Privacy Act of 1974: Systems of Records, 11331-11333 [2019-05739]

Download as PDF Federal Register / Vol. 84, No. 58 / Tuesday, March 26, 2019 / Notices They will also become a matter of public record. Gatrie Johnson, NASA PRA Clearance Officer. [FR Doc. 2019–05707 Filed 3–25–19; 8:45 am] BILLING CODE 7510–13–P NATIONAL CREDIT UNION ADMINISTRATION Privacy Act of 1974: Systems of Records National Credit Union Administration (NCUA). ACTION: Notice of a new system of records. jbell on DSK30RV082PROD with NOTICES AGENCY: SUMMARY: Pursuant to the Privacy Act of 1974, the National Credit Union Administration (NCUA) gives notice of a new proposed Privacy Act system of records. The new proposed system is the Examination and Supervision System (ESS), NCUA–22. The ESS will be used for NCUA’s statutorily mandated examination and supervision activities, including the coordination and conduct of examinations of credit unions, supervisory evaluations and analyses, enforcement actions and Federal court actions. NCUA may coordinate with other financial regulatory agencies on matters related to the safety and soundness of credit unions. This system will track and store examination and supervision documents created during the performance of the NCUA’s statutory duties. DATES: Submit comments on or before April 25, 2019. This action will be effective without further notice on April 25, 2019 unless comments are received that would result in a contrary determination. ADDRESSES: You may submit comments by any of the following methods, but please send comments by one method only: • Federal eRulemaking Portal: http:// www.regulations.gov. Follow the instructions for submitting comments. • NCUA website: http:// www.ncua.gov/RegulationsOpinions Laws/proposed_regs/proposed_ regs.html. Follow the instructions for submitting comments. • Email: Address to regcomments@ ncua.gov. Include ‘‘[Your name]— Comments on NCUA Examination and Supervision System (ESS), NCUA–22 SORN’’ in the email subject line. • Fax: (703) 518–6319. Use the subject line described above for email. • Mail: Address to Gerard Poliquin, Secretary of the Board, National Credit VerDate Sep<11>2014 18:45 Mar 25, 2019 Jkt 247001 Union Administration, 1775 Duke Street, Alexandria, Virginia 22314– 3428. • Hand Delivery/Courier: Same as mail address. FOR FURTHER INFORMATION CONTACT: Lisa Dolin, Business Innovation Officer, Office of Business Innovation, the National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia, 22314, or Rena Kim, Privacy Attorney, Office of General Counsel, the National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia, 22314. SUPPLEMENTARY INFORMATION: This notice informs the public of NCUA’s proposal to establish and maintain a new system of records. The proposed new system is being established under NCUA’s authority in the Federal Credit Union Act, 12 U.S.C. 1751, et. seq. The information collected in the NCUA–22 system of records will also support investigations and supervisory and legal proceedings by the NCUA or other supervisory or law enforcement agencies. The information collected for administrative purposes will ensure quality control, performance, and improving examination and supervision processes. This notice satisfies the Privacy Act requirement that an agency publish a system of records notice in the Federal Register when there is an addition to the agency’s systems of records. The format of NCUA–22 aligns with the guidance set forth in OMB Circular A–108. NCUA–22 and all of NCUA’s Standard Routine Uses are published in full below. All of the NCUA’s SORNs are available at www.ncua.gov. By the National Credit Union Administration Board on March 20, 2019. Gerard Poliquin, Secretary of the Board. SYSTEM NAME AND NUMBER: Examination and Supervision System (ESS)—NCUA–22 SECURITY CLASSIFICATION: Unclassified. SYSTEM LOCATION: The system is operated and maintained in part by NCUA staff, and in part by third-party vendors. Please contact the system managers (below) for more information. SYSTEM MANAGER(S): Director of the Office of Business Innovation and the Director of the Office of Examination and Insurance, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314–3428. PO 00000 Frm 00053 Fmt 4703 Sfmt 4703 11331 AUTHORITY FOR MAINTENANCE OF THE SYSTEM: 12 U.S.C. 1751, et. seq. PURPOSE(S) OF THE SYSTEM: This system of records is maintained for the purpose of carrying out the NCUA’s statutorily mandated examination and supervision activities, including the coordination and conduct of examinations, supervisory evaluations and analyses, enforcement actions and actions in Federal court. NCUA may coordinate with other financial regulatory agencies on matters related to the safety and soundness of credit unions. The information collected in this system will also support the conduct of investigations or other supervisory or legal actions by the NCUA or other supervisory or law enforcement agencies. This may result in criminal referrals, referrals to Offices of Inspectors General, or the initiation of administrative or Federal court actions. This system will track and store examination and supervision documents created during the performance of the NCUA’s statutory duties. The information also will be used for administrative purposes such as quality control, performance metrics, and improvements to examination and supervision processes. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Individuals covered by this system are (1) Current and former directors, officers, employees, and agents of credit unions; (2) Current and former members who are or have been serviced by credit unions; (3) Current and former credit union service organization representatives; (4) Other individuals engaged in business with the NCUA for a specific purpose (such as outside counsel); and (5) NCUA employees and contractors, and State Supervisory Authority staff. CATEGORIES OF RECORDS IN THE SYSTEM: Records in the system may contain (1) Contact information about credit union officials (such as members of the Board of Directors, Audit Committee Chair, Chief Executive Officer, Chief Compliance Officer, Internal Auditor, and Independent Auditor), such as name, address, phone number, and email address; (2) Demographic and financial information about individual credit union members, such as name, address, Social Security number, account information, loan and share information, and publicly