Privacy Act of 1974: Systems of Records, 47920-47922 [2023-15737]

Download as PDF 47920 Federal Register / Vol. 88, No. 141 / Tuesday, July 25, 2023 / Notices information collection request; they also will become a matter of public record. James D. Rodriguez, Assistant Secretary, Veterans’ Employment and Training Service, U.S. Department of Labor. [FR Doc. 2023–15668 Filed 7–24–23; 8:45 am] BILLING CODE 4510–79–P NATIONAL CREDIT UNION ADMINISTRATION Privacy Act of 1974: Systems of Records National Credit Union Administration (NCUA). ACTION: Notice of a new system of records. AGENCY: Pursuant to the Privacy Act of 1974, the National Credit Union Administration (NCUA) gives notice of a new Privacy Act system of records. The new system is NCUA–29, NonPayroll Employee Administrative Records. The Non-Payroll Employee Administrative Records System will collect information used for non-payroll personnel actions and human resources administrative purposes, including administering supplemental benefits, employee assistance programs, and work-life programs. DATES: Submit comments on or before August 24, 2023. This system will be effective immediately, and routine uses will be effective on August 24, 2023. ADDRESSES: You may submit comments by any of the following methods, but please send comments by one method only: • Federal eRulemaking Portal: https:// www.regulations.gov. Follow the instructions for submitting comments. • NCUA website: https:// www.ncua.gov/ RegulationsOpinionsLaws/proposed_ regs/proposed_regs.html. Follow the instructions for submitting comments. • Fax: (703) 518–6319. Use the subject line described above for email. • Mail: Address to Melane ConyersAusbrooks, Secretary of the Board, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314–3428. • Hand Delivery/Courier: Same as mail address. FOR FURTHER INFORMATION CONTACT: Jennifer Harrison, Attorney-Advisor, Office of General Counsel, (703) 518– 6540. SUPPLEMENTARY INFORMATION: This notice informs the public of the NCUA’s proposal to establish and maintain a new system of records in accordance ddrumheller on DSK120RN23PROD with NOTICES1 SUMMARY: VerDate Sep<11>2014 18:12 Jul 24, 2023 Jkt 259001 with the Privacy Act of 1974. The proposed system of records will be used to collect and maintain information used for non-payroll personnel actions and for human resources administrative purposes, including administering supplemental benefits, employee assistance programs, and work-life programs. These may include, but are not limited to retirement, health examination programs, classes and wellness seminars, student loan repayment, flexible spending, as well as other similar benefits not otherwise covered as part of the general personnel and administrative records covered by the government-wide system of records notice published by the Office of Personnel Management in OPM/GOVT– 1 or those records covered under NCUA–3, Payroll Records System. The format of NCUA–29 aligns with the guidance set forth in Office of Management and Budget (OMB) Circular A–108. By the National Credit Union Administration Board. Dated: July 20, 2023. Melane Conyers-Ausbrooks, Secretary of the Board. Non-Payroll Employee Administrative Records, NCUA–29. SECURITY CLASSIFICATION: Unclassified. SYSTEM LOCATION: National Credit Union Administration, 1775 Duke Street, Alexandria, VA 22314–3428. SYSTEM MANAGER(S): Director, Office of Human Resources, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314–3428. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: 12 U.S.C. 1766. PURPOSE(S) OF THE SYSTEM: The purpose of this system is to collect and maintain information used for non-payroll personnel actions and for human resources administrative purposes, including administering supplemental benefits, employee assistance programs, and work-life programs. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: To the extent not covered by any other system, this system covers current and former NCUA employees, dependents, and beneficiaries who are enrolled in, apply for, or participate in one or more of NCUA employee benefit programs. Frm 00077 Fmt 4703 Sfmt 4703 Records in the system include Individual name, Social Security number (SSN), employee ID number, Taxpayer Identification Number (TIN), or similar. Records may also include home and work contact information, including address, telephone number, and email address; information related to an employee’s participation in supplemental retirement, health, and benefit programs, including salary information, contribution amount(s), dependents and beneficiary names, addresses, relationship, and Social Security number(s); information about student loans related to the student loan repayment benefit, including type of loan, loan account number, loan holder name and address, total loan amount and amount outstanding; and service agreement information; and receipts and similar documentation provided as evidence of expenditures for reimbursement through supplemental benefits, employee assistance and worklife programs. RECORD SOURCE CATEGORIES: SYSTEM NAME AND NUMBER: PO 00000 CATEGORIES OF RECORDS IN THE SYSTEM: The information in this system is obtained from current and former NCUA employees and from entities associated with benefits and work-life programs including retirement, human resources functions, accounting, and payroll systems administration. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, these records or information contained therein may specifically be disclosed outside the NCUA as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows: 1. A record from a system of records may be disclosed as a routine use to carriers, providers, and other Federal agencies involved in the administration of employee benefit programs and such agencies’ contractors or plan administrators, when necessary to determine employee eligibility to participate in such programs, process employee participation in such programs, audit benefits paid under such programs, or perform any administrative function in connection with those programs; 2. A record from a system of records may be disclosed as a routine use to Federal, state, and local taxation authorities concerning compensation to employees or to contractors; to the Office of Personnel Management, Department of the Treasury, Department of Labor, and other Federal agencies