83 FR 40572 - Privacy Act of 1974: Systems of Records

NATIONAL CREDIT UNION ADMINISTRATION

Federal Register Volume 83, Issue 158 (August 15, 2018)

Pursuant to the Privacy Act of 1974, the National Credit Union Administration (NCUA) proposes the following changes to: Reflect changes in information access and retrieval, and change the name of the office system owner for an existing system of records, Consumer Complaints Against Federal Credit Unions, NCUA-12; revise the authorities to reflect specific programmatic authority for collecting, maintaining, using, and disseminating the information; and add a routine use to all NCUA Systems of Records as part of our Standard Routine Uses. These actions are necessary to meet the requirements of the Privacy Act that federal agencies publish in the Federal Register a notice of the existence and character of records it maintains that are retrieved by an individual identifier. This is a republication after full review by OMB.

[Federal Register Volume 83, Number 158 (Wednesday, August 15, 2018)]
[Notices]
[Pages 40572-40575]
From the Federal Register Online  [www.thefederalregister.org]
[FR Doc No: 2018-17517]


=======================================================================
-----------------------------------------------------------------------

NATIONAL CREDIT UNION ADMINISTRATION


Privacy Act of 1974: Systems of Records

AGENCY: National Credit Union Administration (NCUA).

ACTION: Notice of a modified system of records; notice of modified 
standard routine uses.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974, the National Credit Union 
Administration (NCUA) proposes the following changes to: Reflect 
changes in information access and retrieval, and change the name of the 
office system owner for an existing system of records, Consumer 
Complaints Against Federal Credit Unions, NCUA-12; revise the 
authorities to reflect specific programmatic authority for collecting, 
maintaining, using, and disseminating the information; and add a 
routine use to all NCUA Systems of Records as part of our Standard 
Routine Uses. These actions are necessary to meet the requirements of 
the Privacy Act that federal agencies publish in the Federal Register a 
notice of the existence and character of records it maintains that are 
retrieved by an individual identifier. This is a republication after 
full review by OMB.

DATES: Submit comments on or before September 14, 2018. This action 
will be effective without further notice on September 14, 2018 unless 
comments are received that would result in a contrary determination.

ADDRESSES: You may submit comments by any of the following methods, but 
please send comments by one method only:
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     NCUA Website: http://www.ncua.gov/RegulationsOpinionsLaws/proposed_regs/proposed_regs.html. Follow the instructions for 
submitting comments.
     Email: Address to [email protected]. Include ``[Your 
name]--Comments on NCUA Consumer Complaints Against Federal Credit 
Unions SORN'' in the email subject line.
     Fax: (703) 518-6319. Use the subject line described above 
for email.
     Mail: Address to Gerard Poliquin, Secretary of the Board, 
National Credit Union Administration, 1775 Duke Street, Alexandria, 
Virginia 22314-3428.
     Hand Delivery/Courier: Same as mail address.

FOR FURTHER INFORMATION CONTACT: Morgan M. Rogers, Division of Consumer 
Affairs Director, or Matthew J. Biliouris, Director, Office of Consumer 
Financial Protection, Consumer Assistance, the National Credit Union 
Administration, 1775 Duke Street, Alexandria, Virginia 22314 (Regarding 
the NCUA-12, Consumer Complaints Against Federal Credit Unions System), 
or Rena Kim, Privacy Attorney, or Linda Dent, Senior Agency Official 
for Privacy, Office of General Counsel, the National Credit Union 
Administration, 1775 Duke Street, Alexandria, Virginia 22314, or 
telephone: (703) 518-6540.