available information; (3) Information about NCUA employees assigned to credit union examination and supervision tasks, such as name, work phone E:\FR\FM\26MRN1.SGM 26MRN1 11332 Federal Register / Vol. 84, No. 58 / Tuesday, March 26, 2019 / Notices number, work email address, and other employment information; (4) User information, such as name, email address, and role about other users of the system (such as contractors, credit union representatives, State Supervisory Authority staff, and Credit Union Service Organization representatives (CUSOs). RECORD SOURCE CATEGORIES: The information in the system about credit union officials and individual credit union members is generally provided by credit unions and CUSOs. NCUA employees and contractors, and State Supervisory Authorities may add additional information to the system as part of their assigned supervision and examination activities (including analytics/business intelligence activities). Some of the information may be from third parties with relevant information about covered persons or service providers, or existing databases maintained by other Federal and state regulatory associations, law enforcement agencies, and related entities. Whenever practicable, the NCUA collects information about an individual directly from that individual. jbell on DSK30RV082PROD with NOTICES ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, these records or information contained therein may specifically be disclosed outside NCUA as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows: 1. NCUA’s Standard Routine Uses apply to this system of records. 2. To a financial institution affected by enforcement activities or reported criminal activities; 3. To the Internal Revenue Service and appropriate State and local taxing authorities; 4. To another federal or state agency to: (a) Permit a decision as to access, amendment or correction of records to be made in consultation with or by that agency, or (b) verify the identity of an individual or the accuracy of information submitted by an individual who has requested access to or amendment or correction of records; 5. To a grand jury pursuant either to a federal or state grand jury subpoena, or to a prosecution request that such record be released for the purpose of its introduction to a grand jury, where the subpoena or request has been specifically approved by a court; 6. To a court, magistrate, or administrative tribunal in the course of an administrative proceeding or judicial VerDate Sep<11>2014 17:54 Mar 25, 2019 Jkt 247001 proceeding, including disclosures to opposing counsel or witnesses (including expert witnesses) in the course of discovery or other pre-hearing exchanges of information, litigation, or settlement negotiations, where relevant or potentially relevant to a proceeding related to the NCUA’s mission of providing a safe and sound credit union system. 7. To appropriate agencies, entities, and persons, including but not limited to potential expert witnesses, witnesses, or translators, in the course of supervision or enforcement related investigation; 8. To appropriate federal, state, local, foreign, tribal, or self-regulatory organizations or agencies responsible for investigating, prosecuting, enforcing, implementing, issuing, or carrying out a statute, rule, regulation, order, policy, or license if the information may be relevant to a potential violation of civil or criminal law, rule, regulation, order, policy, or license; and 9. To an entity or person that is the subject of supervision or enforcement activities including examinations, investigations, administrative proceedings, and litigation, and the attorney or non-attorney representative for that entity or person. POLICIES AND PRACTICES FOR STORAGE OF RECORDS: Electronic records and backups are stored on dedicated secure servers, approved by NCUA’s Office of the Chief Information Officer (OCIO), within a FedRAMP-authorized commercial Cloud Service Provider’s (CSP) Infrastructure as a Service (IaaS) hosting environment and accessed only by authorized personnel. No paper files are maintained. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: Records pertaining to individual credit union members are not generally retrieved outside of a scheduled examination or supervision contact. However, such records can be retrieved by credit union name, charter number, credit union member’s name or other record in the system. The system includes advanced search features that function essentially as a full-text search tool. POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: Records are maintained in accordance with the General Records Retention Schedules issued by the National Archives and Records Administration (NARA) or a NCUA records disposition schedule approved by NARA. Records existing on computer storage media are PO 00000 Frm 00054 Fmt 4703 Sfmt 4703 destroyed according to the applicable NIST-compliant media sanitization policy. ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFEGUARDS: NCUA has implemented the appropriate administrative, technical, and physical controls in accordance with the Federal Information Security Modernization Act of 2014, Public Law 113–283, S. 2521, and NCUA’s information security policies to protect the confidentiality, integrity, and availability of the information system and the information contained therein. Access is limited to individuals authorized through NIST-compliant Identity, Credential, and Access Management policies and procedures. The records are maintained behind a layered defensive posture consistent with all applicable federal laws and regulations, including OMB Circular A– 130 and NIST Special Publications 800– 37 and 800–53. RECORD ACCESS PROCEDURES: Individuals wishing access to their records should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information: 1. Full name. 2. Any available information regarding the type of record involved. 3. The address to which the record information should be sent. 4. You must sign your request. Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf. Individuals requesting access must also comply with NCUA’s Privacy Act regulations regarding verification of identity and access to records (12 CFR 792.55). CONTESTING RECORD PROCEDURES: Individuals wishing to request an amendment to their records should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information: 1. Full name. 2. Any available information regarding the type of record involved. 