Privacy Act of 1974: Systems of Records, 22484-22486 [2023-07847]

Download as PDF 22484 Federal Register / Vol. 88, No. 71 / Thursday, April 13, 2023 / Notices opportunities (e.g., internships, fellowships, challenges, educator professional development, experiential learning activities, etc.) in a single location. NASA personnel manage the selection of applicants and implementation of engagement opportunities within the Universal Registration and Data Management System. The information collected will be used by the NASA Office of STEM Engagement (OSTEM) in order to review applications for participation in NASA engagement opportunities. The information is reviewed by OSTEM project and activity managers, as well as NASA mentors who would be hosting students. This information collection will consist of student-level data such as demographic information submitted as part of the application. In addition to supporting student selection, studentlevel data will enable NASA OSTEM to fulfill federally mandated reporting on its STEM engagement activities and report relevant demographic information as needed for Agency performance goals and success criteria (annual performance indicators). lotter on DSK11XQN23PROD with NOTICES1 II. Methods of Collection Electronic. IV. Request for Comments Comments are invited on: (1) Whether the proposed collection of information is necessary for the proper performance of the functions of NASA, including 17:56 Apr 12, 2023 William Edwards-Bodmer, NASA PRA Clearance Officer. [FR Doc. 2023–07848 Filed 4–12–23; 8:45 am] BILLING CODE 7510–13–P NATIONAL CREDIT UNION ADMINISTRATION Privacy Act of 1974: Systems of Records National Credit Union Administration (NCUA). ACTION: Notice of a new system of records. Jkt 259001 Pursuant to the Privacy Act of 1974, the National Credit Union Administration (NCUA) gives notice of a new Privacy Act system of records. The new system is NCUA–27, NCUA General Support System Records. This system consists of information collected to provide authorized individuals with access to NCUA information technology resources. DATES: Submit comments on or before May 15, 2023. This system will be effective immediately, and routine uses will be effective on May 15, 2023. ADDRESSES: You may submit comments by any of the following methods, but please send comments by one method only: • Federal eRulemaking Portal: https:// www.regulations.gov. Follow the instructions for submitting comments. • NCUA website: https:// www.ncua.gov/RegulationsOpinions Laws/proposed_regs/proposed_ regs.html. Follow the instructions for submitting comments. • Fax: (703) 518–6319. Use the subject line described above for email. • Mail: Address to Melane ConyersAusbrooks, Secretary of the Board, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314–3428. SUMMARY: PO 00000 Frm 00081 Fmt 4703 Sfmt 4703 • Hand Delivery/Courier: Same as mail address. FOR FURTHER INFORMATION CONTACT: Jennifer Chemel, Attorney-Advisor, Office of General Counsel, the National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314. This notice informs the public of the NCUA’s proposal to establish and maintain a new system of records in accordance with the Privacy Act of 1974. The information collected in the NCUA–27 system of records consists of information collected for the purpose of providing authorized individuals with access to NCUA information technology resources. The format of NCUA–27 aligns with the guidance set forth in Office of Management and Budget Circular A– 108. SUPPLEMENTARY INFORMATION: By the National Credit Union Administration Board on April 10, 2023. Melane Conyers-Ausbrooks, Secretary of the Board. AGENCY: III. Data Title: NASA Universal Registration and Data Management System. OMB Number: 2700–0184. Type of Review: Reinstatement. Affected Public: Eligible students or educators, and/or awardee principal investigators may voluntarily apply for an internship or fellowship experience at a NASA facility, or register for a STEM engagement opportunity (e.g., challenges, educator professional development, experiential learning activities, etc.). Parents/caregivers of eligible student applicants (at least 16 years of age but under the age of 18) may voluntarily provide consent for their eligible student applicants to apply. Estimated Annual Number of Activities: 40. Estimated Number of Respondents per Activity: 4,125. Annual Responses: 165,000. Estimated Time per Response: 30 minutes. Estimated Total Annual Burden Hours: 82,500. Estimated Total Annual Cost: $1,015,207. VerDate Sep<11>2014 whether the information collected has practical utility; (2) the accuracy of NASA’s estimate of the burden (including hours and cost) of the proposed collection of information; (3) ways to enhance the quality, utility, and clarity of the information to be collected; and (4) ways to minimize the burden of the collection of information on respondents, including automated collection techniques or the use of other forms of information technology. Comments submitted in response to this notice will be summarized and included in the request for OMB approval of this information collection. They will also become a matter of public record. SYSTEM NAME AND NUMBER: NCUA–27, NCUA General Support System Records. SECURITY CLASSIFICATION: Unclassified. SYSTEM LOCATION: National Credit Union Administration, 1775 Duke Street, Alexandria, VA 22314–3428. SYSTEM MANAGER(S): Chief Information Officer, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314–3428. