AGENCY:

National Credit Union Administration (NCUA)

ACTION:

Notice of a new system of records.

SUMMARY:

Pursuant to the Privacy Act of 1974, the National Credit Union Administration (NCUA) gives notice of a new proposed Privacy Act system of records. The new proposed system is the Mailing, Contact and Other Lists System, NCUA-23. This system will support the NCUA's communications and outreach efforts to members of the public, and the NCUA's statutorily mandated examination and supervision activities of credit unions. This system will store information pertaining to individuals in the performance of the NCUA's statutory duties.

DATES:

Submit comments on or before July 26, 2021. This action will take effect without further notice on July 26, 2021 unless comments are received that would result in a contrary determination.

ADDRESSES:

You may submit comments by any of the following methods, but please send comments by one method only:

• Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.Start Printed Page 33781
• NCUA website: http://www.ncua.gov/​RegulationsOpinionsLaws/​proposed_​regs/​proposed_​regs.html. Follow the instructions for submitting comments.
• Fax: (703) 518-6319. Use the subject line described above for email.
• Mail: Address to Melane Conyers-Ausbrooks, Secretary of the Board, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.
• Hand Delivery/Courier: Same as mail address.

FOR FURTHER INFORMATION CONTACT:

Ben Hardaway, Director, Division of Communications, Office of External Affairs and Communications; Susan Brown, Systems Officer, Office of Examination and Insurance; or Rena Kim, Privacy Attorney, Office of General Counsel, the National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia, 22314.

SUPPLEMENTARY INFORMATION:

This notice informs the public of the NCUA's proposal to establish and maintain a new system of records. The proposed new system is being established under the NCUA's authority under the Federal Credit Union Act, 12 U.S.C. 1751, et. seq. The information collected in the NCUA-23 system of records will facilitate communication with the NCUA's stakeholders, including members of the public, providing interested parties with information on the agency's initiatives, required reports including the 5300 Call Report, and credit union examination and supervision policies and practices. This notice satisfies the Privacy Act requirement that an agency publish a system of records notice in the Federal Register when there is an addition to the agency's systems of records.

The format of NCUA-23 aligns with the guidance set forth in OMB Circular A-108. NCUA-23 and all of the NCUA's Standard Routine Uses are published in full below. All of the NCUA's SORNs are available at www.ncua.gov.

SYSTEM NAME AND NUMBER:

Mailing, Contact and Other Lists—NCUA-23.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

The system is operated and maintained in part by the NCUA staff, and in part by third-party vendors. Please contact the system managers (below) for more information.

SYSTEM MANAGER(S):

Director of the Office of External Affairs and Communications, and the Director of the Office of Examination and Insurance, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

12 U.S.C. 1751, et. seq.

PURPOSE(S) OF THE SYSTEM:

This system of records is maintained for the purposes of supporting the National Credit Union Administration's (NCUA's) communications and outreach efforts to members of the public and to facilitate the NCUA's statutorily mandated examination and supervision activities, including:

1. Handling requests for informational literature, newsletters, and other NCUA materials;

2. Processing event registrations, conducting surveys, and providing information about NCUA-related activities and events and;

3. Notifying credit unions of mandatory actions and updates that they must complete and are related to the NCUA's mission of providing a safe and sound credit union system.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals covered by this system are (1) Current and former directors, officers, employees, and volunteers of credit unions; (2) Members of the public; and (3) NCUA employees and contractors.

CATEGORIES OF RECORDS IN THE SYSTEM:

Records in the system may contain contact information including name, title, address, phone number, and email address.

RECORD SOURCE CATEGORIES:

The information in the system about credit union officials is generally provided by credit unions for supervision and examination activities. Other information may be from members of the public who submit requests for information, subscriptions, inquiries, guidance, and other assistance to the NCUA, and those who have registered for NCUA events and responded to questionnaires, request forms, feedback forms or surveys. NCUA employees and contractors may add or update information to the system as part of their assigned duties to handle such correspondence, or for credit union supervision and examination activities. Whenever practicable, the NCUA collects information about an individual directly from that individual.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, these records or information contained therein may specifically be disclosed outside the NCUA as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

1. NCUA's Standard Routine Uses apply to this system of records.

2. To appropriate agencies, entities, and persons for the purpose of supervision, enforcement, training, or other outreach activities.

3. To an entity or person that is the subject of supervision or enforcement activities including examinations, investigations, administrative proceedings, and litigation, and the attorney or non-attorney representative for that entity or person.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Electronic records and backups are stored on secure servers, approved by NCUA's Office of the Chief Information Officer (OCIO), within a FedRAMP-authorized commercial Cloud Service Provider's (CSP) Software-as-a-Service solution hosting environment and accessed only by authorized personnel. No paper files are maintained.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records may be retrieved by any of the following: Name, address, phone number, or email address.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records are maintained until they become inactive and, in accordance with the General Records Retention Schedules issued by the National Archives and Records Administration (NARA) or a NCUA records disposition schedule approved by NARA.

ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFEGUARDS:

NCUA and the Cloud Service Provider have implemented the appropriate administrative, technical, and physical controls in accordance with the Federal Information Security Modernization Act of 2014, Public Law 113-283, S. 2521, and NCUA's information security policies to protect the confidentiality, integrity, and availability of the information system and the information contained therein. Access is limited only to individuals authorized through NIST-compliant Identity, Credential, Start Printed Page 33782and Access Management policies and procedures. The records are maintained behind a layered defensive posture consistent with all applicable federal laws and regulations, including OMB Circular A-130 and NIST Special Publications 800-37.

RECORD ACCESS PROCEDURES:

Individuals wishing access to their records should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information:

1. Full name.

2. Any available information regarding the type of record involved.

3. The address to which the record information should be sent.

4. You must sign your request.

Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf. Individuals requesting access must also comply with NCUA's Privacy Act regulations regarding verification of identity and access to records (12 CFR 792.55).

CONTESTING RECORD PROCEDURES:

Individuals wishing to request an amendment to their records should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information:

1. Full name.

2. Any available information regarding the type of record involved.

3. A statement specifying the changes to be made in the records and the justification therefore.

4. The address to which the response should be sent.

5. You must sign your request.

Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf.

NOTIFICATION PROCEDURES:

Individuals wishing to learn whether this system of records contains information about them should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information:

1. Full name.

2. Any available information regarding the type of record involved.

3. The address to which the record information should be sent.

4. You must sign your request.

Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf. Individuals requesting access must also comply with NCUA's Privacy Act regulations regarding verification of identity and access to records (12 CFR 792.55).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

This is a new system.