E:\FR\FM\25JYN1.SGM 25JYN1 ddrumheller on DSK120RN23PROD with NOTICES1 Federal Register / Vol. 88, No. 141 / Tuesday, July 25, 2023 / Notices concerning pay, benefits, and retirement of employees; to financial organizations concerning employee allotments to accounts; and to heirs, executors, and legal representatives of beneficiaries; 3. If a record in a system of records indicates a violation or potential violation of civil or criminal law or a regulation, and whether arising by general statute or particular program statute, or by regulation, rule, or order, the relevant records in the system or records may be disclosed as a routine use to the appropriate agency, whether Federal, State, local, or foreign, charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing the statute, rule, regulation, or order issued pursuant thereto; 4. A record from a system of records may be disclosed as a routine use to a member of Congress or to a congressional staff member in response to an inquiry from the congressional office made at the request of the individual about whom the record is maintained; 5. Records in a system of records may be disclosed as a routine use to the Department of Justice, when: (a) NCUA, or any of its components or employees acting in their official capacities, is a party to litigation; or (b) Any employee of NCUA in his or her individual capacity is a party to litigation and where the Department of Justice has agreed to represent the employee; or (c) The United States is a party in litigation, where NCUA determines that litigation is likely to affect the agency or any of its components, is a party to litigation or has an interest in such litigation, and NCUA determines that use of such records is relevant and necessary to the litigation; 6. Records in a system of records may be disclosed as a routine use in a proceeding before a court or adjudicative body before which NCUA is authorized to appear (a) when NCUA or any of its components or employees are acting in their official capacities; (b) where NCUA or any employee of NCUA in his or her individual capacity has agreed to represent the employee; or (c) where NCUA determines that litigation is likely to affect the agency or any of its components, is a party to litigation or has an interest in such litigation, and NCUA determines that use of such records is relevant and necessary to the litigation; 7. A record from a system of records may be disclosed as a routine use to contractors, experts, consultants, and the agents thereof, and others performing or working on a contract, service, cooperative agreement, or other VerDate Sep<11>2014 18:12 Jul 24, 2023 Jkt 259001 assignment for NCUA when necessary to accomplish an agency function or administer an employee benefit program. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to NCUA employees; 8. A record from a system of records may be disclosed to appropriate agencies, entities, and persons when (1) NCUA suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised; (2) NCUA has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by NCUA or another agency or entity) that rely upon the compromised information; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with NCUA’s efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm; and 9. To another Federal agency or Federal entity, when the NCUA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. POLICIES AND PRACTICES FOR STORAGE OF RECORDS: Electronic records and backups are stored on secure servers, approved by NCUA’s Office of the Chief Information Officer (OCIO), within a FedRAMPauthorized commercial Cloud Service Provider’s (CSP) Software-as-a-Service solution hosting environment and accessed only by authorized personnel. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: Records are retrievable by a variety of fields including, but not limited to, individual name, SSN, employee ID, or some combination thereof. POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: Records are maintained and disposed in accordance with the General Records Retention Schedules issued by the PO 00000 Frm 00078 Fmt 4703 Sfmt 4703 47921 National Archives and Records Administration (NARA) or an NCUA records disposition schedule approved by NARA. ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFEGUARDS: NCUA has implemented the appropriate administrative, technical, and physical controls in accordance with the Federal Information Security Modernization Act of 2014, Public Law 113–283, S. 2521, and NCUA’s information security policies to protect the confidentiality, integrity, and availability of the information system and the information contained therein. Access is limited only to individuals authorized through NIST-compliant Identity, Credential, and Access Management policies and procedures. The records are maintained behind a layered defensive posture consistent with all applicable Federal laws and regulations, including Office of Management and Budget Circular A–130 and NIST Special Publication 800–37. RECORD ACCESS PROCEDURES: Individuals wishing access to their records should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information: 1. Full name. 2. Any available information regarding the type of record involved. 3. The address to which the record information should be sent. 4. You must sign your request. Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf. Individuals requesting access must also comply with NCUA’s Privacy Act regulations regarding verification of identity and access to records (12 CFR 792.55). CONTESTING RECORD PROCEDURES: Individuals wishing to request an amendment to their records should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information: 1. Full name. 2. Any available information regarding the type of record involved. 3. A statement specifying the changes to be made in the records and the justification therefore. 4. The address to which the response should be sent. 5. You must sign your request. Attorneys or other persons acting on behalf of an individual must provide E:\FR\FM\25JYN1.SGM 25JYN1 47922 Federal Register / Vol. 88, No. 141 / Tuesday, July 25, 2023 / Notices written authorization from that individual for the representative to act on their behalf. NOTIFICATION PROCEDURES: Individuals wishing to learn whether this system of records contains information about them should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information: 1. Full name. 2. Any available information regarding the type of record involved. 