3. A statement specifying the changes to be made in the records and the justification therefore. 4. The address to which the response should be sent. 5. You must sign your request. Attorneys or other persons acting on behalf of an individual must provide E:\FR\FM\26MRN1.SGM 26MRN1 Federal Register / Vol. 84, No. 58 / Tuesday, March 26, 2019 / Notices written authorization from that individual for the representative to act on their behalf. NOTIFICATION PROCEDURES: Individuals wishing to learn whether this system of records contains information about them should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information: 1. Full name. 2. Any available information regarding the type of record involved. 3. The address to which the record information should be sent. 4. You must sign your request. Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf. Individuals requesting access must also comply with NCUA’s Privacy Act regulations regarding verification of identity and access to records (12 CFR 792.55). EXEMPTIONS PROMULGATED FOR THE SYSTEM: Federal criminal law enforcement investigatory reports maintained as part of this system may be the subject of exemptions imposed by the originating agency pursuant to 5 U.S.C. 552a(j)(2). HISTORY: This is a new system. [FR Doc. 2019–05739 Filed 3–25–19; 8:45 am] BILLING CODE P NATIONAL CREDIT UNION ADMINISTRATION Privacy Act of 1974: Systems of Records National Credit Union Administration (NCUA). ACTION: Notice of a new system of records. AGENCY: Pursuant to the Privacy Act of 1974, the National Credit Union Administration (NCUA) gives notice of a new proposed Privacy Act system of records. The new proposed system is the NCUA Connect, NCUA–21. The NCUA Connect system will carry out the NCUA’s statutorily mandated credit union examination and supervision activities. Specifically, this system is the interface through which authorized users access NCUA’s other major examination, supervision, and reporting related systems. DATES: Submit comments on or before April 25, 2019. This action will be effective without further notice on April 25, 2019 unless comments are received that would result in a contrary determination. jbell on DSK30RV082PROD with NOTICES SUMMARY: VerDate Sep<11>2014 18:45 Mar 25, 2019 Jkt 247001 You may submit comments by any of the following methods, but please send comments by one method only: • Federal eRulemaking Portal: http:// www.regulations.gov. Follow the instructions for submitting comments. • NCUA Website: http:// www.ncua.gov/RegulationsOpinions Laws/proposed_regs/proposed_ regs.html. Follow the instructions for submitting comments. • Email: Address to regcomments@ ncua.gov. Include ‘‘[Your name]— Comments on ‘NCUA Connect, NCUA– 21 SORN’ ’’ in the email subject line. • Fax: (703) 518–6319. Use the subject line described above for email. • Mail: Address to Gerard Poliquin, Secretary of the Board, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314– 3428. • Hand Delivery/Courier: Same as mail address. FOR FURTHER INFORMATION CONTACT: Director of the Office of Business Innovation, the National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia, 22314, or Rena Kim, Privacy Attorney, Office of General Counsel, the National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314. Telephone number (703) 548–2398. SUPPLEMENTARY INFORMATION: This notice informs the public of NCUA’s proposal to establish and maintain a new system of records. The proposed new system is being established under NCUA’s authority in the Federal Credit Union Act, 12 U.S.C. 1751, et seq. The information collected in the NCUA Connect, NCUA–21 system of records is designed to provide a one-stop entry point for internal and external users, which should enhance user experience, while also streamlining security activities. This notice satisfies the Privacy Act requirement that an agency publish a system of records notice in the Federal Register when there is an addition to the agency’s systems of records. The format of NCUA Connect, NCUA–21 aligns with the guidance set forth in OMB Circular A–108. NCUA–21 and all of NCUA’s Standard Routine Uses are published in full below. All of the NCUA’s SORNs are available at www.ncua.gov. ADDRESSES: By the National Credit Union Administration Board on March 20, 2019. Gerard Poliquin, Secretary of the Board. SYSTEM NAME AND NUMBER NCUA Connect, NCUA–21. SECURITY CLASSIFICATION: Unclassified. PO 00000 Frm 00055 Fmt 4703 Sfmt 4703 11333 SYSTEM LOCATION: The system is operated and maintained in part by NCUA staff, and in part by third-party vendors. Please contact the system managers (below) for more information. SYSTEM MANAGER(S): Director of the Office of Business Innovation, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314–3428. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: 12 U.S.C. 1751, et seq. PURPOSE(S) OF THE SYSTEM: This system of records is maintained for the purpose of carrying out the NCUA’s statutorily mandated examination and supervision activities. Specifically, this system is the interface through which authorized users access NCUA’s other major examination, supervision, and reporting related systems. It is designed to provide a onestop entry point for internal and external users, which should enhance user experience, while also streamlining security activities. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Individuals covered by this system are (1) Current and former directors, officers, employees, and agents of credit unions; (2) Current and former credit union service organization representatives; (3) Other individuals engaged in business with the NCUA for a specific purpose (such as outside counsel); and (4) NCUA employees and contractors, and State Supervisory Authority staff. CATEGORIES OF RECORDS IN THE SYSTEM: Records in the system contain basic log-in information, including username, password, email address, and role. The system also contains log-in/access records. RECORD SOURCE CATEGORIES: The sources of information in the system are the individual users, or someone acting on their behalf (such as an administrator in their organization, or an NCUA employee or contractor). ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, these records or information contained therein may specifically be disclosed outside NCUA E:\FR\FM\26MRN1.SGM 26MRN1

