Privacy Act of 1974; System of Records, 37584-37586 [2023-12246]

Agencies

• National Credit Union Administration

[Federal Register Volume 88, Number 110 (Thursday, June 8, 2023)]
[Notices]
[Pages 37584-37586]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-12246]


=======================================================================
-----------------------------------------------------------------------

NATIONAL CREDIT UNION ADMINISTRATION


Privacy Act of 1974; System of Records

AGENCY: National Credit Union Administration (NCUA).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974, the National Credit Union 
Administration (NCUA) gives notice of a new proposed Privacy Act system 
of records. The new system is NCUA-28, Anti-Harassment Case Tracking 
and Records. This system will maintain information collected for the 
purpose of conducting internal investigations into allegations of 
harassment brought by NCUA employees and NCUA contractors and taking 
appropriate action(s). Information is collected directly from the 
individual with their consent.

DATES: Submit comments on or before July 10, 2023. This system will be 
effective immediately, and routine uses will be effective on July 10, 
2023.

ADDRESSES: You may submit comments by any of the following methods, but 
please send comments by one method only:
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: (703) 518-6319. Include ``[Your Name]--Comments on 
New System of Records, NCUA-28'' in the transmittal.
     Mail: Address to Melane Conyers-Ausbrooks, Secretary of 
the Board, National Credit Union Administration, 1775 Duke Street, 
Alexandria, Virginia 22314-3428.
     Hand Delivery/Courier: Same as mail address.

FOR FURTHER INFORMATION CONTACT: Elizabeth Fischmann, Chief Ethics 
Counsel, Donald Names, Anti-Harassment Coordinator, Office of Ethics 
Counsel, or Linda Dent, Senior Agency Official for Privacy, the 
National Credit Union Administration, 1775 Duke Street, Alexandria, 
Virginia, 22314.

SUPPLEMENTARY INFORMATION: Pursuant to the Privacy Act, 5 U.S.C. 552a, 
the NCUA is establishing a new system of records, NCUA-28, Anti-
Harassment

[[Page 37585]]

Case Tracking and Records. This new system will support the prevention 
of and investigations into alleged harassment in the NCUA workspace. 
The NCUA is committed to equal employment opportunity and a workplace 
free of unlawful discriminatory harassment or any other category of 
harassment.
    The format of NCUA-28 aligns with the guidance set forth in Office 
of Management and Budget (OMB) Circular A-108.

    By the National Credit Union Administration Board.
Melane Conyers-Ausbrooks,
Secretary of the Board.

SYSTEM NAME AND NUMBER:
    Anti-Harassment Case Tracking and Records, NCUA-28.

SECURITY CLASSIFICATION
    Unclassified.

SYSTEM LOCATION:
    National Credit Union Administration, 1775 Duke Street, Alexandria, 
Virginia 22314-3428.

SYSTEM MANAGER:
    Anti-Harassment Coordinator, Office of Ethics Counsel, National 
Credit Union Administration, 1775 Duke Street, Alexandria, VA 22314-
3428.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    12 U.S.C. 1751, et seq.; Title VII of the Civil Rights Act of 1964, 
42 U.S.C. 2000e, et seq.; Age Discrimination in Employment Act of 1967, 
29 U.S.C. 621, et seq.; Americans with Disabilities Act, 42 U.S.C. 
12101, et seq., including ADA Amendments Act of 2008; Rehabilitation 
Act of 1973 (Section 501), 29 U.S.C. 791; Notification and Federal 
Employee Antidiscrimination and Retaliation Act of 2002 (No FEAR Act), 
Public Law 107-174; Genetic Information Nondiscrimination Act of 2008 
(GINA), Public Law 110-233; Executive Order 13087; Executive Order 
13152; and further amendments to Executive Order 11478, Executive Order 
11246, and EEOC Enforcement Guidance: Vicarious Employer Liability for 
Unlawful Harassment by Supervisors, Notice 915.002, V.C.1 (June 18, 
1999).

PURPOSE(S) OF THE SYSTEM:
    The information in the system is collected to assist the NCUA with 
conducting internal investigations into allegations of harassment 
brought by NCUA employees and NCUA contractors and taking appropriate 
action(s) to address such allegations.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    NCUA employees and NCUA contractors who have submitted complaints 
or reports of harassment or who have provided information related to an 
investigation of workplace harassment and NCUA employees and 
contractors who have been accused of harassment.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records in the system include complaints of harassment, statements 
of witnesses, reports of investigation, investigator's and Chief Ethics 
Officer's findings and recommendations, final decisions and corrective 
action taken, and related correspondence and exhibits. These records 
include names of the alleged victim, harasser and witnesses, their 
contact information, and the specific circumstances relevant to the 
harassment.

