.63 Specific exemptions.
Pursuant to authority granted in section (k) of the Privacy Act, the
Director, NACIC has determined to exempt from section (d) of the Privacy
Act those portions and only those portions of all systems of records
maintained by NACIC that would consist of, pertain to, or otherwise
reveal information that is:
(a) Classified pursuant to Executive Order 12958 (or successor or
prior Order) and thus subject to the provisions of 5 U.S.C. 552(b)(1)
and 5 U.S.C. 552a(k)(1);
(b) Investigatory in nature and compiled for law enforcement purposes,
other than material within the scope of section (j)(2) of the Act;
provided however, that if an individual is denied any right, privilege,
or benefit to which they are otherwise eligible, as a result of the
maintenance of such material, then such material shall be provided to
that individual except to the extent that the disclosure would reveal
the identity of a source who furnished the information to the United
States Government under an express promise of confidentiality, or, prior
to the effective date of this section, under an implied promise of
confidentiality;
(c) Maintained in connection with providing protective services to the
President of the United States or other individuals pursuant to 18
U.S.C. 3056;
(d) Required by statute to be maintained and used solely as
statistical records;
(e) Investigatory in nature and compiled solely for the purpose of
determining suitability, eligibility, or qualifications for federal
civilian employment, military service, federal contracts, or access to
classified information, but only to the extent that the disclosure of
such material would reveal the identity of a source who furnished
information to the United States Government under an express promise of
confidentiality, or, prior to the effective date of this section, under
an implied promise of confidentiality;
(f) Testing or examination material used solely to determine
individual qualifications for appointment or promotion in the federal
service the disclosure of which would compromise the objectivity or
fairness of the testing or examination process; or
(g) Evaluation material used to determine potential for promotion in
the armed services, but only to the extent that the disclosure of such
material would reveal the identity of a source who furnished information
to the United States Government under an express promise of
confidentiality, or, prior to the effective date of this section, under
an implied promise of confidentiality.
NATIONAL CREDIT UNION ADMINISTRATION
Table of Contents
1. Employee Suitability and Security Investigations Containing
Adverse Information, NCUA.
2. Grievance Records, NCUA.
3. Payroll Records System, NCUA.
4. Travel Advance and Voucher Information System, NCUA.
5. Unofficial Personnel and Employee Development/Correspondence
Records, NCUA.
6. Emergency Information (Employee) File, NCUA.
7. Employee Injury File, NCUA.
8. Investigative Reports Involving Any Crime, Suspected Crime or
Suspicious Activity Against a Credit Union, NCUA.
9. Freedom of Information Act and Privacy Act Requests and
Invoices, NCUA.
10. Liquidating Credit Union Records, NCUA.
11. Office of Inspector General (OIG) Investigative Records,
NCUA.
12. Consumer Complaints Against Federal Credit Unions, NCUA.
13. Litigation Case Files, NCUA.
Note: -- See Appendices for general ``routine uses'' applicable
to each system of records and for a listing of the locations of NCUA
Regional Offices.
NCUA-1
System name:
Employee Suitability and Security Investigations Containing
Adverse Information, NCUA.
System location:
Office of Human Resources, National Credit Union Administration,
1775 Duke Street, Alexandria, VA 22314-3428.
Categories of individuals covered by this system:
NCUA employees on whom a routine Office of Personnel Management
(OPM) security investigation has been conducted, the results of which
contain adverse information.
Categories of records in the system:
Arrest records and/or information on moral character, integrity,
or loyalty to the United States.
Authority for maintenance of the system:
Records maintained pursuant to OPM requirements. A separate
notice is published because these records are maintained separately
to provide extraordinary safeguards against unwarranted access and
disclosures.
Purpose(s):
The information in this system of records is used to assist in
the determination of the suitability of the effected individual for
initial or continued NCUA employment, or other necessary action.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) Records are reviewed by the NCUA Security Officer (the
Director of Human Resources). If the records are determined to be of
a substantive nature, they are referred to the appropriate Associate
Regional Director or Office Director for whatever action, if any, is
deemed necessary. (2) Standard routine uses as set forth in Appendix
A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained on paper hard copy.
Retrievability:
Records are indexed by name.
Safeguards:
Records are maintained in a locked file cabinet accessible only
to the Security Officer and his/her designated assistant.
Retention and disposal:
If the investigation is favorable to the employee, the record is
destroyed. If the investigation uncovers adverse information, the
record is held for two years.
System manager(s) and address:
Security Officer, Office of Human Resources, National Credit
Union Administration, 1775 Duke Street, Alexandria, VA 22314-3428.
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the system manager listed above. If there is no record
on the individual, the individual will be so advised.
Record access procedure:
Upon request, the system manager will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
system manager listed above.
Record source categories:
OPM Security Investigations Index, FBI Headquarters investigative
files, fingerprint index of arrest records, Defense Central Index of
Investigations, employers within the last five years, listed
references, and personal associates, school registrars and responsive
law enforcement agencies.
Systems exempted from certain provisions of the act:
In addition to any exemption to which this system is subject by
Notices published by or regulations promulgated by the OPM, the
system is subject to a specific exemption pursuant to 5 U.S.C.
552a(k)(5) to the extent that disclosures would reveal a source who
furnished information under an express promise of confidentiality, or
prior to September 27, 1975, under an express or implied promise of
confidentiality.
NCUA-2
System name:
Grievance Records, NCUA.
System location:
Office of Human Resources, National Credit Union Administration,
1775 Duke Street, Alexandria, Virginia 22314-3428.
Categories of individuals covered by the system:
Current or former Federal employees who have submitted grievances
with NCUA in accordance with part 771 of the OPM's regulations. These
case files contain all documents related to the grievance, including
statements of witnesses, reports of interviews and hearings,
examiners' findings and recommendations, a copy of the original and
final decision with related correspondence and exhibits.
Authority for maintenance of the system:
5 U.S.C. 1302, 3301, and 3302, E.O. 10577, 3 CFR 1954-1958 Comp.,
p. 218; E.O. 10987; 3 CFR 1959-1963 Comp., p. 519.
Purpose(s):
The information in this system is used in the Agency's formal
grievance process.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) Information is used by the appropriate Federal, State, or
local agency responsible for investigating, prosecuting, enforcing,
or implementing a statute, rule, regulation, or order where the
disclosing agency becomes aware of an indication of a violation or
potential violation of civil or criminal law or regulations. (2)
Information is used by any source from which additional information
is requested in the course of processing a grievance to the extent
necessary to identify the individual, inform the source of the
purpose(s) of the request, and identify the type of information
requested. (3) Information is used by a Federal agency in response to
its request in connection with the hiring or retention of an
employee, the issuance of a security clearance, the conducting of a
security or suitability investigation of an individual, the
classifying of jobs, the letting of a contract, or the issuance of a
license, grant, or other benefit by the requesting agency, to the
extent that the information is relevant and necessary to the
requesting agency's decision on the matter. (4) Information is used
by the congressional office from the record of an individual in
response to an inquiry from that congressional office made at the
request of that individual. (5) Information is used by another
Federal agency or by a court when the Government is party to a
judicial proceeding before the court. (6) Information is used by the
National Archives and Records Administration (General Services
Administration) in records management inspections conducted under
authority of 44 U.S.C. 2904 and 2906. (7) Information is used by NCUA
in the production of summary descriptive statistics and analytical
studies in support of the function for which the records are
collected and maintained, or for related work force studies. While
published statistics and studies do not contain individual
identifiers, in some instances, the selection of elements of data
included in the study may be structured in such a way as to make the
data individually identifiable by inference. (8) Information is used
by officials of the Office of Personnel Management, the Merit Systems
Protection Board, including the Office of the Special Counsel, the
Federal Labor Relations Authority and its General Counsel, or the
Equal Employment Opportunity Commission when requested in performance
of their authorized duties. (9) Information (that is relevant to the
subject matter involved in a pending judicial or administrative
proceeding) is used to respond to a request for discovery or for
appearance of a witness. (10) Information is used by officials of
labor organizations reorganized under the Civil Service Reform Act
when relevant and necessary to their duties of exclusive
representation concerning personnel policies, practices, and matters
affecting work conditions. (11) Standard routine uses as set forth in
appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained in file folders.
Retrievability:
Records are retrievable by the names of the individuals on whom
they are maintained.
Safeguards:
Records are maintained in lockable metal filing cabinets to which
only authorized personnel have access.
Retention and disposal:
Records are disposed of three (3) years after closing of the
case. Disposal is by shredding or burning.
System manager(s) and address:
Director, Office of Human Resources, National Credit Union
Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the system manager listed above. If there is no record
on the individual, the individual will be so advised.
Record access procedures:
Upon request, the system manager will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Request to amend or correct a record should be directed to the
system manager listed above.
Record source categories:
Individual on whom the record is maintained; testimony of
witness; agency officials; related correspondence from organization
or persons.
NCUA-3
System name:
Payroll Records System, NCUA.
System location:
(1) Office of the Chief Financial Officer, National Credit Union
Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.
(2) General Services Administration, Region VI, Kansas City,
Missouri.
Categories of individuals covered by the system:
Employees of NCUA.
Categories of records in the system:
Salary and related payroll data, including time and attendance
information.