Agencies

[Federal Register Volume 84, Number 58 (Tuesday, March 26, 2019)]
[Notices]
[Pages 11331-11333]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-05739]


=======================================================================
-----------------------------------------------------------------------

NATIONAL CREDIT UNION ADMINISTRATION


Privacy Act of 1974: Systems of Records

AGENCY: National Credit Union Administration (NCUA).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974, the National Credit Union 
Administration (NCUA) gives notice of a new proposed Privacy Act system 
of records. The new proposed system is the Examination and Supervision 
System (ESS), NCUA-22. The ESS will be used for NCUA's statutorily 
mandated examination and supervision activities, including the 
coordination and conduct of examinations of credit unions, supervisory 
evaluations and analyses, enforcement actions and Federal court 
actions. NCUA may coordinate with other financial regulatory agencies 
on matters related to the safety and soundness of credit unions. This 
system will track and store examination and supervision documents 
created during the performance of the NCUA's statutory duties.

DATES: Submit comments on or before April 25, 2019. This action will be 
effective without further notice on April 25, 2019 unless comments are 
received that would result in a contrary determination.

ADDRESSES: You may submit comments by any of the following methods, but 
please send comments by one method only:
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     NCUA website: http://www.ncua.gov/RegulationsOpinionsLaws/proposed_regs/proposed_regs.html. Follow the instructions for 
submitting comments.
     Email: Address to regcomments@ncua.gov. Include ``[Your 
name]--Comments on NCUA Examination and Supervision System (ESS), NCUA-
22 SORN'' in the email subject line.
     Fax: (703) 518-6319. Use the subject line described above 
for email.
     Mail: Address to Gerard Poliquin, Secretary of the Board, 
National Credit Union Administration, 1775 Duke Street, Alexandria, 
Virginia 22314-3428.
     Hand Delivery/Courier: Same as mail address.

FOR FURTHER INFORMATION CONTACT: Lisa Dolin, Business Innovation 
Officer, Office of Business Innovation, the National Credit Union 
Administration, 1775 Duke Street, Alexandria, Virginia, 22314, or Rena 
Kim, Privacy Attorney, Office of General Counsel, the National Credit 
Union Administration, 1775 Duke Street, Alexandria, Virginia, 22314.