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: 12 U.S.C. 1751 et seq. and 40 U.S.C. 11331. PURPOSE(S) OF THE SYSTEM: The information in the system is being collected to enable the NCUA to provide authorized individuals access to NCUA information technology resources. The system enables the NCUA to maintain account information required for approved access to information technology, lists of individuals seeking or receiving access to NCUA information technology or equipment, and lists of individuals who are appropriate organizational points of contact. The information will also be used for administrative purposes to ensure quality control, performance, and improving management processes. E:\FR\FM\13APN1.SGM 13APN1 Federal Register / Vol. 88, No. 71 / Thursday, April 13, 2023 / Notices CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Categories of individuals covered by this system include all persons who are authorized to access NCUA information technology resources, including: (1) Employees, contractors, and any lawfully designated representatives of federal, state, territorial, tribal, or local government agencies or entities, in furtherance of the NCUA’s mission; (2) individuals who have business with the NCUA and who have provided personal information in order to facilitate access to NCUA information technology resources; and (3) individuals who are points of contact provided for government business, operations, or programs. CATEGORIES OF RECORDS IN THE SYSTEM: Records in this system may contain data relating to individuals, including but not limited to: name; telephone numbers, including business, cellular, and home numbers; level of access; home or other provided address for the receipt of issued IT equipment or resources; email addresses of senders and recipients; records of access to NCUA computers and networks including equipment issued, user ID and passwords, date(s) and time(s) of access, IP address of access, logs of internet activity and records on the authentication of the access request; records of identity management related to individual user’s request including universal resource locator of individual’s chosen identity assurance certificate provider and response from certificate provider of positive or negative authentication; and positions or titles of contacts, their business or organizational affiliations, and other contact information provided to the NCUA that is derived from other sources to facilitate authorized access to NCUA Information Technology resources. The information in this system includes information relating to system access and does not include the data held within the systems or information technology resources to which access or interaction is sought. RECORD SOURCE CATEGORIES: lotter on DSK11XQN23PROD with NOTICES1 Information in this system is obtained from individuals and entities associated with or granted access to NCUA information technology resources. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, these records or information contained therein may VerDate Sep<11>2014 17:56 Apr 12, 2023 Jkt 259001 specifically be disclosed outside the NCUA as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows: 1. If a record in a system of records indicates a violation or potential violation of civil or criminal law or a regulation, and whether arising by general statute or particular program statute, or by regulation, rule, or order, the relevant records in the system or records may be disclosed as a routine use to the appropriate agency, whether federal, state, local, or foreign, charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing the statute, rule, regulation, or order issued pursuant thereto. 2. A record from a system of records may be disclosed as a routine use to a member of Congress or to a congressional staff member in response to an inquiry from the congressional office made at the request of the individual about whom the record is maintained; 3. Records in a system of records may be disclosed as a routine use to the Department of Justice, when: (a) NCUA, or any of its components or employees acting in their official capacities, is a party to litigation; or (b) Any employee of NCUA in his or her individual capacity is a party to litigation and where the Department of Justice has agreed to represent the employee; or (c) The United States is a party in litigation, where NCUA determines that litigation is likely to affect the agency or any of its components, is a party to litigation or has an interest in such litigation, and NCUA determines that use of such records is relevant and necessary to the litigation, provided, however, that in each case, NCUA determines that disclosure of the records to the Department of Justice is a use of the information contained in the records that is compatible with the purpose for which the records were collected. 4. Records in a system of records may be disclosed as a routine use in a proceeding before a court or adjudicative body before which NCUA is authorized to appear (a) when NCUA or any of its components or employees are acting in their official capacities; (b) where NCUA or any employee of NCUA in his or her individual capacity has agreed to represent the employee; or (c) where NCUA determines that litigation is likely to affect the agency or any of its components, is a party to litigation or has an interest in such litigation, and NCUA determines that use of such records is relevant and necessary to the litigation, provided, however, NCUA determines that disclosure of the PO 00000 Frm 00082 Fmt 4703 Sfmt 4703 22485 records is compatible with the purpose for which the records were collected. 5. A record from a system of records may be disclosed to contractors, experts, consultants, and the agents thereof, and others performing or working on a contract, service, cooperative agreement, or other assignment for NCUA when necessary to accomplish an agency function. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to NCUA employees. 6. Records may be disclosed to the Department of Homeland Security (DHS) if captured in an intrusion detection system used by NCUA and DHS pursuant to a DHS cybersecurity program that monitors internet traffic to and from federal government computer networks to prevent cybersecurity incidents; 7. A record from a system of records may be disclosed to appropriate agencies, entities, and persons when (1) NCUA suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised; (2) NCUA has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by NCUA or another agency or entity) that rely upon the compromised information; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with NCUA’s efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. 