Authority for maintenance of the system:
5 U.S.C. 703; 44 U.S.C. 3301.
Purpose(s):
This system documents time and attendance and ensures that
employees receive proper compensation.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) Information is used to ensure proper compensation to all NCUA
employees and to formulate financial reports and plans used within
the agency or is sent to the General Services Administration (GSA).
(2) Also, information is used to document time worked and provide a
record of attendance to support payment of salaries and use of
annual, sick, and nonpaid leave. (3) Users of the time and attendance
information include the employee's supervisor, the office's
timekeeper the payroll officer, and the GSA National Payroll Center
in Kansas City, Missouri. (4) Further information in this system is
used to make reportings to state and local taxing authorities. (5)
The names, social security numbers, home addresses, dates of birth,
dates of hire, quarterly earnings, employer identifying information,
and State of hire of employees may be disclosed to the Office of
Child Support Enforcement, Administration for Children and Families,
Department of Health and Human Services for the purpose of locating
individuals to establish paternity, establish or modify orders of
child support, identify sources of income and for other child support
enforcement actions as required by the Personal Responsibility and
Work Opportunity Reconciliation Act (Welfare Reform Law, Pub. L. 104-
193). (6) Standard routine uses as set forth in appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained in file folders.
Retrievability:
Records are retrieved by name or social security number.
Safeguards:
Records are maintained in secured offices, accessible by written
authorization only.
Retention and disposal:
Records are retained and disposed of in accordance with GSA
policy.
System manager(s) and address: Primary:
Payroll Officer, Office of the Chief Financial Officer, National
Credit Union Administration, 1775 Duke Street, Alexandria, Virginia
22314-3428.
Secondary:
Office Timekeepers, National Credit Union Administration, Central
Office (1775 Duke Street, Alexandria, Virginia 22314-3428) and
Regional Offices (see Appendix B for Regional Offices' addresses).
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the system manager listed above. If there is no record
on the individual, the individual will be so advised.
Record access procedures:
Upon request, the system manager will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
system manager listed above.
Record source categories:
Information is primarily obtained from the individual whom the
record concerns, the Office of Personnel Management, and the GSA.
Also, time and attendance information is prepared and submitted by
the timekeeper in a given employee's office.
NCUA-4
System name:
Travel Advance and Voucher Information System, NCUA.
System location:
Office of the Chief Financial Officer, National Credit Union
Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.
Some relocation files are maintained in the Office of Administration,
at the same address.
Categories of individuals covered by the system:
All NCUA employees who have traveled or relocated in the course
of performing their duty and who have been reimbursed for the expense
of such travel.
Categories of records in the system:
This system contains information from the following forms: Travel
Vouchers (NCUA 1012), Relocation Travel Order (NCUA 1617) Application
for Travel Advance (NCUA 1371), and Travel Voucher Cover Sheet (NCUA
1364), Agreement to Remain in Federal Service (NCUA 1030), Statement
of Difference (NCUA 1310), Repayment of Travel Advance (NCUA 1372).
Authority for maintenance of the system:
5 U.S.C. 5701-5752; Executive Order 11609 (July 22, 1971);
Executive Order 11012 (March 27, 1962); 5 U.S.C. 4101-4118; Federal
Travel Regulations, FPMR 101-7, Chapter 2, Section 6.3.
Purpose(s):
The purpose of this system is to provide documentary support for
reimbursements to employees.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) Records are used to provide documentary support for
reimbursements to employees for on-the-job and relocation travel
expenses. (2) Users of the information include first and second line
supervisors, NCUA accounting staff, and budgeting staff. (3) Standard
routine uses as set forth in appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored in paper hard copy form and in a computer
system.
Retrievability:
Records are retrievable by social security number.
Safeguards:
The paper hard copy records are maintained in secured offices.
The computer disc is located in a secured office and its access is
limited to user employees who know the logical identification access
number.
Retention and disposal:
Records are maintained in the Division of Accounting Services
until the annual GAO audit is completed. After the audit, the paper
hard copy records are stored in a Federal Records Center for a
minimum of three years and the computer disc is purged.
System manager(s) and address:
Director, Accounting Services Division, Office of the Chief
Financial Officer, National Credit Union Administration, 1775 Duke
Street, Alexandria, Virginia 22314-3428.
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the system manager listed above. If there is no record
on the individual, the individual will be so advised.
Record access procedures:
Upon request, the system manager will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
system manager listed above.
Record source categories:
Records are prepared by the individual whom the record concerns.
NCUA-5
System name:
Unofficial Personnel and Employee Development/Correspondence
Records, NCUA.
System location:
For employees of a regional office, the system is located at the
regional office where the employee is assigned, National Credit Union
Administration, (See appendix B for addresses of Regional Offices).
For employees of the central office, the system is located at the
assigned office, National Credit Union Administration, 1775 Duke
Street, Alexandria, Virginia 22314-3428.
Categories of individuals covered by the system:
NCUA employees.
Categories of records in the system:
The system contains information on NCUA employees assigned to the
particular regional or central office related to some or all of the
following areas: Name; address; telephone number; birthdate;
ethnicity and gender codes; cu grade; employee identification number;
work performance appraisals; district management; chartering efforts;
reactions from credit union officials; individual development plans;
supply and equipment information; for new examiners, bi-weekly
training reports, training progress reports and training evaluations;
work product samples; suggestions; awards; data on time and
attendance, leave and pay; memos or notations and evaluations by
superiors or others; and copies of personnel, travel and grievance
records.
Authority for maintenance of the system:
5 U.S.C. 301; 44 U.S.C. 3301.
Purpose(s):
Information is used for recording time, attendance and leave,
controlling equipment inventories, contacting employees; evaluating
and training staff, evaluating work progress; and for general
administrative matters. For new examiners, training information is
used to determine the examiner's retention or termination after 23
weeks of on-the-job training.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) The information in this system may be disclosed to the United
States Office of Personnel Management, the Merit Systems Protection
Board, the Office of Special Counsel, the Equal Employment
Opportunity Commission, the Federal Labor Relations Authority, the
General Services Administration or an arbitrator or agent, to the
extent the disclosure is needed to carry out the government-wide
personnel management, investigatory, adjudicatory and appellate
functions within their respective jurisdictions, or to obtain
information. (2) The information in this system may be disclosed to
federal, state, local or professional licensing boards or Boards of
Medical Examiners, when such records reflect on the qualifications of
an licensed individual or an individual seeking to be licensed. (3)
This information is used to generate a telephone directory for all
NCUA employees. (4) Standard routine uses as set forth in appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained on paper hard copy. Some records are also
maintained on computer systems electronically.
Retrievability:
Records are indexed alphabetically by name.
Safeguards:
Physical security consists of maintaining records in locked metal
file cabinets within secured offices and password protected computer
systems.
Retention and disposal:
Current and relevant information is maintained generally for a
period of at least one to two years. Obsolete material is maintained
in the same file cabinets and is periodically destroyed or returned
to the originator.
System manager(s) and address:
For employees assigned to a regional office the system manager is
the Administrative Officer, Regional Office, National Credit Union
Administration. (See appendix B for addresses of Regional Offices).
For employees assigned to an office within the central office, the
system manager is the Office Director, National Credit Union
Administration, 1775 Duke Street, Alexandria, Virginia 22314.
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the Regional Director where the system is located. If
there is no record on the individual, the individual will be so
advised.
Record access procedures:
Upon request, the Regional Director will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
Regional Director.
Record source categories:
Sources may include the individual whom the record concerns,
supervisors of the individual, fellow employees, credit union
officials, administrative officer or office assistant, and other
persons whom the individual may encounter in the course of work
performance. For payroll- and personnel-related information, the
sources may include the General Service Administration and Office of
Human Resources.
NCUA-6
System name:
Emergency Information (Employee) File, NCUA.
System location:
For employees of a regional office, the system is located at the
regional office where the employee is assigned, National Credit Union
Administration, (See appendix B for addresses of Regional Offices).
For employees of the central office, the system is located at the
assigned office, National Credit Union Administration, 1775 Duke
Street, Alexandria, Virginia 22314-3428.
Categories of individuals covered by the system:
This system contains personal information on the NCUA employee,
such as height, weight, hair color, eye color, current address, and
telephone number. Also, this system identifies the individual to
contact in case of an emergency involving the employee.
Authority for maintenance of the system:
5 U.S.C. 301.
Purpose(s):
The information in this system is used to create employee
identification cards and in case of emergency.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) The information on the individual to contact in cases of
emergency may be disclosed in case of emergency to any federal, state
or local authority responding to the emergency. (2) In the event of
an emergency, the information may be disclosed to the individual
listed as a contact in case of emergency, or other person identified
as a family member of the employee. (3) The Security Officer
maintains a list of all employees, with their addresses and telephone
numbers. This list is updated as necessary. The listed information is
used to contact the employee if there is a national emergency. (4)
Standard routine uses as set forth in appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored on paper hard copy.
Retrievability:
Records are indexed alphabetically by name.
Safeguards:
Records are maintained in locked file drawer.
Retention and disposal:
Records are disposed of after an employee is separated from the
agency.
System manager(s) and address:
(1) For employees of a regional office, the system manager is the
regional director of the regional office where the employee is
assigned, National Credit Union Administration, (See appendix B for
addresses of Regional Offices). For employees of the central office,
the system manager is the Office Director of the assigned office,
National Credit Union Administration, 1775 Duke Street, Alexandria,
Virginia, 22314-3428. (2) Security Officer, Administrative Office, at
the same address above.