SUPPLEMENTARY INFORMATION: 
    (1) NCUA is Proposing To Update NCUA-12, Consumer Complaints 
Against Federal Credit Unions. The NCUA-12 Consumer Complaints Against 
Federal Credit Unions System is being updated to reflect a change in 
the manner in which records are accessed and retrieved by examination 
personnel. The NCUA-12 system of records collects and maintains 
consumer complaints against federal credit unions received and 
processed by the NCUA Consumer Assistance Center. The change in access 
will improve the effectiveness and efficiency when examiners conduct 
the required pre-exam planning review of consumer complaints. Examiners 
may securely view consumer complaints, credit union responses, 
supporting documentation about complaints, and consumer protection 
violations concerning the credit unions in their assigned region. The 
update includes a change to the office system owner's name resulting

[[Page 40573]]

from a reorganization. The Consumer Assistance Center is a component 
within NCUA's previous Office of Consumer Financial Protection and 
Access, now reorganized and renamed the Office of Consumer Financial 
Protection (OCFP).
    (2) NCUA is Proposing To Revise the Authorities for Maintenance of 
the System To Reflect Specific Programmatic Authority for Collecting, 
Maintaining, Using, and Disseminating the Information. We are revising 
the authorities to reflect specific programmatic authority for 
collecting, maintaining, using, and disseminating the information.
    (3) NCUA is Proposing To Add One Routine Use to Our Standard 
Routine Uses. This additional routine use will facilitate the sharing 
of NCUA's information with another agency in its efforts to respond to 
a breach. It will ensure that NCUA meets the requirements of OMB M-17-
12 ``Preparing for and Responding to a Breach of Personally 
Identifiable Information.''
    In addition to the substantive updates described above, the NCUA 
has modified the format of NCUA-12 to align with the guidance set forth 
in OMB Circular A-108. NCUA-12 and all of NCUA's Standard Routine Uses 
are published in full below. For convenience, modified language is 
identified in italics. All of the NCUA's SORNs are available at 
www.ncua.gov.

    By the National Credit Union Administration Board on August 9, 
2018.
Gerard Poliquin,
Secretary of the Board.
SYSTEM NAME AND NUMBER
    Consumer Complaints Against Federal Credit Unions--NCUA-12.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    NCUA Consumer Assistance Center, Office of Consumer Financial 
Protection, National Credit Union Administration, 1775 Duke Street, 
Alexandria, VA 22314-3428. Third party service provider, 
Salesforce.com, Inc. The Landmark at One Market, Suite 300, San 
Francisco, CA 94105.

SYSTEM MANAGER(S):
    Division of Consumer Affairs Director, Office of Consumer Financial 
Protection, National Credit Union Administration, 1775 Duke Street, 
Alexandria, Virginia 22314-3428.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    12 U.S.C. 1752a, 12 U.S.C. 1766, 12 U.S.C. 1784(a), and 12 U.S.C. 
1789.

PURPOSE(S) OF THE SYSTEM:
    The system supports the NCUA's supervisory oversight and 
enforcement responsibilities to intake and respond to consumer 
inquiries, complaints and other communications from the general public, 
credit unions and other state and federal government banking and law 
enforcement agencies regarding federal consumer financial protection 
laws, regulations and credit union activity.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals who are members of the public that contact the NCUA's 
Consumer Assistance Center by telephone, written correspondence and web 
search, including both general inquiries and complaints concerning 
federal financial consumer protection matters within credit unions.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system contains correspondence and records of other 
communications between the NCUA and the individual submitting a 
complaint or making an inquiry, including copies of supporting 
documents and contact information supplied by the individual. This 
system may also contain regulatory and supervisory communications 
between the NCUA and the NCUA-insured credit union in question and/or 
intra-agency or inter-agency memoranda or correspondence relevant to 
the complaint or inquiry.