3. The address to which the record information should be sent. 4. You must sign your request. Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf. Individuals requesting access must also comply with NCUA’s Privacy Act regulations regarding verification of identity and access to records (12 CFR 792.55). EXEMPTIONS PROMULGATED FOR THE SYSTEM: None. HISTORY: This is a new system. [FR Doc. 2023–15737 Filed 7–24–23; 8:45 am] BILLING CODE 7535–01–P NATIONAL FOUNDATION ON THE ARTS AND THE HUMANITIES Institute of Museum and Library Services Request for Information (RFI): Information Literacy Programs, Resources, and Promising Practices Institute of Museum and Library Services (IMLS). ACTION: Request for information (RFI). AGENCY: The Institute of Museum and Library Services requests information on programs, resources, and activities designed to strengthen information literacy skills. The agency is particularly interested in programs and activities that can be implemented at the local level, in community organizations such as museums and libraries, to help individuals develop the skills necessary to find, evaluate, use, and create information in meaningful ways. The agency is also interested in tools and approaches that can be adapted to meet the needs of different users. DATES: Written comments must be submitted via the method provided below, no later than midnight Eastern Time (ET) on Friday, August 18, 2023. ddrumheller on DSK120RN23PROD with NOTICES1 SUMMARY: VerDate Sep<11>2014 18:12 Jul 24, 2023 Jkt 259001 Comments must be submitted to: infolitrfi@imls.gov. Include Information Literacy Request for Information (RFI) in the subject line of the message. Multimedia submissions (audio, video, etc.) must be accompanied by a written comment. Respondents may answer as many or as few questions as they wish. FOR FURTHER INFORMATION CONTACT: Katherine Maas, Institute of Museum and Library Services, or by email at kmaas@imls.gov. Persons who are deaf or hard of hearing (TTY users) can contact IMLS at 202–207–7858 via 711 for TTY-Based Telecommunications Relay Service. SUPPLEMENTARY INFORMATION: ADDRESSES: Background Individuals are inundated with information in their daily lives. The digital age has contributed to the increased production of information, and navigating our evolving information landscape is increasingly complex. Moreover, continuing changes in technology (e.g., social media, workplace technology, educational technology) make it important for everyone to understand how the availability, exchange, and presentation of information is evolving. Information literacy skills are thus critical for individuals of all ages. Information literacy skills refer to the skills associated with empowering individuals to locate, analyze, evaluate, and use information effectively (e.g., navigating information to learn a new trade or applying information to clarify decision options). The Consolidated Appropriations Act of 2022 1 directed the Institute of Museum and Library Services to explore ways to improve information literacy within communities, including through the creation of a website to disseminate information literacy resources, toolkits, and best practices. The website is primarily intended to support activities within communities as they develop programs and other resources to support local interests and needs. Information Requested IMLS seeks to understand how organizations address and incorporate information literacy skills into local community programs broadly; how information literacy-related resources and programs are applied to specific areas of community concern, including 1 Consolidated Appropriations Act of 2022: https://www.congress.gov/117/plaws/publ103/ PLAW-117publ103.pdf (page 442); Joint Explanatory Statement—Division H: https://docs.house.gov/ billsthisweek/20220307/BILLS-117RCP35-JESDIVISION-H_Part1.pdf (page 142). PO 00000 Frm 00079 Fmt 4703 Sfmt 4703 but not limited to community health, safety, and economic well-being; as well as how these resources and programs are adapted and developed to address local demographics, unique community characteristics, and the continually evolving information environment. IMLS also seeks to identify information literacy-related resources and programs that could inform the development of a website to disseminate successful practices on information literacy programs and related tools. IMLS invites input from stakeholders, experts, communities, and members of the public, including but not limited to libraries, archives, museums, researchers in academia, industry, government library and museum advocacy organizations, nongovernmental and professional organizations, and Federal agencies. A response to every topic or question is not required. Key Topics and Questions Topic 1: Information About Community Program Design and Development A. How has your organization addressed information literacy in its programming, either directly or indirectly? What topics have you connected to information literacy? How have you talked about information literacy in your programming? What has worked best? What would you have liked to have been able to do but couldn’t? B. What kinds of resources and programming have attracted the most interest and engagement within your community, including but not limited to relating to community health, safety, and economic well-being? What resources and programming have generated the least interest and engagement? Please provide examples. C. What methods do you use to conduct an assessment to understand your community’s needs related to information literacy? D. How do you design and adapt information literacy resources and programming to meet the needs and preferences of different demographic groups within your community (e.g., adult learners, people with limited English language skills, people with visual or auditory impairments, people with limited access to or skills with digital technology)? E. Describe any toolkits or other readily available resources related to information literacy that you currently use or have used in your programming. Please indicate the source of these resources (e.g., government website, local health department, etc.). E:\FR\FM\25JYN1.SGM 25JYN1