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the appropriate system manager listed above. If there
is no record on the individual, the individual will be so advised.
Record access procedures:
Upon request, the system manager will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
appropriate system manager listed above.
Record source categories:
Individual on whom the record is maintained.
NCUA-7
System name:
Employee Injury File, NCUA.
System location:
Office of Human Resources, National Credit Union Administration,
1775 Duke Street, Alexandria, Virginia 22314-3428.
Categories of individuals covered by the system:
Any employee who has sustained a job-related injury or disease.
Categories of records in the system:
Copies of reports submitted by individual who has sustained a
job-related injury or disease. Copies of any further claims made
regarding the same injury or disease or any other material required
for documenting and adjudicating the claim.
Authority for maintenance of the system:
Occupational Safety and Health Act of 1970, 29 CFR part 1960.
Purpose(s):
This information is maintained to provide data to the Department
of Labor, when needed, for adjudication of a claim, and to prepare
reports as required by the Department of Labor.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) Information is disclosed to the Department of Labor. (2)
Standard routine use as set forth in appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored on paper in file cabinets.
Retrievability:
Records are indexed by NCUA Region, and date of injury.
Safeguards:
Records are maintained in locked file drawer.
Retention and disposal:
Records are disposed five years after the year to which they
relate.
System manager(s) and address:
Director, Office of Human Resources, National Credit Union
Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the system manager listed above. If there is no record
on the individual, then individual will be so advised.
Record access procedures:
Upon request, the system manager will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
system manager listed above.
Record source categories:
Individual on whom the record is maintained; superiors of
individual; individual's physician; hospital attending individual;
Department of Labor.
NCUA-8
System name:
Investigative Reports Involving Any Crime, Suspected Crime or
Suspicious Activity Against a Credit Union, NCUA.
System location:
Office of General Counsel, National Credit Union Administration,
1775 Duke Street, Alexandria, VA 22314-3428. Computerized records of
Suspicious Activity Reports (SAR), with status updates, are managed
by the Financial Crimes Enforcement Network (FinCEN), Department of
the Treasury, pursuant to a contractual agreement, and are stored in
Detroit, Michigan. Authorized personnel at NCUA's Central Office and
six regional offices have on-line access to the computerized database
managed by FinCEN through individual work stations that are linked to
the database central computer.
Categories of individuals covered by the system:
Directors, officers, committee members, employees, agents, and
persons participating in the conduct of the affairs of federally
insured credit unions who are reported to be involved in suspected
criminal activity or suspicious financial transactions and are
referred to law enforcement officials; and other individuals who have
been involved in irregularities, violations of law, or unsafe or
unsound practices referenced in documents received by the NCUA in the
course of exercising its supervisory functions.
Categories of records in the system:
Inter- and intra-agency correspondence, memoranda and reports.
The SAR contains information identifying the credit union involved,
the suspected person, the type of suspicious activity involved, and
any witnesses.
Authority for maintenance of the system:
12 U.S.C. 1786 and 1789.
Purpose(s):
The overall system serves as a NCUA repository for investigatory
or enforcement information related to its responsibility to examine
and supervise federally insured credit unions. The system maintained
by FinCEN serves as the database for the cooperative storage,
retrieval, analysis, and use of information relating to Suspicious
Activity Reports made to or by the NCUA Board, the Federal Reserve
Board, the Office of the Comptroller of the Currency, the Federal
Deposit Insurance Corporation, the Office of Thrift Supervision,
(collectively, the federal financial regulatory agencies), and FinCEN
to various law enforcement agencies for possible criminal, civil, or
administrative proceedings based on known or suspected violations
affecting or involving persons, financial institutions, or other
entities under the supervision or jurisdiction of such federal
financial regulatory agencies.
Routine uses of records maintained in the system, including
categories of users, and the purposes of such uses:
Information in these records may be used to:
(1) Determine if any further agency action should be taken. (2)
Provide the federal financial regulatory agencies and FinCEN with
information relevant to their operations; (3) Disclose information to
third parties during the course of an investigation to the extent
necessary to obtain information pertinent to the investigation; (4)
With regard to formal or informal enforcement actions; release
information pursuant to 12 U.S.C. 1786(s), which requires the NCUA
Board to publish and make available to the public final orders and
written agreements, and modifications thereto; and (5) Standard
routine uses as set forth in appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
The records will be maintained in electronic data processing
systems and paper files.
Retrievability:
Computer output and file folders are retrievable by indexes of
data fields, including name of the credit union, NCUA Region, and
individuals' names.
Safeguards:
Paper records and word processing discs are stored at the NCUA in
lockable metal file cabinets. The database maintained by FinCEN
complies with applicable security requirements of the Department of
the Treasury. On-line access to the information in the database is
limited to authorized individuals who have been designated by each
federal financial regulatory agency and FinCEN, and each such
individual has been issued a nontransferable identifier or password.
Retention and disposal:
Records are maintained indefinitely.
System manager(s) and address:
General Counsel, NCUA, 1775 Duke Street, Alexandria, VA 22314-
3428.
Notification procedure:
Inquiries should be sent to the System Manager as noted above.
Record access procedures:
Same as ``Notification procedure'' above.
Contesting records procedures:
Same as ``Notification procedure'' above.
Record source categories:
Information received by the NCUA Board from various sources,
including, but not limited to law enforcement and other agency
personnel involved in sending inquiries to the NCUA Board, NCUA
examiners, credit union officials, employees, and members. The
information maintained by FinCEN is compiled from SAR and related
historical and updating forms compiled by financial institutions, the
NCUA Board, and the other federal financial regulatory agencies for
law enforcement purposes.
System exempted from certain provisions of the act:
This system is exempt from 5 U.S.C. 552a(c)(3), (d)(1), (d)(2),
(d)(3), (d)(4), (e)(1), (e)(4) (G), (H) and (I), and (f) of the
Privacy Act pursuant to 5 U.S.C. 552a(k)(2).
NCUA-9
System name:
Freedom of Information and Privacy Act Requests and Invoices,
NCUA.
System location:
For requests processed by the central office, the system is
located at the Office of General Counsel, National Credit Union
Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.
For requests processed by a regional office, the system is located at
the regional office (See appendix B for a list of addresses of the
regional offices.) For requests processed by the Office of Inspector
General, the system is located in the Office of the Inspector
General, National Credit Union Administration, 1775 Duke Street,
Alexandria, Virginia 22314. For requests processed by the Asset
Management and Assistance Center, the system is located at AMAC, 4807
Spicewood Springs Road, Austin, Texas 78759.
Categories of individuals covered by the system:
This system of records includes information pertaining to any
Freedom of Information Act (FOIA) or Privacy Act requester.
Categories of records in the system:
The system may contain the requester's name, company name or
organization, address, date of request, invoice number, amount due,
phone number, social security or tax identification number,
description of information requested and documents located or result
of search for documents.
Authority for maintenance of the system:
12 U.S.C. 1789, 5 U.S.C. 552, 5 U.S.C. 552a.
Purpose(s):
Records in this system are used to process requests received.
These records may be used by the NCUA for collection of the amount
due, as well as to identify subsequent requests made by the same
individuals.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) The information may be disclosed to a consumer reporting
agency. The information disclosed to a consumer reporting agency is
limited to: (a) Information necessary to establish the identity of
the individual, including name, address, and social security or
taxpayer identification number; (b) the amount, status, and history
of the claim; and (c) the agency or program under which the claim
arose.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are maintained on paper hard copy and computer disk.
Retrievability:
Records in this system are retrievable by requester's name,
company name or organization, date of request, category of requester
or invoice number.
Safeguards:
Physical security consists of storing records on a password
protected computer database and a hard copy secured in a metal file
cabinet which is accessible only to those individuals responsible for
processing requests and collecting outstanding payments.
Retention and disposal:
Records are retained for various periods depending on the
determination made on the request, but normally no greater than six
years following the year in which the request was processed.
System manager(s) and address:
For requests processed at the central office, the system manager
is the Freedom of Information Act Officer, Office of General Counsel,
National Credit Union Administration, 1775 Duke Street, Alexandria,
Virginia 22314. For requests processed in a regional office, the
system manager is the Regional Director (See appendix B for a list of
addresses of the regional offices.) For requests processed by the
Office of Inspector General, the system manager is the Inspector
General, National Credit Union Administration, 1775 Duke Street,
Alexandria, Virginia 22314. For requests processed by the Asset
Management and Assistance Center, the system manager is the
President, AMAC, 4807 Spicewood Springs Road, Austin, Texas 78759.
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the system manager listed above. If there is no record
on the individual, the individual will be so advised.
Record access procedures:
Upon request, the system manager will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
system manager listed above.
Record source categories:
The sources of records for this system of records are the FOIA
and Privacy Act request files.
NCUA-10
System name:
Liquidating Credit Union Records System, NCUA.
System location:
Information within this system of records is located at the Asset
and Management Assistance Center (AMAC) 4807 Spicewood Springs Road,
Suite 5100, Austin, Texas 78759.
Categories of individuals covered by the system:
Members, employees and creditors of liquidating federally-insured
credit unions.
Categories of records in the system:
Share and account records; personal data regarding income and
debts; payment or employment history; accounts payable records.