RECORD SOURCE CATEGORIES:
    The information in this system is collected directly from 
individuals.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside the NCUA 
as a routine use as follows:
    1. To disclose information as necessary to any source from which 
additional information is requested in the course of processing a 
complaint or report of harassment.
    2. To provide to the alleged harasser information in the event of a 
disciplinary hearing.
    3. A record from a system of records may be disclosed as a routine 
use to an authorized appeal grievance examiner, formal complaints 
examiner, equal employment opportunity investigator, arbitrator, or 
other duly authorized official engaged in investigation or settlement 
of a grievance, complaint, or appeal filed by an employee. Further, a 
record from any system of records may be disclosed as a routine use to 
the Office of Personnel Management in accordance with the agency's 
responsibility for evaluation and oversight of federal personnel 
management.
    4. If a record in a system of records indicates a violation or 
potential violation of civil or criminal law or a regulation, and 
whether arising by general statute or particular program statute, or by 
regulation, rule, or order, the relevant records in the system or 
records may be disclosed as a routine use to the appropriate agency, 
whether federal, state, local, or foreign, charged with the 
responsibility of investigating or prosecuting such violation or 
charged with enforcing or implementing the statute, rule, regulation, 
or order issued pursuant thereto.
    5. A record from a system of records may be disclosed as a routine 
use to a member of Congress or to a congressional staff member in 
response to an inquiry from the congressional office made at the 
request of the individual about whom the record is maintained;
    6. Records in a system of records may be disclosed as a routine use 
to the Department of Justice, when: (a) NCUA, or any of its components 
or employees acting in their official capacities, is a party to 
litigation; or (b) Any employee of NCUA in his or her individual 
capacity is a party to litigation and where the Department of Justice 
has agreed to represent the employee; or (c) The United States is a 
party in litigation, where NCUA determines that litigation is likely to 
affect the agency or any of its components, is a party to litigation or 
has an interest in such litigation, and NCUA determines that use of 
such records is relevant and necessary to the litigation, provided, 
however, that in each case, NCUA determines that disclosure of the 
records to the Department of Justice is a use of the information 
contained in the records that is compatible with the purpose for which 
the records were collected.
    7. Records in a system of records may be disclosed as a routine use 
in a proceeding before a court or adjudicative body before which NCUA 
is authorized to appear: (a) when NCUA or any of its components or 
employees are acting in their official capacities; (b) where NCUA or 
any employee of NCUA in his or her individual capacity has agreed to 
represent the employee; or (c) where NCUA determines that litigation is 
likely to affect the agency or any of its components, is a party to 
litigation or has an interest in such litigation, and NCUA determines 
that use of such records is relevant and necessary to the litigation;
    8. A record from a system of records may be disclosed as a routine 
use to contractors, experts, consultants, and the agents thereof, and 
others performing or working on a contract, service, cooperative 
agreement, or other assignment for NCUA when necessary to accomplish an 
agency function or administer an employee benefit program. Individuals 
provided information under this routine use are

[[Page 37586]]

subject to the same Privacy Act requirements and limitations on 
disclosure as are applicable to NCUA employees;
    9. A record from a system of records may be disclosed to 
appropriate agencies, entities, and persons when: (1) NCUA suspects or 
has confirmed that the security or confidentiality of information in 
the system of records has been compromised; (2) NCUA has determined 
that as a result of the suspected or confirmed compromise there is a 
risk of harm to economic or property interests, identity theft or 
fraud, or harm to the security or integrity of this system or other 
systems or programs (whether maintained by NCUA or another agency or 
entity) that rely upon the compromised information; and (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with NCUA's efforts to respond to the 
suspected or confirmed compromise and prevent, minimize, or remedy such 
harm; and
    10. To another Federal agency or Federal entity, when the NCUA 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in: (1) responding 
to a suspected or confirmed breach; or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Electronic records and backups are stored on secure servers, 
approved by the NCUA's Office of the Chief Information Officer (OCIO), 
and accessed only by authorized personnel.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by any of the following: name of the 
individual who files a complaint or report of harassment, name of the 
alleged victim of harassment, if any, and name of the alleged harasser.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained and disposed of in accordance with the 
General Records Retention Schedules issued by the National Archives and 
Records Administration (NARA) or an NCUA records disposition schedule 
approved by NARA.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    NCUA has implemented the appropriate administrative, technical, and 
physical controls in accordance with the Federal Information Security 
Modernization Act of 2014, Public Law 113-283, S. 2521, and the NCUA's 
information security policies to protect the confidentiality, 
integrity, and availability of the information system and the 
information contained therein. Access is limited only to individuals 
authorized through NIST-compliant Identity, Credential, and Access 
Management policies and procedures. The records are maintained behind a 
layered defensive posture consistent with all applicable Federal laws 
and regulations, including Office of Management and Budget (OMB) 
Circular A-130 and NIST Special Publication 800-37.

RECORD ACCESS PROCEDURES:
    After an individual receives verification that they have a record 
in the system, per the notification procedure above, if they wish to 
access to their records, they should submit a written request to the 
Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, 
VA 22314, and provide the following information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. The address to which the record information should be sent.
    4. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf. Individuals requesting access 
must also comply with the NCUA's Privacy Act regulations regarding 
verification of identity and access to records (12 CFR 792.55).

CONTESTING RECORD PROCEDURES:
    Individuals wishing to request an amendment to their records should 
submit a written request to the Senior Agency Official for Privacy, 
NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following 
information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. A statement specifying the changes to be made in the records and 
the justification therefore.
    4. The address to which the response should be sent.
    5. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf.

NOTIFICATION PROCEDURES:
    Individuals wishing to learn whether this system of records 
contains information about them should submit a written request to the 
Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, 
VA 22314, and provide the following information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. The address to which the record information should be sent.
    4. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf. Individuals requesting access 
must also comply with the NCUA's Privacy Act regulations regarding 
verification of identity and access to records (12 CFR 792.55).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    This system is exempt under 5 U.S.C. 552a(k)(2) from subsections 
(c)(3), (d), (e)(1), (e)(4)(G), (e)(4)(H), (e)(4)(I) and (f) of the 
Act.

HISTORY:
    This is a new system.

[FR Doc. 2023-12246 Filed 6-7-23; 8:45 am]
BILLING CODE P