SUPPLEMENTARY INFORMATION: This notice informs the public of NCUA's 
proposal to establish and maintain a new system of records. The 
proposed new system is being established under NCUA's authority in the 
Federal Credit Union Act, 12 U.S.C. 1751, et. seq. The information 
collected in the NCUA-22 system of records will also support 
investigations and supervisory and legal proceedings by the NCUA or 
other supervisory or law enforcement agencies. The information 
collected for administrative purposes will ensure quality control, 
performance, and improving examination and supervision processes. This 
notice satisfies the Privacy Act requirement that an agency publish a 
system of records notice in the Federal Register when there is an 
addition to the agency's systems of records.
    The format of NCUA-22 aligns with the guidance set forth in OMB 
Circular A-108. NCUA-22 and all of NCUA's Standard Routine Uses are 
published in full below. All of the NCUA's SORNs are available at 
www.ncua.gov.

    By the National Credit Union Administration Board on March 20, 
2019.
Gerard Poliquin,
Secretary of the Board.

SYSTEM NAME AND NUMBER:
    Examination and Supervision System (ESS)--NCUA-22

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    The system is operated and maintained in part by NCUA staff, and in 
part by third-party vendors. Please contact the system managers (below) 
for more information.

SYSTEM MANAGER(S):
    Director of the Office of Business Innovation and the Director of 
the Office of Examination and Insurance, National Credit Union 
Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    12 U.S.C. 1751, et. seq.

PURPOSE(S) OF THE SYSTEM:
    This system of records is maintained for the purpose of carrying 
out the NCUA's statutorily mandated examination and supervision 
activities, including the coordination and conduct of examinations, 
supervisory evaluations and analyses, enforcement actions and actions 
in Federal court. NCUA may coordinate with other financial regulatory 
agencies on matters related to the safety and soundness of credit 
unions. The information collected in this system will also support the 
conduct of investigations or other supervisory or legal actions by the 
NCUA or other supervisory or law enforcement agencies. This may result 
in criminal referrals, referrals to Offices of Inspectors General, or 
the initiation of administrative or Federal court actions. This system 
will track and store examination and supervision documents created 
during the performance of the NCUA's statutory duties. The information 
also will be used for administrative purposes such as quality control, 
performance metrics, and improvements to examination and supervision 
processes.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by this system are (1) Current and former 
directors, officers, employees, and agents of credit unions; (2) 
Current and former members who are or have been serviced by credit 
unions; (3) Current and former credit union service organization 
representatives; (4) Other individuals engaged in business with the 
NCUA for a specific purpose (such as outside counsel); and (5) NCUA 
employees and contractors, and State Supervisory Authority staff.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records in the system may contain (1) Contact information about 
credit union officials (such as members of the Board of Directors, 
Audit Committee Chair, Chief Executive Officer, Chief Compliance 
Officer, Internal Auditor, and Independent Auditor), such as name, 
address, phone number, and email address; (2) Demographic and financial 
information about individual credit union members, such as name, 
address, Social Security number, account information, loan and share 
information, and publicly available information; (3) Information about 
NCUA employees assigned to credit union examination and supervision 
tasks, such as name, work phone

[[Page 11332]]

number, work email address, and other employment information; (4) User 
information, such as name, email address, and role about other users of 
the system (such as contractors, credit union representatives, State 
Supervisory Authority staff, and Credit Union Service Organization 
representatives (CUSOs).