Authority for maintenance of the system:
12 U.S.C. 1787.
Purpose(s):
The information in this system is used to determine insurance,
collect loan amounts due and for all purposes necessary to close out
the affairs of the liquidated credit union.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) Information is used for payment of insurance claims to
shareholders in liquidating federally-insured credit unions. (2)
Information is used in the collection of outstanding loans, which may
include referral of information to third party servicer providers or
potential purchasers of the loans. (3) Information is used for all
purposes necessary to close out the affairs of the liquidated credit
union and carry out all appropriate liquidation-related functions of
NCUA. (4) Information may be disclosed to address locators or a
surety company in pursuit of a fidelity bond claim. (5) Information
on unclaimed insured shares is included in a database on the NCUA web
site after other efforts to locate account holders have failed. (6)
Information may be disclosed to the appropriate federal, state or
local government agency, such as the Internal Revenue Service, if
required by law or regulation or upon appropriate request. (7)
Standard routine uses as set forth in Appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
This information is maintained on computer databases and hard
copy. Copies of share and loan documents, incoming payments, and loan
portfolios may also be maintained on microfilm copy.
Retrievability:
Information is indexed by name of individual and by name of
closed insured credit union.
Safeguards:
Information is maintained in secured offices and in password
protected computer databases.
Retention and disposal:
Information is disposed of when no longer needed or within seven
years after date of charter cancellation.
System manager(s) and address:
President, AMAC, 4807 Spicewood Springs Road, Suite 5100, Austin,
Texas 78759.
Notification procedure:
An individual may inquire as to whether the system contains
information pertaining to the individual by addressing a request in
person or by mail to the system manager listed above. If there is no
information on the individual, the individual will be so advised.
Written inquiries should include name of inquirer, name of closed
insured credit union of which inquirer was a member, and share and
loan account numbers, if known.
Record access procedures:
Upon request, the system manager will set forth the procedures
for gaining access to available information.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
system manager listed above. Record source categories: Information is
obtained from outside address locators; share and loan account files
of the liquidating credit union of which the individual was a member;
third party service providers; and credit bureaus.
NCUA-11
System name:
Office of Inspector General (OIG) Investigative Records, NCUA.
System location:
Office of Inspector General, NCUA, 1775 Duke Street, Alexandria,
VA 22314-3428.
Categories of individuals covered by the system:
Subjects of investigation, complainants, and witnesses referred
to in complaints or actual investigative cases, reports, accompanying
documents, and correspondence prepared by, compiled by, or referred
to the OIG.
Categories of records in the system:
The system is comprised of paper files of all OIG and some
predecessor Office of Internal Auditor reports, correspondence,
cases, matters, cross-indices, memoranda, materials, legal papers,
evidence, exhibits, data, and workpapers pertaining to all closed and
pending investigations and inspections.
Authority for maintenance of the system:
The Inspector General Act of 1978, as amended, 5 U.S.C. App.3; 12
U.S.C. 1766.
Purpose(s):
Records in this system document the investigative work of the
Office of Inspector General.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
The National Credit Union Administration Office of Inspector
General (OIG) may disclose information contained in a record in this
system of records without the consent of the individual if the
disclosure is compatible with the purpose for which the record was
collected, under the following routine uses. (1) The OIG may disclose
information from this system of records as a routine use to any
public or private source, including a federal, state, or local agency
maintaining civil, criminal, or other relevant enforcement
information or other pertinent information, but only to the extent
necessary for the OIG to obtain information from those sources
relevant to an OIG investigation, audit, inspection, or other
inquiry. (2) The OIG may disclose information from this system of
records as a routine use to the Department of Justice to the extent
necessary to obtain its legal advice on any matter relevant to an OIG
investigation, audit, inspection, or other inquiry related to the
responsibilities of the OIG. (3) The OIG may disclose information to
other federal entities, such as other Offices of Inspector General,
to the General Accounting Office, or to a private party with which
the OIG or the NCUA has contracted or with which it contemplates
contracting, for the purpose of auditing or reviewing the performance
or internal management of the OIG's investigative program, or for
performing any other functions or analyses that facilitate or are
relevant to an OIG investigation, audit, inspection or other inquiry.
Such contractor or private firm shall be required to maintain Privacy
Act safeguards with respect to such information. (4) The OIG may
disclose information from this system of records to any federal,
state, local, or foreign agency maintaining civil, criminal, or other
relevant enforcement or other pertinent records, or to another public
authority or professional organization, if necessary to obtain
information relevant to an OIG decision concerning the retention of
an employee or other personnel action (other than hiring), the
retention of a security clearance, the letting of a contract, or the
issuance or retention of a grant or other benefit. (5) The OIG may
disclose information in this system to federal, state, local or
professional licensing boards or Boards of Medical Examiners, when
such records reflect on the qualifications of an licensed individual
or an individual seeking to be licensed. (6) The OIG may disclose
information from this system of records for the purposes set forth in
Appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Information contained in this system is stored manually in files.
Retrievability:
Information is retrieved in files by case number, general subject
matter, or name of the subject of investigation.
Safeguards:
Case reports and workpapers are maintained in approved security
containers and locked filing cabinets in a locked room. Associated
paper records are stored in locked metal filing cabinets, safes, or
similar secure facilities.
Retention and disposal:
Investigative Case Files
1. Case files are normally destroyed when they are 5 years old.
2. Significant cases (those that result in national media
attention, congressional investigation, or substantive changes in
agency policy or procedures)--To be determined by the National
Archives and Records Administration on a case-by-case basis.
System manager(s) and address:
Inspector General, National Credit Union Administration, 1775
Duke Street, Alexandria, VA 22314-3428.
Notification procedure:
This system of records is generally exempt from the notice,
access, and amendment requirements of the Privacy Act. However, the
NCUA will entertain written requests to the systems manager on a case
by case basis for notification regarding whether this system of
records contains information about an individual. Requests should be
marked ``Privacy Act request,'' and should state the name and address
of the requester, and provide a notarized statement, or other
documentation, e.g., copy of a driver's license, attesting to the
individual's identity. Requests submitted on behalf of other persons
must include their written authorizations. Such requests in the form
prescribed may also be presented in person at the Office of Inspector
General, National Credit Union Administration, 1775 Duke Street,
Alexandria, VA 22314-3428. Simultaneously with requesting
notification of inclusion in his system of records, the individual
may request record access as described in this section.
Record access procedures:
Same as ``Notification procedure.''
Contesting record procedures:
Same as ``Notification procedure.''
Record source categories:
The OIG collects information from many sources, including the
subject individuals, employees of the NCUA, other government
employees, and witnesses and informants, and non-governmental
sources.
Systems exempted from certain provisions of the act:
Pursuant to 5 USC 552a(j)(2), this system of records is exempt
from subsections (c)(3) and (4), (d), (e)(1), (e)(2), (e)(3),
(e)(4)(G), (e)(4)(H), (e)(4)(I), (e)(5), (e)(8), (f) and (g) of the
Act. This exemption applies to information in the system that relates
to criminal law enforcement and meets the criteria of the (j)(2)
exemption. Pursuant to 5 USC 552(k)(2), to the extent that the system
contains investigative material compiled for law enforcement
purposes, other than material within the scope of subsection (j)(2),
this system of records is exempt from 5 USC 552a(c)(3), (d), (e)(1),
(e)(4)(G), (H), and (I), and (f). The exemption rule is contained in
12 CFR 792.34 of the NCUA regulations.
NCUA-12
System name:
Consumer Complaints Against Federal Credit Unions, NCUA.
System location:
Information is maintained in NCUA's six regional offices (see
appendix B for regional office locations).
Categories of individuals covered by the system:
Persons who submit complaints concerning operating federal credit
unions.
Categories of records in the system:
Complaint letters, investigation reports, and related
correspondence concerning the complainants and the federal credit
union involved.
Authority for maintenance of the system:
12 U.S.C. 1766(i)(1) and 1789(a)(7); 5 U.S.C. 301; 15 U.S.C.
1601-1693.
Purpose(s):
This system documents the number and type of consumer complaints
received and processed by NCUA.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) Information may be disclosed to officials of Federal credit
unions and other persons mentioned in a complaint or identified
during an investigation. (2) Disclosures may be made to the Federal
Reserve Board, other federal financial regulatory agencies, the
Federal Financial Institutions Examination Council, the White House
Office of Consumer Affairs, and the Congress or any of its authorized
committees in fulfilling reporting requirements or assessing
implementation of applicable laws and regulations. (Such disclosures
will be made in a nonidentifiable manner when feasible and
appropriate.) (3) Referrals may also be made to other federal and
nonfederal supervisory or regulatory authorities when the subject
matter is a complaint or inquiry which is more properly within such
agency's jurisdiction. (4) Standard routine uses as set forth in
appendix A.
Policies and practices for storing, retrieving, accessing,
retaining, and disposing of records in the system:
Storage:
Records are stored on paper or computer database.
Retrievability:
Records are retrievable from files by federal credit union name,
by complainant name, or assigned control number.
Safeguards:
Records are maintained in secured offices in either a file
cabinet or on a password protected computer system.
Retention and disposal:
Records are retained for three years, then destroyed. Consumer's
name, federal credit union's name, subject of complaint, date
received, and date resolved are kept until no longer needed.
System manager(s) and address:
The System Manager is the Regional Director in the regional
office where the complaint was processed. (See appendix B for
Regional Office addresses.)