RECORD SOURCE CATEGORIES:
    Information is provided by the individual complainant, and his or 
her representative such as, a member of Congress or an attorney. 
Information is also provided by federal credit union officials and 
employees. Information is provided by the individual to whom the record 
pertains, internal agency records, and investigative and other record 
material compiled in the course of an investigation, or furnished by 
other state and federal financial regulatory and law enforcement 
government agencies.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    The NCUA's Consumer Assistance Center uses these records to 
document the submission of and responses to consumer inquiries, 
complaints and other communications from the general public regarding 
federal consumer financial protection laws, regulations and credit 
union activity.
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside the NCUA 
as a routine use as follows:
    (1) Information may be disclosed to officials of federal credit 
unions and other persons mentioned in a complaint or identified during 
an investigation.
    (2) Disclosures may be made to the Federal Reserve Board, other 
federal financial regulatory agencies, the Federal Financial 
Institutions Examination Council, the White House Office of Consumer 
Affairs, and the Congress, or any of its authorized committees in 
fulfilling reporting requirements or assessing implementation of 
applicable laws and regulations. (Such disclosures will be made in a 
non-identifiable manner when feasible and appropriate.)
    (3) Referrals may also be made to other federal and nonfederal 
supervisory or regulatory authorities when the subject matter is a 
complaint or inquiry which is more properly within such agency's 
jurisdiction.
    (4) NCUA's Standard Routine Uses apply to this system of records.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored electronically and physically.

POLICIES AND PRACTICES FOR RETRIEVABILITY OF RECORDS:
    Records are retrieved by individual identifiers such as individual 
complainant's name.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    All records, including audio records, are retained in a secure and 
encrypted cloud-based storage system for a period of seven years 
consistent with the National Archives and Records Administration 
records retention schedule.

ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFEGUARDS:
    Information in the system is safeguarded in accordance with the 
applicable laws, rules and policies governing the operation of federal 
information systems.

RECORD ACCESS PROCEDURES:
    Individuals wishing access to their records should submit a written 
request to the Senior Agency Official for Privacy, NCUA, 1775 Duke 
Street, Alexandria, VA 22314, and provide the following information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. The address to which the record information should be sent.
    4. You must sign your request.

[[Page 40574]]

    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf. Individuals requesting access 
must also comply with NCUA's Privacy Act regulations regarding 
verification of identity and access to records (12 CFR 792.55).

CONTESTING RECORD PROCEDURES:
    Individuals wishing to request an amendment to their records should 
submit a written request to the Senior Agency Official for Privacy, 
NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following 
information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. A statement specifying the changes to be made in the records and 
the justification therefore.
    4. The address to which the response should be sent.
    5. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf.

NOTIFICATION PROCEDURES:
    Individuals wishing to learn whether this system of records 
contains information about them should submit a written request to the 
Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, 
VA 22314, and provide the following information:
    1. Full name.
    2. Any available information regarding the type of record involved.
    3. The address to which the record information should be sent.
    4. You must sign your request.
    Attorneys or other persons acting on behalf of an individual must 
provide written authorization from that individual for the 
representative to act on their behalf. Individuals requesting access 
must also comply with NCUA's Privacy Act regulations regarding 
verification of identity and access to records (12 CFR 792.55).

HISTORY:
    This system of records notice was originally published in 65 FR 
3486 (January 21, 2000). It was republished (but not substantively 
changed in 75 FR 41539 (July 16, 2010), and 71 FR 77807 (December 27, 
2006).

