Privacy Act of 1974: Systems of Records

AGENCY:

National Credit Union Administration (NCUA).

ACTION:

Notice of a new system of records.

SUMMARY:

Pursuant to the Privacy Act of 1974, the National Credit Union Administration (NCUA) gives notice of a new proposed Privacy Act system of records. The new proposed system is the Reasonable Accommodations Records System, NCUA-25. This system will include information that the NCUA collects and maintains on applicants for employment and employees who request and/or receive reasonable accommodations from NCUA for medical or religious reasons.

DATES:

Submit comments on or before June 1, 2022 This action will be effective without further notice on June 1, 2022 unless comments are received that would result in a contrary determination.

ADDRESSES:

You may submit comments by any of the following methods, but please send comments by one method only:

• Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.

• NCUA website: http://www.ncua.gov/RegulationsOpinionsLaws/proposed_regs/proposed_regs.html. Follow the instructions for submitting comments.

• Fax: (703) 518-6319. Use the subject line described above for email.

• Mail: Address to Melane Conyers-Ausbrooks, Secretary of the Board, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428.

• Hand Delivery/Courier: Same as mail address.

FOR FURTHER INFORMATION CONTACT:

Towanda Brooks, Chief Human Capital Officer and Director, Office of Human Resources, or Vanessa Jackson, Reasonable Accommodation Coordinator, Office of Human Resources; or Rena Kim, Privacy Attorney, Office of General Counsel, the National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314.

SUPPLEMENTARY INFORMATION:

This notice informs the public of the NCUA's proposal to establish and maintain a new system of records in accordance with the Privacy Act of 1974. The information collected in the NCUA-25 system of records covers the NCUA's collection and maintenance of records on applicants for employment, employees, and other individuals who participate in NCUA programs or activities who request or receive reasonable accommodations or other appropriate modifications from the NCUA for medical or religious reasons. Title V of the Rehabilitation Act of 1973, as amended, prohibits discrimination in services and employment on the basis of disability, and Title VII of the Civil Rights Act of 1974 prohibits discrimination, including on the basis of religion. These prohibitions on discrimination may require Federal agencies to provide reasonable accommodations to individuals with disabilities and those with sincerely held religious beliefs, practices, or observances unless doing so would impose an undue hardship. In some instances, individuals may request modifications to their workspace, schedule, duties, or other requirements for documented medical reasons that may not qualify as a disability but may necessitate an appropriate modification to workplace policies and practices.

The NCUA's Office of Human Resources processes requests for reasonable accommodations from employees and applicants for employment and also processes requests based on documented medical reasons that may not qualify as a disability but that warrant consideration of an appropriate modification to workplace policies and practices in accordance with agency policy. Other NCUA offices may also receive such requests related to programs or activities for which they are responsible. Existing records related to the request, documents supporting the request, any evaluation conducted internally, by a supporting government authority or a third party under contract to the NCUA, the decision whether to grant or deny the request, and the details and conditions of the reasonable accommodation are all included in this system of records.

The format of NCUA-25 aligns with the guidance set forth in OMB Circular A-108.

SYSTEM NAME AND NUMBER:

Reasonable Accommodations Records—NCUA-25.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

The system is operated and maintained at the National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314. Records may be located in locked cabinets and offices, on NCUA's local area network, or in authorized cloud service providers.

SYSTEM MANAGER(S):

Chief Human Capital Officer and Director of the Office of Human Resources, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

12 U.S.C. 1751, et. seq., The Rehabilitation Act of 1973, 29 U.S.C. 701, 791, 794; Title VII of the Civil Rights Act of 1964, 42 U.S.C. 2000e; 29 CFR 1605 (Guidelines on Discrimination Because of Religion); 29 CFR 1614 (Federal Sector Equal Employment Opportunity); 29 CFR 1614 (Regulations to Implement the Equal Employment Provisions of the Americans With Disabilities Act); 5 U.S.C. 302, 1103; Executive Order 13164, Requiring Federal Agencies to Establish Procedures to Facilitate the Provision of Reasonable Accommodation (July 26, 2000); and Executive Order 13548, Increasing Federal Employment of Individuals with Disabilities (July 26, 2010).

PURPOSE(S) OF THE SYSTEM:

This system of records is maintained for the purposes of:

1. Collecting and maintaining records on NCUA applicants for employment, employees, and other individuals who participate in NCUA programs or activities and who request or receive reasonable accommodations or other appropriate modifications from the NCUA for medical or religious reasons;

2. To process, evaluate, and make decisions on individual requests and;

3. To track and report the processing of such requests agency-wide to comply with applicable requirements in law and policy.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals covered by this system are (1) Applicants for Federal employment and (2) Federal employees who requested and/or received reasonable accommodations or other appropriate modifications from the NCUA for medical or religious reasons and (3) other individuals who participate in NCUA programs or activities and who request or receive reasonable accommodations or other appropriate modifications from the NCUA for medical or religious reasons.