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the system manager listed above. If there is no record
on the individual, the individual will be so advised.
Record access procedures:
Upon request, the system manager will set forth the procedures
for gaining access to available records.
Contesting record procedures:
Request to amend or correct a record should be directed to the
system manager listed above.
Record source categories:
Complainant (and his or her representative, which may include,
e.g., a member of Congress or an attorney); federal credit union
officials; employees and members of the credit union involved; and
NCUA examiners and central files on federal credit unions.
NCUA-13
System name:
Litigation Case Files, NCUA.
System location:
Office of General Counsel, National Credit Union Administration,
1775 Duke Street, Alexandria, Virginia 22314-3428.
Categories of individuals covered by the system:
Records are maintained in files by the case name of individuals
who are: The subject of NCUA investigations made in contemplation of
legal action; involved in civil litigation with NCUA or involved in
administrative proceedings; involved in litigation of interest to
NCUA; or pursuing tort claims.
Categories of records in the system:
Records in case files include: Investigative reports relating to
possible felonies or violations of the Federal Credit Union Act;
transcripts of testimony or affidavits; documents and other
evidentiary matters, pleadings and other documents filed in court;
orders filed or issued in civil, administrative or criminal
proceedings; correspondence relating to investigatory or litigation
matters; information provided by the individual under investigation
or from a federal credit union; and other memoranda gathered and
prepared by staff in performance of their duties.
Authority for maintenance of the system:
12 U.S.C. 1766, 1786, 1787, and 1789; 28 U.S.C. 2671-2680.
Purpose(s):
This system documents the preparation and progress of legal
proceedings and investigations conducted by the Office of General
Counsel.
Routine uses of records maintained in the system, including
categories of users and the purposes of such uses:
(1) The staff of the Office of General Counsel may use such
records to render legal advice concerning investigations or courses
of legal action; to represent NCUA in all judicial and administrative
proceedings in which NCUA or any of its employees who, within the
scope of employment and in an official capacity, is a party; or to
intervene as an amicus curiae. (2) The information in this system may
be disclosed to federal, state, local or professional licensing
boards or Boards of Medical Examiners, when such records reflect on
the qualifications or fitness of a licensed individual or an
individual seeking to be licensed. (3) Standard routine uses set
forth in appendix A.
System manager(s) and address:
General Counsel, National Credit Union Administration, 1775 Duke
Street, Alexandria, Virginia 22314-3428.
Notification procedure:
An individual may inquire as to whether the system contains a
record pertaining to the individual by addressing a request in person
or by mail to the system manager listed above. If there is no record
on the individual, the individual will be so advised.
Record access procedures:
Requests to amend or correct a record should be directed to the
system manager listed above.
Contesting record procedures:
Requests to amend or correct a record should be directed to the
system manager listed above.
Record source categories:
Record source categories vary depending upon the legal issue but
generally are obtained from the following: NCUA staff and internal
agency memoranda; federal employees and private parties involved in
torts; contracts; federal credit union files or officials; general
law texts and sources; law enforcement officers; witnesses and
others; administrative and court pleadings, transcripts or judicial
orders/decisions; evidence gathered in connection with the matter
involved; and from individuals to whom the records relate.
Systems exempted from certain provisions of the act:
This system is subject to the specific exemption provided by 5
U.S.C. 552a(k)(2), as the system of records is investigatory material
compiled for law enforcement purposes.
Appendix A--Standard Routine Uses Applicable to NCUA Systems of
Records
1. If a record in a system of records indicates a violation or
potential violation of civil or criminal law or a regulation, and
whether arising by general statute or particular program statute, or
by regulation, rule, or order, the relevant records in the system or
records may be disclosed as a routine use to the appropriate agency,
whether federal, state, local, or foreign, charged with the
responsibility of investigating or prosecuting such violation or
charged with enforcing or implementing the statute, rule, regulation,
or order issued pursuant thereto. 2. A record from a system of
records may be disclosed as a routine use to a federal, state, or
local agency which maintains civil, criminal, or other relevant
enforcement information or other pertinent information, such as
current licenses, if necessary, to obtain information relevant to an
agency decision concerning the hiring or retention of an employee,
the issuance of a security clearance, the letting of a contract, or
the issuance of a license, grant, or other benefit. 3. A record from
a system of records may be disclosed as a routine use to a federal
agency, in response to its request, for a matter concerning the
hiring or retention of an employee, the issuance of a security
clearance, the reporting of an investigation of an employee, the
letting of a contract, or the issuance of a license, grant, or other
benefit by the requesting agency, to the extent that the information
is relevant and necessary to the requesting agency's decision in the
matter. 4. A record from a system of records may be disclosed as a
routine use to an authorized appeal grievance examiner, formal
complaints examiner, equal employment opportunity investigator,
arbitrator or other duly authorized official engaged in investigation
or settlement of a grievance, complaint, or appeal filed by an
employee. Further, a record from any system of records may be
disclosed as a routine use to the Office of Personnel Management in
accordance with the agency's responsibility for evaluation and
oversight of federal personnel management. 5. A record from a system
of records may be disclosed as a routine use to officers and
employees of a federal agency for purposes of audit. 6. A record from
a system of records may be disclosed as a routine use to a member of
Congress or to a congressional staff member in response to an inquiry
from the congressional office made at the request of the individual
about whom the record is maintained. 7. A record from a system of
records may be disclosed as a routine use to the officers and
employees of the General Services Administration (GSA) in connection
with administrative services provided to this Agency under agreement
with GSA. 8. Records in a system of records may be disclosed as a
routine use to the Department of Justice, when (a) NCUA, or any of
its components or employees acting in their official capacities; or
(b) Any employee of NCUA in his or her individual capacity where the
Department of Justice has agreed to represent the employee; or (d)
The United States, where NCUA determines that litigation is likely to
affect the agency or any of its components, is a party to litigation
or has an interest in such litigation, and NCUA determines that use
of such records is relevant and necessary to the litigation,
provided, however, that in each case, NCUA determines that disclosure
of the records to the Department of Justice is a use of the
information contained in the records that is compatible with the
purpose for which the records were collected. 9. Records in a system
of records may be disclosed as a routine use in a proceeding before a
court or adjudicative body before which NCUA is authorized to appear,
when (a) NCUA, or any of its components or employees acting in their
official capacities; or (b) Any employee of NCUA in his or her
individual capacity where NCUA has agreed to represent the employee;
or (d) The United States, where NCUA determines that litigation is
likely to affect the agency or any of its components, is a party to
litigation or has an interest in such litigation, and NCUA determines
that use of such records is relevant and necessary to the litigation,
provided, however, that in each case, NCUA determines that disclosure
of the records to the Department of Justice is a use of the
information contained in the records that is compatible with the
purpose for which the records were collected.
Appendix B--List of Regional Offices (Addresses and States Covered
by Each Region)
I. NCUA Region I Regional Office: 9 Washington Square, Washington
Square Extension, Albany, NY, Phone (518) 472-4554.
States covered: Connecticut, Maine, Massachusetts, New Hampshire,
New Jersey, New York, Puerto Rico, Rhode Island, Vermont, Virgin
Islands.
II. NCUA Region II Regional Office: 1775 Duke Street, Suite 4206,
Alexandria, VA 22314, Phone: (703) 519-4600.
States covered: Delaware, District Of Columbia, Maryland, New
Jersey, Pennsylvania, Virginia.
III. NCUA Region III Regional Office: 7000 Central Parkway, Suite
1600, Atlanta, GA 30328, Phone (678) 443-3000.
States covered: Arkansas, Alabama, Florida, Georgia, Kentucky,
Louisiana, Mississippi, North Carolina, Puerto Rico, South Carolina,
Tennessee, Virgin Islands.
IV. NCUA Region IV Regional Office: 4225 Naperville Road, Suite
125, Lisle, IL 60532, Phone:(630) 955-4100.
States covered: Illinois, Indiana, Michigan, Missouri, Ohio, West
Virginia, Wisconsin.
V. NCUA Region V Regional Office: 4807 Spicewood Springs Road,
Suite 5200, Austin, TX 78759, Phone: (512) 342-5600.
States covered: Arizona, Colorado, Iowa, Kansas, Minnesota,
Nebraska, New Mexico, North Dakota, Oklahoma, South Dakota, Texas.
VI. NCUA Region VI Regional Office: 2300 Clayton Road, Suite
1350, Concord, CA 94520, Phone: (925) 363-6200.
States covered: Alaska, California, Guam, Hawaii, Idaho, Montana,
Nevada, Oregon, Utah, Washington, Wyoming.
NATIONAL CREDIT UNION ADMINISTRATION
Title 12--Banks and Banking
Chapter VII-National Credit Union Administration
PART 792-REQUESTS FOR INFORMATION UNDER THE FREEDOM OF INFORMATION ACT
AND PRIVACY ACT, AND BY SUBPOENA; SECURITY PROCEDURES FOR CLASSIFIED
INFORMATION
Subpart E--The Privacy Act
Sec.
792.52 Scope.
792.53 Definitions.
792.54 Procedures for requests pertaining to individual records in a
system of records.
792.55 Times, places, and requirements for identification of individuals
making requests and identification of records requested.
792.56 Notice of existence of records, access decisions and disclosure
of requested information; time limits.