RECORD SOURCE CATEGORIES:
    The information in the system about credit union officials and 
individual credit union members is generally provided by credit unions 
and CUSOs. NCUA employees and contractors, and State Supervisory 
Authorities may add additional information to the system as part of 
their assigned supervision and examination activities (including 
analytics/business intelligence activities). Some of the information 
may be from third parties with relevant information about covered 
persons or service providers, or existing databases maintained by other 
Federal and state regulatory associations, law enforcement agencies, 
and related entities. Whenever practicable, the NCUA collects 
information about an individual directly from that individual.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, these records or information contained 
therein may specifically be disclosed outside NCUA as a routine use 
pursuant to 5 U.S.C. 552a(b)(3) as follows:
    1. NCUA's Standard Routine Uses apply to this system of records.
    2. To a financial institution affected by enforcement activities or 
reported criminal activities;
    3. To the Internal Revenue Service and appropriate State and local 
taxing authorities;
    4. To another federal or state agency to: (a) Permit a decision as 
to access, amendment or correction of records to be made in 
consultation with or by that agency, or (b) verify the identity of an 
individual or the accuracy of information submitted by an individual 
who has requested access to or amendment or correction of records;
    5. To a grand jury pursuant either to a federal or state grand jury 
subpoena, or to a prosecution request that such record be released for 
the purpose of its introduction to a grand jury, where the subpoena or 
request has been specifically approved by a court;
    6. To a court, magistrate, or administrative tribunal in the course 
of an administrative proceeding or judicial proceeding, including 
disclosures to opposing counsel or witnesses (including expert 
witnesses) in the course of discovery or other pre-hearing exchanges of 
information, litigation, or settlement negotiations, where relevant or 
potentially relevant to a proceeding related to the NCUA's mission of 
providing a safe and sound credit union system.
    7. To appropriate agencies, entities, and persons, including but 
not limited to potential expert witnesses, witnesses, or translators, 
in the course of supervision or enforcement related investigation;
    8. To appropriate federal, state, local, foreign, tribal, or self-
regulatory organizations or agencies responsible for investigating, 
prosecuting, enforcing, implementing, issuing, or carrying out a 
statute, rule, regulation, order, policy, or license if the information 
may be relevant to a potential violation of civil or criminal law, 
rule, regulation, order, policy, or license; and
    9. To an entity or person that is the subject of supervision or 
enforcement activities including examinations, investigations, 
administrative proceedings, and litigation, and the attorney or non-
attorney representative for that entity or person.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Electronic records and backups are stored on dedicated secure 
servers, approved by NCUA's Office of the Chief Information Officer 
(OCIO), within a FedRAMP-authorized commercial Cloud Service Provider's 
(CSP) Infrastructure as a Service (IaaS) hosting environment and 
accessed only by authorized personnel. No paper files are maintained.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records pertaining to individual credit union members are not 
generally retrieved outside of a scheduled examination or supervision 
contact. However, such records can be retrieved by credit union name, 
charter number, credit union member's name or other record in the 
system. The system includes advanced search features that function 
essentially as a full-text search tool.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained in accordance with the General Records 
Retention Schedules issued by the National Archives and Records 
Administration (NARA) or a NCUA records disposition schedule approved 
by NARA. Records existing on computer storage media are destroyed 
according to the applicable NIST-compliant media sanitization policy.

ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFEGUARDS:
    NCUA has implemented the appropriate administrative, technical, and 
physical controls in accordance with the Federal Information Security 
Modernization Act of 2014, Public Law 113-283, S. 2521, and NCUA's 
information security policies to protect the confidentiality, 
integrity, and availability of the information system and the 
information contained therein. Access is limited to individuals 
authorized through NIST-compliant Identity, Credential, and Access 
Management policies and procedures. The records are maintained behind a 
layered defensive posture consistent with all applicable federal laws 
and regulations, including OMB Circular A-130 and NIST Special 
Publications 800-37 and 800-53.

RECORD ACCESS PROCEDURES:
    Individuals wishing access to their records should submit a written 
request to the Senior Agency Official for Privacy, NCUA, 1775 Duke 
Street, Alexandria, VA 22314, and provide the following information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. The address to which the record information should be sent.
    4. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf. Individuals requesting access 
must also comply with NCUA's Privacy Act regulations regarding 
verification of identity and access to records (12 CFR 792.55).

CONTESTING RECORD PROCEDURES:
    Individuals wishing to request an amendment to their records should 
submit a written request to the Senior Agency Official for Privacy, 
NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following 
information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. A statement specifying the changes to be made in the records and 
the justification therefore.
    4. The address to which the response should be sent.
    5. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide

[[Page 11333]]

written authorization from that individual for the representative to 
act on their behalf.

NOTIFICATION PROCEDURES:
    Individuals wishing to learn whether this system of records 
contains information about them should submit a written request to the 
Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, 
VA 22314, and provide the following information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. The address to which the record information should be sent.
    4. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf. Individuals requesting access 
must also comply with NCUA's Privacy Act regulations regarding 
verification of identity and access to records (12 CFR 792.55).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    Federal criminal law enforcement investigatory reports maintained 
as part of this system may be the subject of exemptions imposed by the 
originating agency pursuant to 5 U.S.C. 552a(j)(2).

HISTORY:
    This is a new system.
[FR Doc. 2019-05739 Filed 3-25-19; 8:45 am]
 BILLING CODE P