Agencies

[Federal Register Volume 88, Number 141 (Tuesday, July 25, 2023)]
[Notices]
[Pages 47920-47922]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-15737]


=======================================================================
-----------------------------------------------------------------------

NATIONAL CREDIT UNION ADMINISTRATION


Privacy Act of 1974: Systems of Records

AGENCY: National Credit Union Administration (NCUA).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974, the National Credit Union 
Administration (NCUA) gives notice of a new Privacy Act system of 
records. The new system is NCUA-29, Non-Payroll Employee Administrative 
Records. The Non-Payroll Employee Administrative Records System will 
collect information used for non-payroll personnel actions and human 
resources administrative purposes, including administering supplemental 
benefits, employee assistance programs, and work-life programs.

DATES: Submit comments on or before August 24, 2023. This system will 
be effective immediately, and routine uses will be effective on August 
24, 2023.

ADDRESSES: You may submit comments by any of the following methods, but 
please send comments by one method only:
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     NCUA website: https://www.ncua.gov/RegulationsOpinionsLaws/proposed_regs/proposed_regs.html. Follow the instructions for 
submitting comments.
     Fax: (703) 518-6319. Use the subject line described above 
for email.
     Mail: Address to Melane Conyers-Ausbrooks, Secretary of 
the Board, National Credit Union Administration, 1775 Duke Street, 
Alexandria, Virginia 22314-3428.
     Hand Delivery/Courier: Same as mail address.

FOR FURTHER INFORMATION CONTACT: Jennifer Harrison, Attorney-Advisor, 
Office of General Counsel, (703) 518-6540.