792.57 Special procedures: Information furnished by other agencies;
medical records.
792.58 Requests for correction or amendment to records; administrative
review of requests.
792.59 Appeal of initial determination.
792.60 Disclosure of record to person other than the individual to whom
it pertains.
792.61 Accounting for disclosures.
792.62 Requests for accounting for disclosures.
792.63 Collection of information from individuals; information forms.
792.64 Contracting for the operation of a system of records.
792.65 Fees.
792.66 Exemptions.
792.67 Security of systems of records.
792.68 Use and collection of Social Security numbers.
792.69 Training and employee standards of conduct with regard to
privacy.
Authority: 12 U.S.C. 1766(a) and 1789(a)(7); 5 U.S.C. App. 3. Subpart
B is also issued under 5 U.S.C. 552a.
Source: 54 FR 18476, May 1, 1989. Redesignated at 63 FR 14338, Mar.
25, 1998.
Subpart E-The Privacy Act
Sec. 792.52 Scope.
This subpart governs requests made of NCUA under the Privacy Act (5
U.S.C. 552a). The regulation applies to all records maintained by NCUA
which contain personal information about an individual and some means of
identifying the individual, and which are contained in a system of
records from which information may be retrieved by use of an identifying
particular; sets forth procedures whereby individuals may seek and gain
access to records concerning themselves and request amendments of those
records; and sets forth requirements applicable to NCUA employees'
maintaining, collecting, using, or disseminating such records.
Sec. 792.53 Definitions.
For purposes of this subpart:
(a) Individual means a citizen of the United States or an alien
lawfully admitted for permanent residence.
(b) Maintain includes maintain, collect, use, or disseminate.
(c) Record means any item, collection, or grouping of information
about an individual that is maintained by NCUA, and that contains the
name, or an identifying number, symbol, or other identifying particular
assigned to the individual.
(d) System of records means a group of any records under NCUA's
control from which information is retrieved by the name of the
individual or by some identifying number, symbol, or other identifying
particular assigned to the individual.
(e) Routine use means, with respect to the disclosure of a record, the
use of such record for a purpose which is compatible with the purpose
for which it was collected.
(f) Statistical record means a record in a system of records
maintained for statistical research or reporting purposes only and not
used in whole or in part in making any determination about an
identifiable individual, except as provided by section 8 of title 13 of
the United States Code.
Sec. 792.54 Procedures for requests pertaining to individual records
in a system of records.
(a) An individual seeking notification of whether a system of records
contains a record pertaining to that individual, or an individual
seeking access to information or records pertaining to that individual
which are available under the Privacy Act shall present a request to the
NCUA official identified in the access procedure section of the ``Notice
of Systems of Records'' published in the Federal Register which
describes the system of records to which the individual's request
relates. An individual who does not have access to the Federal Register
and who is unable to determine the appropriate official to whom a
request should be submitted may submit a request to the Director of the
Administrative Office, National Credit Union Administration, 1775 Duke
Street, Alexandria, VA 22314-3428, in which case the request will then
be referred to the appropriate NCUA official and the date of receipt of
the request will be determined as the date of receipt by the official.
(b) In addition to meeting the identification requirements set forth
in Sec. 792.55, an individual seeking notification or access, either in
person or by mail, shall describe the nature of the record sought, the
approximate dates covered by the record, and the system in which it is
thought to be included, as described in the ``Notice of Systems of
Records'' published in the Federal Register.
[54 FR 18476, May 1, 1989, as amended at 59 FR 36041, July 15, 1994; 64
FR 57365, Oct. 25, 1999]
Sec. 792.55 Times, places, and requirements for identification of
individuals making requests and identification of records requested.
(a) The following standards are applicable to an individual submitting
requests either in person or by mail under Sec. 792.54:
(1) If not personally known to the NCUA official responding to the
request, an individual seeking access to records about that individual
in person shall establish identity by the presentation of a single
document bearing a photograph (such as a passport or identification
badge) or by the presentation of two items of identification which do
not bear a photograph but do bear both a name and address (such as a
driver's license or credit card);
(2) An individual seeking access to records about that individual by
mail may establish identity by a signature, address, date of birth,
employee identification number if any, and one other identifier such as
a photocopy of driver's license or other document. If less than all of
this requisite identifying information is provided, the NCUA official
responding to the request may require further identifying information
prior to any notification or responsive disclosure.
(3) An individual seeking access to records about himself by mail or
in person, who cannot provide the required documentation or
identification, may provide an unsworn declaration subscribed to a true
under openalty of perjury.
(b) The parent or guardian of a minor or a person judicially
determined to be incompetent shall, in addition to establishing identity
of the minor or other person as required in paragraph (a) of this
section, furnish a copy of a birth certificate showing parentage or a
court order establishing guardianship.
(c) An individual may request by telephone notification of the
existence of and access to records about that individual and contained
in a system of records. In such a case, the NCUA official responding to
the request shall require, for the purpose of comparison and
verification of identity, at least two items of identifying information
(such as date of birth, home address, social security number) already
possessed by the NCUA. If the requisite identifying information is not
provided, or otherwise at the discretion of the responsible NCUA
official, an individual may be required to submit the request by mail or
in person in accordance with paragraph (a) of this section.
(d) An individual seeking to review records about that individual may
be accompanied by another person of their own choosing. In such cases,
the individual seeking access shall be required to furnish a written
statement authorizing discussion of that individual's records in the
accompanying person's presence.
(e) In addition to the requirements set forth in paragraphs (a), (b)
and (c) of this section, the published ``Notice of System of Records''
for individual systems may include further requirements of
identification where necessary to retrieve the individual records from
the system.
[54 FR 18476, May 1, 1989, as amended at 64 FR 57365, Oct. 25, 1999; 65
FR 63790, Oct. 25, 2000]
Sec. 792.56 Notice of existence of records, access decisions and
disclosure of requested information; time limits.
(a) The NCUA official identified in the record access procedure
section of the ``Notice of Systems of Records'' and identified in
accordance with Sec. 792.542(a), by an individual seeking notification
of, or access to, a record, shall be responsible: (1) For determining
whether access is available under the Privacy Act; (2) for notifying the
requesting individual of that determination; and (3) for providing
access to information determined to be available. In the case of an
individual access request made in person, information determined to be
available shall be provided by allowing a personal review of the record
or portion of a record containing the information requested and
determined to be available, and the individual shall be allowed to have
a copy of all or any portion of available information made in a form
comprehensible to him. In the case of an individual access request made
by mail, information determined to be available shall be provided by
mail, unless the individual has requested otherwise.
(b) The following time limits shall be applicable to the required
determinations, notification and provisions of access set forth in
paragraph (a) of this section:
(1) A request concerning a single system of records which does not
require consultation with or requisition of records from another agency
shall be responded to within 20 working days after receipt of the
request;
(2) A request requiring requisition of records from or consultation
with another agency shall be responded to within 30 working days after
receipt of the request.
(3) If a request under paragraphs (b)(1) or (2) of this section
presents unusual difficulties in determining whether the records
involved are exempt from disclosure, the Privacy Act Officer, in the
Office of General Counsel, may extend the time period established by the
regulations by 10 working days.
(c) Nothing in this section shall be construed to allow an individual
access to any information compiled in reasonable anticipation of a civil
action or proceeding, or any information exempted from the access
provisions of the Privacy Act.
[54 FR 18476, May 1, 1989, as amended at 59 FR 36042, July 15, 1994; 64
FR 57365, Oct. 25, 1999; 65 FR 63790, Oct. 25, 2000]
Sec. 792.57 Special procedures: Information furnished by other
agencies; medical records.
(a) When a request for records or information from NCUA includes
information furnished by other Federal agencies, the NCUA official
responsible for action on the request shall consult with the appropriate
agency prior to making a decision to disclose or refuse access to the
record, but the decision whether to disclose the record shall be made in
the first instance by the NCUA official.
(b) When an individual requests medical records concerning himself,
the NCUA official responsible for action on the request may advise the
individual that the records to be released will be provided first to a
physician designated in writing by the individual. The physician will
provide the records to the individual.
[54 FR 18476, May 1, 1989. Redesignated at 63 FR 14338, Mar. 25, 1998,
as amended at 65 FR 63790, Oct. 25, 2000]
Sec. 792.58 Requests for correction or amendment to a record;
administrative review of requests.
(a) An individual may request amendment of a record concerning that
individual by addressing a request, either in person or by mail, to the
NCUA official identified in the ``contesting record procedures'' section
of the ``Notice of Systems of Records'' published in the Federal
Register and describing the system of records which contains the record
sought to be amended. The request must indicate the particular record
involved, the nature of the correction sought, and the justification for
the correction or amendment. Requests made by mail should be addressed
to the responsible NCUA official at the address specified in the
``Notice of Systems of Records'' describing the system of records which
contains the contested record. An individual who does not have access to
the NCUA's ``Notice of Systems of Records,'' and to whom the appropriate
address is otherwise unavailable may submit a request to the Privacy Act
Office, Office of General Counsel, National Credit Union Administration,
1775 Duke Street, Alexandria, VA 22314-3428 in which case the request
will then be referred to the appropriate NCUA official. The date of
receipt of the request will be determined as of the date of receipt by
that official.