NCUA'S STANDARD ROUTINE USES:
    1. If a record in a system of records indicates a violation or 
potential violation of civil or criminal law or a regulation, and 
whether arising by general statute or particular program statute, or by 
regulation, rule, or order, the relevant records in the system or 
records may be disclosed as a routine use to the appropriate agency, 
whether federal, state, local, or foreign, charged with the 
responsibility of investigating or prosecuting such violation or 
charged with enforcing or implementing the statute, rule, regulation, 
or order issued pursuant thereto.
    2. A record from a system of records may be disclosed as a routine 
use to a federal, state, or local agency which maintains civil, 
criminal, or other relevant enforcement information or other pertinent 
information, such as current licenses, if necessary, to obtain 
information relevant to an agency decision concerning the hiring or 
retention of an employee, the issuance of a security clearance, the 
letting of a contract, or the issuance of a license, grant, or other 
benefit.
    3. A record from a system of records may be disclosed as a routine 
use to a federal agency, in response to its request, for a matter 
concerning the hiring or retention of an employee, the issuance of a 
security clearance, the reporting of an investigation of an employee, 
the letting of a contract, or the issuance of a license, grant, or 
other benefit by the requesting agency, to the extent that the 
information is relevant and necessary to the requesting agency's 
decision in the matter.
    4. A record from a system of records may be disclosed as a routine 
use to an authorized appeal grievance examiner, formal complaints 
examiner, equal employment opportunity investigator, arbitrator or 
other duly authorized official engaged in investigation or settlement 
of a grievance, complaint, or appeal filed by an employee. Further, a 
record from any system of records may be disclosed as a routine use to 
the Office of Personnel Management in accordance with the agency's 
responsibility for evaluation and oversight of federal personnel 
management.
    5. A record from a system of records may be disclosed as a routine 
use to officers and employees of a federal agency for purposes of 
audit.
    6. A record from a system of records may be disclosed as a routine 
use to a member of Congress or to a congressional staff member in 
response to an inquiry from the congressional office made at the 
request of the individual about whom the record is maintained.
    7. A record from a system of records may be disclosed as a routine 
use to the officers and employees of the General Services 
Administration (GSA) in connection with administrative services 
provided to this Agency under agreement with GSA.
    8. Records in a system of records may be disclosed as a routine use 
to the Department of Justice, when: (a) NCUA, or any of its components 
or employees acting in their official capacities, is a party to 
litigation; or (b) Any employee of NCUA in his or her individual 
capacity is a party to litigation and where the Department of Justice 
has agreed to represent the employee; or (c) The United States is a 
party in litigation, where NCUA determines that litigation is likely to 
affect the agency or any of its components, is a party to litigation or 
has an interest in such litigation, and NCUA determines that use of 
such records is relevant and necessary to the litigation, provided, 
however, that in each case, NCUA determines that disclosure of the 
records to the Department of Justice is a use of the information 
contained in the records that is compatible with the purpose for which 
the records were collected.
    9. Records in a system of records may be disclosed as a routine use 
in a proceeding before a court or adjudicative body before which NCUA 
is authorized to appear (a) when NCUA or any of its components or 
employees are acting in their official capacities; (b) where NCUA or 
any employee of NCUA in his or her individual capacity has agreed to 
represent the employee; or (c) where NCUA determines that litigation is 
likely to affect the agency or any of its components, is a party to 
litigation or has an interest in such litigation, and NCUA determines 
that use of such records is relevant and necessary to the litigation, 
provided, however, NCUA determines that disclosure of the records to 
the Department of Justice is a use of the information contained in the 
records that is compatible with the purpose for which the records were 
collected.
    10. A record from a system of records may be disclosed to 
contractors, experts, consultants, and the agents thereof, and others 
performing or working on a contract, service, cooperative agreement, or 
other assignment for NCUA when necessary to accomplish an agency 
function or administer an employee benefit program. Individuals 
provided information under this routine use are subject to the same 
Privacy Act requirements and limitations on disclosure as are 
applicable to NCUA employees.
    11. A record from a system of records may be disclosed to 
appropriate agencies, entities, and persons when (1) NCUA suspects or 
has confirmed that

[[Page 40575]]

the security or confidentiality of information in the system of records 
has been compromised; (2) NCUA has determined that as a result of the 
suspected or confirmed compromise there is a risk of harm to economic 
or property interests, identity theft or fraud, or harm to the security 
or integrity of this system or other systems or programs (whether 
maintained by NCUA or another agency or entity) that rely upon the 
compromised information; and (3) the disclosure made to such agencies, 
entities, and persons is reasonably necessary to assist in connection 
with NCUA's efforts to respond to the suspected or confirmed compromise 
and prevent, minimize, or remedy such harm.
    12. A record from a system of records may be shared with the Office 
of Management and Budget (OMB) in connection with the review of private 
relief legislation as set forth in OMB Circular A-19 at any stage of 
the legislative coordination and clearance process as set forth in that 
circular.
    13. To another Federal agency or Federal entity, when the NCUA 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.

[FR Doc. 2018-17517 Filed 8-14-18; 8:45 am]
 BILLING CODE 7535-01-P