SUPPLEMENTARY INFORMATION: This notice informs the public of the NCUA's 
proposal to establish and maintain a new system of records in 
accordance with the Privacy Act of 1974. The proposed system of records 
will be used to collect and maintain information used for non-payroll 
personnel actions and for human resources administrative purposes, 
including administering supplemental benefits, employee assistance 
programs, and work-life programs. These may include, but are not 
limited to retirement, health examination programs, classes and 
wellness seminars, student loan repayment, flexible spending, as well 
as other similar benefits not otherwise covered as part of the general 
personnel and administrative records covered by the government-wide 
system of records notice published by the Office of Personnel 
Management in OPM/GOVT-1 or those records covered under NCUA-3, Payroll 
Records System.
    The format of NCUA-29 aligns with the guidance set forth in Office 
of Management and Budget (OMB) Circular A-108.

    By the National Credit Union Administration Board.
    Dated: July 20, 2023.
Melane Conyers-Ausbrooks,
Secretary of the Board.

SYSTEM NAME AND NUMBER:
    Non-Payroll Employee Administrative Records, NCUA-29.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    National Credit Union Administration, 1775 Duke Street, Alexandria, 
VA 22314-3428.

SYSTEM MANAGER(S):
    Director, Office of Human Resources, National Credit Union 
Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    12 U.S.C. 1766.

PURPOSE(S) OF THE SYSTEM:
    The purpose of this system is to collect and maintain information 
used for non-payroll personnel actions and for human resources 
administrative purposes, including administering supplemental benefits, 
employee assistance programs, and work-life programs.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    To the extent not covered by any other system, this system covers 
current and former NCUA employees, dependents, and beneficiaries who 
are enrolled in, apply for, or participate in one or more of NCUA 
employee benefit programs.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records in the system include Individual name, Social Security 
number (SSN), employee ID number, Taxpayer Identification Number (TIN), 
or similar. Records may also include home and work contact information, 
including address, telephone number, and email address; information 
related to an employee's participation in supplemental retirement, 
health, and benefit programs, including salary information, 
contribution amount(s), dependents and beneficiary names, addresses, 
relationship, and Social Security number(s); information about student 
loans related to the student loan repayment benefit, including type of 
loan, loan account number, loan holder name and address, total loan 
amount and amount outstanding; and service agreement information; and 
receipts and similar documentation provided as evidence of expenditures 
for reimbursement through supplemental benefits, employee assistance 
and work-life programs.

RECORD SOURCE CATEGORIES:
    The information in this system is obtained from current and former 
NCUA employees and from entities associated with benefits and work-life 
programs including retirement, human resources functions, accounting, 
and payroll systems administration.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, these records or information contained 
therein may specifically be disclosed outside the NCUA as a routine use 
pursuant to 5 U.S.C. 552a(b)(3) as follows:
    1. A record from a system of records may be disclosed as a routine 
use to carriers, providers, and other Federal agencies involved in the 
administration of employee benefit programs and such agencies' 
contractors or plan administrators, when necessary to determine 
employee eligibility to participate in such programs, process employee 
participation in such programs, audit benefits paid under such 
programs, or perform any administrative function in connection with 
those programs;
    2. A record from a system of records may be disclosed as a routine 
use to Federal, state, and local taxation authorities concerning 
compensation to employees or to contractors; to the Office of Personnel 
Management, Department of the Treasury, Department of Labor, and other 
Federal agencies

[[Page 47921]]