(b) Within 10 working days of receipt of the request, the appropriate
NCUA official shall advise the individual that the request has been
received. The appropriate NCUA official shall then promptly (under
normal circumstances, not later than 30 working days after receipt of
the request) advise the individual that the record is to be amended or
corrected, or inform the individual of rejection of the request to amend
the record, the reason for the rejection, and the procedures established
by Sec. 792.27 for the individual to request a review of that rejection.
[54 FR 18476, May 1, 1989, as amended at 59 FR 36041, July 15, 1994; 65
FR 63790, Oct. 25, 2000]
Sec. 792.59 Appeal of initial determination.
(a) A rejection, in whole or in part, of a request to amend or correct
a record may be appealed to the General Counsel within 30 working days
of receipt of notice of the rejection. Appeals shall be in writing, and
shall set forth the specific item of information sought to be corrected
and the documentation justifying the correction. Appeals shall be
addressed to the Office of General Counsel, National Credit Union
Administration, 1775 Duke Street, Alexandria, VA 22314-3428. Appeals
shall be decided within 30 working days of receipt unless the General
Counsel, for good cause, extends such period for an additional 30
working days.
(b) Within the time limits set forth in paragraph (a) of this section,
the General Counsel shall either advise the individual of a decision to
amend or correct the record, or advise the individual of a determination
that an amendment or correction is not warranted on the facts, in which
case the individual shall be advised of the right to provide for the
record a ``Statement of Disagreement'' and of the right to further
appeal pursuant to the Privacy Act. For records under the jurisdiction
of the Office of Personnel Management, appeals will be made pursuant to
that agency's regulations.
(c) A statement of disagreement may be furnished by the individual.
The statement must be sent, within 30 days of the date of receipt of the
notice of General Counsel refusal to authorize correction, to the
General Counsel, National Credit Union Administration, 1775 Duke Street,
Alexandria, VA 22314-3428. Upon receipt of a statement of disagreement
in accordance with this section, the General Counsel shall take steps to
ensure that the statement is included in the system of records
containing the disputed item and that the original item is so marked to
indicate that there is a statement of dispute and where, within the
system of records, that statement may be found.
(d) When a record has been amended or corrected or a statement of
disagreement has been furnished, the system manger for the system of
records containing the record shall, within 30 days thereof, advise all
prior recipients of information to which the amendment or statement of
disagreement relates whose identity can be determined by an accounting
made as required by the Privacy Act of 1974 or any other accounting
previously made, of the amendment or statement of disagreement. When a
statement of disagreement has been furnished, the system manager shall
also provide any subsequent recipient of a disclosure containing
information to which the statement relates with a copy of the statement
and note the disputed portion of the information disclosed. A concise
statement of the reasons for not making the requested amendment may also
be provided if deemed appropriate.
(e) If access is denied because of an exemption, the individual will
be notified of the right to appeal that determination to the General
Counsel within 30 days after receipt. Appeals will be determined within
20 working days.
[54 FR 18476, May 1, 1989, as amended at 59 FR 36041, July 15, 1994; 65
FR 63790, Oct. 25, 2000]
Sec. 792.60 Disclosure of record to person other than the individual
to whom it pertains.
No record or item of information concerning an individual which is
contained in a system of records maintained by NCUA shall be disclosed
by any means of communication to any person, or to another agency,
without the prior written consent of the individual to whom the record
or item of information pertains, unless the disclosure would be--
(a) To an employee of the NCUA who has need for the record in the
performance of duty;
(b) Required by the Freedom of Information Act;
(c) For a routine use as described in the ``Notice of Systems of
Records,'' published in the Federal Register, which describes the system
of records in which the record or item of information is contained;
(d) To the Bureau of the Census for purposes of planning or carrying
out a census or survey or related activity pursuant to the provisions of
Title 13 of the United States Code;
(e) To a recipient who has provided the NCUA with advance adequate
written assurance that the record or item will be used soley as a
statistical research or reporting record, and the record is to be
transferred in a form that is not individually identifiable;
(f) To the National Archives and Records Administration as a record or
item which has sufficient historical or other value to warrant its
continued preservation by the United States Government, or for
evaluation by the Archivist of the United States or the designee of the
Archivist to determine whether the record has such value;
(g) To another agency or to an instrumentality of any governmental
jurisdiction within or under the control of the United States for a
civil or criminal law enforcement activity if the activity is authorized
by law, and if the head of the agency or instrumentality has made a
written request to NCUA specifying the particular portion desired and
the law enforcement activity for which the record or item is sought;
(h) To a person pursuant to a showing of compelling circumstances
affecting the health or safety of an individual if, upon such
disclosure, notification is transmitted to the last known address of
such individual;
(i) To either House of Congress, or, to the extent of matter within
its jurisdiction, any committee or subcommittee thereof, any joint
committee of Congress or subcommittee of any such joint committee;
(j) To the Comptroller General, or any of his authorized
representatives, in the course of the performance of the duties of the
General Accounting Office; or
(k) Pursuant to the order of a court of competent jurisdiction; or
(l) To a consumer reporting agency in accordance with section 3711(f)
of Title 31 of the United States Code (31 U.S.C. 3711(f)).
Sec. 792.61 Accounting for disclosures.
(a) Each system manager identified in the ``Notice of Systems of
Records'' as published in the Federal Register for each system of
records maintained by the NCUA, shall establish a system of accounting
for all disclosures of information or records concerning individuals and
contained in the system of records, made outside NCUA. Accounting
procedures may be established in the least expensive and most convenient
form that will permit the system manager to advise individuals, promptly
upon request, of the persons or agencies to which records concerning
them have been disclosed.
(b) Accounting records, at a minimum, shall include the information
disclosed, the name and address of the person or agency to whom
disclosure was made, and the date of disclosure. When records are
transferred to the National Archives and Records Administration for
storage in records centers, the accounting pertaining to those records
shall be transferred with the records themselves.
(c) Any accounting made under this section shall be retained for at
least five years or the life of the record, whichever is longer, after
the disclosure for which the accounting is made.
Sec. 792.62 Requests for accounting for disclosures.
At the time of the request for access or correction or at any other
time, an individual may request an accounting of disclosures made of the
individual's record outside the NCUA. Request for accounting shall be
directed to the system manager. Any available accounting, whether kept
in accordance with the requirements of the Privacy Act or under
procedures established prior to September 27, 1975, shall be made
available to the individual, except that an accounting need not be made
available if it relates to:
(a) A disclosure made pursuant to the Freedom of Information Act (5
U.S.C. 552);
(b) A disclosure made within the NCUA;
(c) A disclosure made to a law enforcement agency pursuant to 5 U.S.C.
552a(b)(7);
(d) A disclosure which has been exempted from the provisions of 5
U.S.C. 552a(c)(3) pursuant to 5 U.S.C. 552a(j) or (k).
Sec. 792.63 Collection of information from individuals; information
forms.
(a) The system manager, as identified in the ``Notice of Systems of
Records'' published in the Federal Register for each system of records
maintained by the Administration, shall be responsible for reviewing all
forms developed and used to collect information from or about
individuals for incorporation into the system of records.
(b) The purpose of the review shall be to eliminate any requirement
for information that is not relevant and necessary to carry out an NCUA
function and to accomplish the following objectives:
(1) To ensure that no information concerning religion, political
beliefs or activities, association memberships (other than those
required for a professional license), or the exercise of other First
Amendment rights is required to be disclosed unless such requirement of
disclosure is expressly authorized by statute or is pertinent to and
within the scope of any authorized law enforcement activity;
(2) To ensure that the form or accompanying statement makes clear to
the individual which information by law must be disclosed and the
authority for that requirement, and which information is voluntary;
(3) To ensure that the form or accompanying statement makes clear the
principal purpose or purposes for which the information is being
collected, and states concisely the routine uses that will be made of
the information;
(4) To ensure that the form or accompanying statement clearly
indicates to the individual the existing rights, benefits or privileges
not to provide all or part of the requested information; and
(5) To ensure that any form requesting disclosure of a social security
number, or an accompanying statement, clearly advises the individual of
the statute or regulation requiring disclosure of the number, or clearly
advises the individual that disclosure is voluntary and that no
consequence will flow from a refusal to disclose it, and the uses that
will be made of the number whether disclosed mandatorily or voluntarily.
(c) Any form which does not meet the objectives specified in the
Privacy Act and this section shall be revised to conform thereto.
Sec. 792.64 Contracting for the operation of a system of records.
(a) No NCUA component shall contract for the operation of a system of
records by or on behalf of the Agency without the express approval of
the NCUA Board.
(b) Any contract which is approved shall continue to ensure compliance
with the requirements of the Privacy Act. The contracting component
shall have the responsibility for ensuring that the contractor complies
with the contract requirements relating to the Privacy Act.
Sec. 792.65 Fees.
(a) Fees pursuant to 5 U.S.C. 552a(f)(5) shall be assessed for actual
copies of records provided to individuals on the following basis, unless
the NCUA official determining access waives the fee because of the
inability of the individual to pay or the cost of collecting the fee
exceeds the fee:
(1) For copies of documents provided, copy fees as stated in NCUA's
current FOIA fee schedule; and
(2) For copying information, if any, maintained in nondocument form,
the direct cost to NCUA may be assessed.
(b) If it is determined that access fees chargeable under this section
will amount to more than $25, and the individual has not indicated in
advance willingness to pay fees as high as are anticipated, the
individual shall be notified of the amount of the anticipated fees
before copies are made, and the individual's access request shall not be
considered to have been received until receipt by NCUA of written
agreement to pay.