8. To another Federal agency or Federal entity, when the NCUA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. POLICIES AND PRACTICES FOR STORAGE OF RECORDS: Electronic records and backups are stored on secure servers, approved by NCUA’s Office of the Chief Information Officer (OCIO), and accessed only by authorized personnel. E:\FR\FM\13APN1.SGM 13APN1 22486 Federal Register / Vol. 88, No. 71 / Thursday, April 13, 2023 / Notices POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: Records are retrievable by a variety of fields including the individual’s name or username. POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: Records are maintained and disposed in accordance with the General Records Retention Schedules issued by the National Archives and Records Administration (NARA). NOTIFICATION PROCEDURES: NCUA has implemented the appropriate administrative, technical, and physical controls in accordance with the Federal Information Security Modernization Act of 2014, Public Law 113–283, S. 2521, and NCUA’s information security policies to protect the confidentiality, integrity, and availability of the information system and the information contained therein. Access is limited only to individuals authorized through NIST-compliant Identity, Credential, and Access Management policies and procedures. The records are maintained behind a layered defensive posture consistent with all applicable federal laws and regulations, including Office of Management and Budget Circular A–130 and NIST Special Publication 800–37. Individuals wishing to learn whether this system of records contains information about them should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information: 1. Full name. 2. Any available information regarding the type of record involved. 3. The address to which the record information should be sent. 4. You must sign your request. Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf. Individuals requesting access must also comply with NCUA’s Privacy Act regulations regarding verification of identity and access to records (12 CFR 792.55). RECORD ACCESS PROCEDURES: EXEMPTIONS PROMULGATED FOR THE SYSTEM: ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFEGUARDS: Individuals wishing access to their records should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information: 1. Full name. 2. Any available information regarding the type of record involved. 3. The address to which the record information should be sent. 4. You must sign your request. Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf. Individuals requesting access must also comply with NCUA’s Privacy Act regulations regarding verification of identity and access to records (12 CFR 792.55). CONTESTING RECORD PROCEDURES: lotter on DSK11XQN23PROD with NOTICES1 3. A statement specifying the changes to be made in the records and the justification therefore. 4. The address to which the response should be sent. 5. You must sign your request. Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf. Individuals wishing to request an amendment to their records should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information: 1. Full name. 2. Any available information regarding the type of record involved. VerDate Sep<11>2014 17:56 Apr 12, 2023 Jkt 259001 None. HISTORY: This is a new system. [FR Doc. 2023–07847 Filed 4–12–23; 8:45 am] BILLING CODE 7535–01–P NATIONAL CREDIT UNION ADMINISTRATION Privacy Act of 1974: Systems of Records National Credit Union Administration (NCUA). ACTION: Notice of a new system of records. AGENCY: Pursuant to the Privacy Act of 1974, the National Credit Union Administration (NCUA) gives notice of a new Privacy Act system of records. The new system is NCUA–26, Prospective Official Application Records. The Federal Credit Union Act requires that the NCUA investigate the general character and fitness of the management and officials of a proposed federal credit union or proposed federally insured state-chartered credit union. This system will include information that the NCUA collects and SUMMARY: PO 00000 Frm 00083 Fmt 4703 Sfmt 4703 maintains to meet these requirements of the Federal Credit Union Act. Information is collected directly from the individual with their consent. DATES: Submit comments on or before May 15, 2023. This system will be effective immediately, and routine uses will be effective on May 15, 2023. ADDRESSES: You may submit comments by any of the following methods, but please send comments by one method only: • Federal eRulemaking Portal: https:// www.regulations.gov. Follow the instructions for submitting comments. • NCUA Website: https:// www.ncua.gov/ RegulationsOpinionsLaws/proposed_ regs/proposed_regs.html. Follow the instructions for submitting comments. • Fax: (703) 518–6319. Use the subject line described above for email. • Mail: Address to Melane ConyersAusbrooks, Secretary of the Board, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314–3428. • Hand Delivery/Courier: Same as mail address. FOR FURTHER INFORMATION CONTACT: Jennifer Chemel, Attorney-Advisor, Office of General Counsel, the National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314. SUPPLEMENTARY INFORMATION: This notice informs the public of the NCUA’s proposal to establish and maintain a new system of records in accordance with the Privacy Act of 1974. The proposed system of records covers the NCUA’s collection and maintenance of records on applications for proposed federal and federally insured statechartered credit union officials and employees. The Federal Credit Union Act requires that the NCUA investigate the general character and fitness of officials and senior management of proposed federal credit unions and proposed federally insured statechartered credit unions. The Federal Credit Union Act defines management of a federal credit union as the proposed credit union’s board of directors, credit committee, and supervisory committee. Senior management official is defined as a chief executive officer, an assistant chief executive officer, a chief financial officer, and any other senior executive officer. NCUA’s Office of Credit Union Resources and Expansion (CURE) manages the credit union charter process and performs these general investigations with the assistance of the NCUA’s Office of Continuity and Security Management. The format of NCUA–26 aligns with the guidance set forth in Office of E:\FR\FM\13APN1.SGM 13APN1