concerning pay, benefits, and retirement of employees; to financial 
organizations concerning employee allotments to accounts; and to heirs, 
executors, and legal representatives of beneficiaries;
    3. If a record in a system of records indicates a violation or 
potential violation of civil or criminal law or a regulation, and 
whether arising by general statute or particular program statute, or by 
regulation, rule, or order, the relevant records in the system or 
records may be disclosed as a routine use to the appropriate agency, 
whether Federal, State, local, or foreign, charged with the 
responsibility of investigating or prosecuting such violation or 
charged with enforcing or implementing the statute, rule, regulation, 
or order issued pursuant thereto;
    4. A record from a system of records may be disclosed as a routine 
use to a member of Congress or to a congressional staff member in 
response to an inquiry from the congressional office made at the 
request of the individual about whom the record is maintained;
    5. Records in a system of records may be disclosed as a routine use 
to the Department of Justice, when: (a) NCUA, or any of its components 
or employees acting in their official capacities, is a party to 
litigation; or (b) Any employee of NCUA in his or her individual 
capacity is a party to litigation and where the Department of Justice 
has agreed to represent the employee; or (c) The United States is a 
party in litigation, where NCUA determines that litigation is likely to 
affect the agency or any of its components, is a party to litigation or 
has an interest in such litigation, and NCUA determines that use of 
such records is relevant and necessary to the litigation;
    6. Records in a system of records may be disclosed as a routine use 
in a proceeding before a court or adjudicative body before which NCUA 
is authorized to appear (a) when NCUA or any of its components or 
employees are acting in their official capacities; (b) where NCUA or 
any employee of NCUA in his or her individual capacity has agreed to 
represent the employee; or (c) where NCUA determines that litigation is 
likely to affect the agency or any of its components, is a party to 
litigation or has an interest in such litigation, and NCUA determines 
that use of such records is relevant and necessary to the litigation;
    7. A record from a system of records may be disclosed as a routine 
use to contractors, experts, consultants, and the agents thereof, and 
others performing or working on a contract, service, cooperative 
agreement, or other assignment for NCUA when necessary to accomplish an 
agency function or administer an employee benefit program. Individuals 
provided information under this routine use are subject to the same 
Privacy Act requirements and limitations on disclosure as are 
applicable to NCUA employees;
    8. A record from a system of records may be disclosed to 
appropriate agencies, entities, and persons when (1) NCUA suspects or 
has confirmed that the security or confidentiality of information in 
the system of records has been compromised; (2) NCUA has determined 
that as a result of the suspected or confirmed compromise there is a 
risk of harm to economic or property interests, identity theft or 
fraud, or harm to the security or integrity of this system or other 
systems or programs (whether maintained by NCUA or another agency or 
entity) that rely upon the compromised information; and (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with NCUA's efforts to respond to the 
suspected or confirmed compromise and prevent, minimize, or remedy such 
harm; and
    9. To another Federal agency or Federal entity, when the NCUA 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Electronic records and backups are stored on secure servers, 
approved by NCUA's Office of the Chief Information Officer (OCIO), 
within a FedRAMP-authorized commercial Cloud Service Provider's (CSP) 
Software-as-a-Service solution hosting environment and accessed only by 
authorized personnel.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrievable by a variety of fields including, but not 
limited to, individual name, SSN, employee ID, or some combination 
thereof.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained and disposed in accordance with the General 
Records Retention Schedules issued by the National Archives and Records 
Administration (NARA) or an NCUA records disposition schedule approved 
by NARA.

ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFEGUARDS:
    NCUA has implemented the appropriate administrative, technical, and 
physical controls in accordance with the Federal Information Security 
Modernization Act of 2014, Public Law 113-283, S. 2521, and NCUA's 
information security policies to protect the confidentiality, 
integrity, and availability of the information system and the 
information contained therein. Access is limited only to individuals 
authorized through NIST-compliant Identity, Credential, and Access 
Management policies and procedures. The records are maintained behind a 
layered defensive posture consistent with all applicable Federal laws 
and regulations, including Office of Management and Budget Circular A-
130 and NIST Special Publication 800-37.

RECORD ACCESS PROCEDURES:
    Individuals wishing access to their records should submit a written 
request to the Senior Agency Official for Privacy, NCUA, 1775 Duke 
Street, Alexandria, VA 22314, and provide the following information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. The address to which the record information should be sent.
    4. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf. Individuals requesting access 
must also comply with NCUA's Privacy Act regulations regarding 
verification of identity and access to records (12 CFR 792.55).

CONTESTING RECORD PROCEDURES:
    Individuals wishing to request an amendment to their records should 
submit a written request to the Senior Agency Official for Privacy, 
NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following 
information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. A statement specifying the changes to be made in the records and 
the justification therefore.
    4. The address to which the response should be sent.
    5. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide

[[Page 47922]]

written authorization from that individual for the representative to 
act on their behalf.

NOTIFICATION PROCEDURES:
    Individuals wishing to learn whether this system of records 
contains information about them should submit a written request to the 
Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, 
VA 22314, and provide the following information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. The address to which the record information should be sent.
    4. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf. Individuals requesting access 
must also comply with NCUA's Privacy Act regulations regarding 
verification of identity and access to records (12 CFR 792.55).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    This is a new system.

[FR Doc. 2023-15737 Filed 7-24-23; 8:45 am]
BILLING CODE 7535-01-P
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.