[54 FR 18476, May 1, 1989. Redesignated at 6l3 FR 14338, Mar. 25, 1998,
as amended at 65 FR 63790, Oct. 25, 2000]
Sec. 792.66 Exemptions.
(a) NCUA maintains four systems of records that are exempted from some
of the provisions of the Privacy Act. In paragraph (b) of this section,
those systems of records are identified by System Name and System
Number, as stated in the NCUA's ``Notice of Systems of Records,''
published in the Federal Register. The provisions from which each system
is exempted and the reasons therefor are also set forth.
(b)(1) System NCUA-1, entitled ``Employee Suitability Security
Investigations Containing Adverse Information,'' consists of adverse
information about NCUA employees that has been obtained as a result of
routine U.S. Office of Personnel Management (OPM) Security
Investigations. To the extent that NCUA maintains records in this system
pursuant to OPM guidelines that require retrieval of information by use
of individual identifiers, those records are encompassed by and included
in the OPM Central system of records number 9, entitled ``Personnel
Investigations Records,'' and thus are subject to the exemptions
promulgated by OPM. Additionally, in order to ensure the protection of
properly confidential sources, particularly as to those records which
are not maintained pursuant to such Office of Personnel Management
requirements, the records in these systems of records are exempted,
pursuant to section (k)(5) of the Privacy Act (5 U.S.C. 552a(k)(5)),
from section (d) of the Act (5 U.S.C. 552a(d)). To the extent that
disclosure of a record would reveal the identity of a confidential
source, NCUA need not grant access to that record by its subject.
Information which would reveal a confidential source shall, however,
whenever possible, be extracted or summarized in a manner which protects
the source and the summary or extract shall be provided to the
requesting individual.
(2) System NCUA-8, entitled ``Investigative Reports Involving Any
Crime or Suspicious Activity Against a Credit Union, NCUA,'' consists of
investigatory or enforcement records about individuals suspected or
involvement in violations of laws or regulaitons, whether criminal or
administrative. These records are maintained in an overall context of
general investigative information concerning crimes against credit
unions. To the extent that individually identifiable information is
maintained, however, for purposes of protecting the security of any
investigations by appropriate law enforcement authorities and promoting
the successful prosecution of all actual criminal activity, the records
in this system are exempted, pursuant to section (k)(2) of the Privacy
Act (5 U.S.C. 552a(k)(2)), from sections (c)(3), and (d)). NCUA need not
make an accounting of previous disclosures of a record in this system of
records available to its subject, the NCUA need not grant access to any
records in this system of records by their subject. Further, whenever
individuals request records about themselves and maintained in this
system of records, the NCUA shall, to the extent necessary to realize
the above-stated purposes, neither confirm nor deny the existence of the
records but shall advise the individuals only that no records available
to them pursuant to the Privacy Act of 1974 have been identified.
However, should review of the record reveal that the information
contained therein has been used or is being used to deny the individuals
any right, privilege or benefit for which they are eligible or to which
they would otherwise be entitled under Federal law, the individuals
shall be advised of the existence of the information and shall be
provided the information, except to the extent disclosure would identify
a confidential source. Information which would identify a confidential
source shall, if possible, be extracted or summarized in a manner which
protects the source and the summary or extract shall be provided to the
requesting individual.
(3) System NCUA-20, entitled, ``Office of Inspector General (OIG)
Investigative Records,'' consists of OIG records of closed and pending
investigations of individuals alleged to have been involved in criminal
violations. The records in this system are exempted pursuant to Sections
(k)(2) of the Privacy Act, 5 U.S.C. 552a(k)(2), from sections (c)(3);
(d); (e)(1); (e)(4)(G); (e)(4)(H); (e)(4)(I); and (f). The records in
this system are also exempted pursuant to Section (j)(2) of the Privacy
Act, 5 U.S.C. 552a(j)(2), from sections (c)(3); (c)(4); (d); (e)(1);
(e)(2); (e)(3); and (g).
(4) System NCUA-13, entitled, ``Litigation Case Files,'' consists of
investigatory materials compiled for law enforcement purposes. Records
in the Litigation Case Files system are used in connection with the
execution of NCUA's legal and enforcement responsibilities. Because the
system covers investigatory materials compiled for law enforcement
purposes, it is eligible for exemption under subsection (k)(2) of the
Privacy Act. 5 U.S.C. 552a(k)(2). The Litigation Case Files system is
exempt from subsections (c)(3), (d), (e)(1), (e)(4)(G), (H), (I) and (f)
of the Privacy Act. 5 U.S.C. 552a (c)(3), (d), (e)(1), (e)(4)(G), (H),
(I) and (f). However, if an individual is denied any right, privilege,
or benefit to which he would otherwise be entitled by federal law, or
for which he otherwise would be eligible, as a result of the maintenance
of such records, the records or information will be made available to
him, provided the identity of a confidential source is not disclosed.
(c) For purposes of this section, a ``confidential source'' means a
source who furnished information to the Government under an express
promise that the identity of the source would remain confidential, or,
prior to September 27, 1976, under an implied promise that the identity
of the source would be held in confidence.
[54 FR 18476, May 1, 1989, as amended at 60 FR 31912, June 19, 1995; 64
FR 57365, Oct. 25, 1999, 65 FR 63790, Oct. 25, 2000]
Sec. 792.67 Security of systems of records.
(a) Each system manager, with the approval of the head of that Office,
shall establish administrative and physical controls to insure the
protection of a system of records from unauthorized access or disclosure
and from physical damage or destruction. The controls instituted shall
be proportional to the degree of sensitivity of the records, but at a
minimum must insure: that records are enclosed in a manner to protect
them from public view; that the area in which the records are stored is
supervised during all business hours to prevent unauthorized personnel
from entering the area or obtaining access to the records; and that the
records are inaccessible during nonbusiness hours.
(b) Each system manager, with the approval of the head of that Office,
shall adopt access restriction to insure that only those individuals
within the agency who have a need to have access to the records for the
performance of duty have access. Procedures shall also be adopted to
prevent accidental access to or dissemination of records.
Sec. 792.68 Use and collection of Social Security numbers.
The head of each NCUA Office shall take such measures as are necessary
to ensure that employees authorized to collect information from
individuals are advised that individuals may not be required without
statutory or regulatory authorization to furnish Social Security
numbers, and that individuals who are requested to provide Social
Security numbers voluntarily must be advised that furnishing the number
is not required and that no penalty or denial of benefits will flow from
the refusal to provide it.
Sec. 792.69 Training and employee standards of conduct with regard
to privacy.
(a) The Director of the Office of Training and Development, with
advice from the General Counsel, is responsible for training NCUA
employees in the obligations imposed by the Privacy Act and this
subpart.
(b) The head of each NCUA Office shall be responsible for assuring
that employees subject to that person's supervision are advised of the
provisions of the Privacy Act, including the criminal penalties and
civil liabilities provided therein, and that such employees are made
aware of their responsibilities to protect the security of personal
information, to assure its accuracy, relevance, timeliness, and
completeness, to avoid unauthorized disclosure either orally or in
writing, and to insure that no information system concerning
individuals, no matter how small or specialized, is maintained without
public notice.
(c) With respect to each system of records maintained by NCUA, Agency
employees shall:
(1) Collect no information of a personal nature from individuals
unless authorized to collect it to achieve a function or carry out an
NCUA responsibility;
(2) Collect from individuals only that information which is necessary
to NCUA functions or responsibilities;
(3) Collect information, wherever possible, directly from the
individual to whom it relates;
(4) Inform individuals from whom information is collected of the
authority for collection, the purposes thereof, the routine uses that
will be made of the information, and the effects, both legal and
practical of not furnishing the information;
(5) Not collect, maintain, use, or disseminate information concerning
an individual's religious or political beliefs or activities or his
membership in associations or organizations, unless:
(i) The individual has volunteered such information for his own
benefit;
(ii) The information is expressly authorized by statute to be
collected, maintained, used, or disseminated; or
(iii) Activities involved are pertinent to and within the scope of an
authorized investigation or adjudication.
(6) Advise their supervisors of the existence or contemplated
development of any record system which retrieves information about
individuals by individual identifier.
(7) Maintain an accounting, in the prescribed form, of all
dissemination of personal information outside NCUA, whether made orally
or in writing;
(8) Disseminate no information concerning individuals outside NCUA
except when authorized by 5 U.S.C. 552a or pursuant to a routine use as
set forth in the ``routine use'' section of the ``Notice of Systems of
Records'' published in the Federal Register.
(9) Maintain and process information concerning individuals with care
in order to ensure that no inadvertent disclosure of the information is
made either within or outside NCUA; and
(10) Call to the attention of the proper NCUA authorities any
information in a system maintained by NCUA which is not authorized to be
maintained under the provisions of the Privacy Act, including
information on First Amendment activities, information that is
inaccurate, irrelevant or so incomplete as to risk unfairness to the
individuals concerned.
(c) Heads of offices within NCUA shall, at least annually, review the
record systems subject to their supervision to ensure compliance with
the provisions of the Privacy Act.
[54 FR 18476, May 1, 1989, as amended at 59 FR 36042, July 15 1994; 65
FR 63790, Oct. 25, 2000]