Agencies

[Federal Register Volume 88, Number 71 (Thursday, April 13, 2023)]
[Notices]
[Pages 22484-22486]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-07847]


=======================================================================
-----------------------------------------------------------------------

NATIONAL CREDIT UNION ADMINISTRATION


Privacy Act of 1974: Systems of Records

AGENCY: National Credit Union Administration (NCUA).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974, the National Credit Union 
Administration (NCUA) gives notice of a new Privacy Act system of 
records. The new system is NCUA-27, NCUA General Support System 
Records. This system consists of information collected to provide 
authorized individuals with access to NCUA information technology 
resources.

DATES: Submit comments on or before May 15, 2023. This system will be 
effective immediately, and routine uses will be effective on May 15, 
2023.

ADDRESSES: You may submit comments by any of the following methods, but 
please send comments by one method only:
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     NCUA website: https://www.ncua.gov/RegulationsOpinionsLaws/proposed_regs/proposed_regs.html. Follow the instructions for 
submitting comments.
     Fax: (703) 518-6319. Use the subject line described above 
for email.
     Mail: Address to Melane Conyers-Ausbrooks, Secretary of 
the Board, National Credit Union Administration, 1775 Duke Street, 
Alexandria, Virginia 22314-3428.
     Hand Delivery/Courier: Same as mail address.

FOR FURTHER INFORMATION CONTACT: Jennifer Chemel, Attorney-Advisor, 
Office of General Counsel, the National Credit Union Administration, 
1775 Duke Street, Alexandria, Virginia 22314.

SUPPLEMENTARY INFORMATION: This notice informs the public of the NCUA's 
proposal to establish and maintain a new system of records in 
accordance with the Privacy Act of 1974. The information collected in 
the NCUA-27 system of records consists of information collected for the 
purpose of providing authorized individuals with access to NCUA 
information technology resources.
    The format of NCUA-27 aligns with the guidance set forth in Office 
of Management and Budget Circular A-108.

    By the National Credit Union Administration Board on April 10, 
2023.
Melane Conyers-Ausbrooks,
Secretary of the Board.

SYSTEM NAME AND NUMBER:
    NCUA-27, NCUA General Support System Records.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    National Credit Union Administration, 1775 Duke Street, Alexandria, 
VA 22314-3428.

SYSTEM MANAGER(S):
    Chief Information Officer, National Credit Union Administration, 
1775 Duke Street, Alexandria, Virginia 22314-3428.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    12 U.S.C. 1751 et seq. and 40 U.S.C. 11331.

PURPOSE(S) OF THE SYSTEM:
    The information in the system is being collected to enable the NCUA 
to provide authorized individuals access to NCUA information technology 
resources. The system enables the NCUA to maintain account information 
required for approved access to information technology, lists of 
individuals seeking or receiving access to NCUA information technology 
or equipment, and lists of individuals who are appropriate 
organizational points of contact. The information will also be used for 
administrative purposes to ensure quality control, performance, and 
improving management processes.

[[Page 22485]]

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Categories of individuals covered by this system include all 
persons who are authorized to access NCUA information technology 
resources, including: (1) Employees, contractors, and any lawfully 
designated representatives of federal, state, territorial, tribal, or 
local government agencies or entities, in furtherance of the NCUA's 
mission; (2) individuals who have business with the NCUA and who have 
provided personal information in order to facilitate access to NCUA 
information technology resources; and (3) individuals who are points of 
contact provided for government business, operations, or programs.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records in this system may contain data relating to individuals, 
including but not limited to: name; telephone numbers, including 
business, cellular, and home numbers; level of access; home or other 
provided address for the receipt of issued IT equipment or resources; 
email addresses of senders and recipients; records of access to NCUA 
computers and networks including equipment issued, user ID and 
passwords, date(s) and time(s) of access, IP address of access, logs of 
internet activity and records on the authentication of the access 
request; records of identity management related to individual user's 
request including universal resource locator of individual's chosen 
identity assurance certificate provider and response from certificate 
provider of positive or negative authentication; and positions or 
titles of contacts, their business or organizational affiliations, and 
other contact information provided to the NCUA that is derived from 
other sources to facilitate authorized access to NCUA Information 
Technology resources. The information in this system includes 
information relating to system access and does not include the data 
held within the systems or information technology resources to which 
access or interaction is sought.

RECORD SOURCE CATEGORIES:
    Information in this system is obtained from individuals and 
entities associated with or granted access to NCUA information 
technology resources.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, these records or information contained 
therein may specifically be disclosed outside the NCUA as a routine use 
pursuant to 5 U.S.C. 552a(b)(3) as follows:
    1. If a record in a system of records indicates a violation or 
potential violation of civil or criminal law or a regulation, and 
whether arising by general statute or particular program statute, or by 
regulation, rule, or order, the relevant records in the system or 
records may be disclosed as a routine use to the appropriate agency, 
whether federal, state, local, or foreign, charged with the 
responsibility of investigating or prosecuting such violation or 
charged with enforcing or implementing the statute, rule, regulation, 
or order issued pursuant thereto.
    2. A record from a system of records may be disclosed as a routine 
use to a member of Congress or to a congressional staff member in 
response to an inquiry from the congressional office made at the 
request of the individual about whom the record is maintained;
    3. Records in a system of records may be disclosed as a routine use 
to the Department of Justice, when: (a) NCUA, or any of its components 
or employees acting in their official capacities, is a party to 
litigation; or (b) Any employee of NCUA in his or her individual 
capacity is a party to litigation and where the Department of Justice 
has agreed to represent the employee; or (c) The United States is a 
party in litigation, where NCUA determines that litigation is likely to 
affect the agency or any of its components, is a party to litigation or 
has an interest in such litigation, and NCUA determines that use of 
such records is relevant and necessary to the litigation, provided, 
however, that in each case, NCUA determines that disclosure of the 
records to the Department of Justice is a use of the information 
contained in the records that is compatible with the purpose for which 
the records were collected.
    4. Records in a system of records may be disclosed as a routine use 
in a proceeding before a court or adjudicative body before which NCUA 
is authorized to appear (a) when NCUA or any of its components or 
employees are acting in their official capacities; (b) where NCUA or 
any employee of NCUA in his or her individual capacity has agreed to 
represent the employee; or (c) where NCUA determines that litigation is 
likely to affect the agency or any of its components, is a party to 
litigation or has an interest in such litigation, and NCUA determines 
that use of such records is relevant and necessary to the litigation, 
provided, however, NCUA determines that disclosure of the records is 
compatible with the purpose for which the records were collected.
    5. A record from a system of records may be disclosed to 
contractors, experts, consultants, and the agents thereof, and others 
performing or working on a contract, service, cooperative agreement, or 
other assignment for NCUA when necessary to accomplish an agency 
function. Individuals provided information under this routine use are 
subject to the same Privacy Act requirements and limitations on 
disclosure as are applicable to NCUA employees.
    6. Records may be disclosed to the Department of Homeland Security 
(DHS) if captured in an intrusion detection system used by NCUA and DHS 
pursuant to a DHS cybersecurity program that monitors internet traffic 
to and from federal government computer networks to prevent 
cybersecurity incidents;
    7. A record from a system of records may be disclosed to 
appropriate agencies, entities, and persons when (1) NCUA suspects or 
has confirmed that the security or confidentiality of information in 
the system of records has been compromised; (2) NCUA has determined 
that as a result of the suspected or confirmed compromise there is a 
risk of harm to economic or property interests, identity theft or 
fraud, or harm to the security or integrity of this system or other 
systems or programs (whether maintained by NCUA or another agency or 
entity) that rely upon the compromised information; and (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with NCUA's efforts to respond to the 
suspected or confirmed compromise and prevent, minimize, or remedy such 
harm.
    8. To another Federal agency or Federal entity, when the NCUA 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Electronic records and backups are stored on secure servers, 
approved by NCUA's Office of the Chief Information Officer (OCIO), and 
accessed only by authorized personnel.

[[Page 22486]]

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrievable by a variety of fields including the 
individual's name or username.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained and disposed in accordance with the General 
Records Retention Schedules issued by the National Archives and Records 
Administration (NARA).

ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFEGUARDS:
    NCUA has implemented the appropriate administrative, technical, and 
physical controls in accordance with the Federal Information Security 
Modernization Act of 2014, Public Law 113-283, S. 2521, and NCUA's 
information security policies to protect the confidentiality, 
integrity, and availability of the information system and the 
information contained therein. Access is limited only to individuals 
authorized through NIST-compliant Identity, Credential, and Access 
Management policies and procedures. The records are maintained behind a 
layered defensive posture consistent with all applicable federal laws 
and regulations, including Office of Management and Budget Circular A-
130 and NIST Special Publication 800-37.

RECORD ACCESS PROCEDURES:
    Individuals wishing access to their records should submit a written 
request to the Senior Agency Official for Privacy, NCUA, 1775 Duke 
Street, Alexandria, VA 22314, and provide the following information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. The address to which the record information should be sent.
    4. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf. Individuals requesting access 
must also comply with NCUA's Privacy Act regulations regarding 
verification of identity and access to records (12 CFR 792.55).

CONTESTING RECORD PROCEDURES:
    Individuals wishing to request an amendment to their records should 
submit a written request to the Senior Agency Official for Privacy, 
NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following 
information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. A statement specifying the changes to be made in the records and 
the justification therefore.
    4. The address to which the response should be sent.
    5. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf.

NOTIFICATION PROCEDURES:
    Individuals wishing to learn whether this system of records 
contains information about them should submit a written request to the 
Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, 
VA 22314, and provide the following information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. The address to which the record information should be sent.
    4. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf. Individuals requesting access 
must also comply with NCUA's Privacy Act regulations regarding 
verification of identity and access to records (12 CFR 792.55).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    This is a new system.

[FR Doc. 2023-07847 Filed 4-12-23; 8:45 am]
BILLING CODE 7535-01-P
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.