CATEGORIES OF RECORDS IN THE SYSTEM:

Records in the system may contain:

• Requester's name;
• Requester's status (applicant, current employee);
• Requester's position title, series, grade;
• Requester's supervisor's name;
• Requester's contact information (addresses, phone numbers, and email addresses);
• Description of the requester's medical condition or disability and any medical documentation provided in support of the request;
• Medical provider's name and contact information;
• Requester's statement of a sincerely held religious belief and any additional information provided concerning that religious belief and the need for an accommodation to exercise that belief;
• The name/contact information of an individual's religious or spiritual advisor;
• Description of the accommodation being requested;
• Description of previous requests for accommodation;
• Whether the request was made orally or in writing;
• Whether the request for reasonable accommodation was granted or denied, and if denied, the reason for the denial;
• The amount of time taken to process the request;
• The sources of technical assistance consulted in trying to identify a possible reasonable accommodation;
• Any reports or evaluations prepared in determining whether to grant or deny the request;
• Any other information collected or developed in connection with the request for a reasonable accommodation.
• Decision-Maker's name/signature and; Disability Program Manager's name/signature.

RECORD SOURCE CATEGORIES:

The information in the system is obtained from the individuals who request and/or receive a reasonable accommodation or other appropriate modification from the NCUA, directly or indirectly from an individual's medical provider or another medical professional who evaluates the request, directly or indirectly from an individual's religious or spiritual advisors or institutions, and from management officials. Whenever practicable, the NCUA collects information about an individual directly from that individual.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, these records or information contained therein may specifically be disclosed outside the NCUA as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

1. To a Federal agency or entity authorized to procure assistive technologies and services in response to a request for reasonable accommodation.

2. To first aid and safety personnel if the individual's medical condition requires emergency treatment.

3. To another Federal agency or oversight body charged with evaluating NCUA's compliance with the laws, regulations, and policies governing reasonable accommodation requests.

4. To another Federal agency pursuant to a written agreement with NCUA to provide services (such as medical evaluations), when necessary, in support of reasonable accommodation decisions.

5. If a record in a system of records indicates a violation or potential violation of civil or criminal law or a regulation, and whether arising by general statute or particular program statute, or by regulation, rule, or order, the relevant records in the system or records may be disclosed as a routine use to the appropriate agency, whether federal, state, local, or foreign, charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing the statute, rule, regulation, or order issued pursuant thereto.

6. A record from a system of records may be disclosed as a routine use to an authorized appeal grievance examiner, formal complaints examiner, equal employment opportunity investigator, arbitrator or other duly authorized official engaged in investigation or settlement of a grievance, complaint, or appeal filed by an employee. Further, a record from any system of records may be disclosed as a routine use to the Office of Personnel Management in accordance with the agency's responsibility for evaluation and oversight of federal personnel management.

7. A record from a system of records may be disclosed as a routine use to a member of Congress or to a congressional staff member in response to an inquiry from the congressional office made at the request of the individual about whom the record is maintained.

8. Records in a system of records may be disclosed as a routine use to the Department of Justice, when: (a) NCUA, or any of its components or employees acting in their official capacities, is a party to litigation; or (b) Any employee of NCUA in his or her individual capacity is a party to litigation and where the Department of Justice has agreed to represent the employee; or (c) The United States is a party in litigation, where NCUA determines that litigation is likely to affect the agency or any of its components, is a party to litigation or has an interest in such litigation, and NCUA determines that use of such records is relevant and necessary to the litigation.

9. Records in a system of records may be disclosed as a routine use in a proceeding before a court or adjudicative body before which NCUA is authorized to appear (a) when NCUA or any of its components or employees are acting in their official capacities; (b) where NCUA or any employee of NCUA in his or her individual capacity has agreed to represent the employee; or (c) where NCUA determines that litigation is likely to affect the agency or any of its components, is a party to litigation or has an interest in such litigation, and NCUA determines that use of such records is relevant and necessary to the litigation.

10. A record from a system of records may be disclosed to contractors, experts, consultants, and the agents thereof, and others performing or working on a contract, service, cooperative agreement, or other assignment for NCUA when necessary to accomplish an agency function or administer an employee benefit program.

11. To appropriate agencies, entities, and persons when (1) the NCUA suspects or has confirmed that there has been a breach of the system of records; (2) the NCUA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the NCUA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the NCUA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

12. To another Federal agency or Federal entity, when the NCUA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Electronic records and backups are stored on secure servers, approved by NCUA's Office of the Chief Information Officer (OCIO), within a FedRAMP-authorized commercial Cloud Service Provider's (CSP) Software-as-a-Service solution hosting environment and accessed only by authorized personnel.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records may be retrieved by any of the following: Name, case number, or email address.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records are maintained in accordance with GRS 2.3 and are destroyed three years after separation from the agency or all appeals are concluded, whichever is later, but longer retention is authorized if requested for business use.

ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFEGUARDS:

NCUA and the Cloud Service Provider have implemented the appropriate administrative, technical, and physical controls in accordance with the Federal Information Security Modernization Act of 2014, Public Law 113-283, S. 2521, and NCUA's information security policies to protect the confidentiality, integrity, and availability of the information system and the information contained therein. Access is limited only to individuals authorized through NIST-compliant Identity, Credential, and Access Management policies and procedures. The records are maintained behind a layered defensive posture consistent with all applicable federal laws and regulations, including OMB Circular A-130 and NIST Special Publications 800-37.

RECORD ACCESS PROCEDURES:

Individuals wishing access to their records should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information:

1. Full name.

2. Any available information regarding the type of record involved.

3. The address to which the record information should be sent.

4. You must sign your request.

Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf. Individuals requesting access must also comply with NCUA's Privacy Act regulations regarding verification of identity and access to records (12 CFR 792.55).

CONTESTING RECORD PROCEDURES:

Individuals wishing to request an amendment to their records should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information:

1. Full name.

2. Any available information regarding the type of record involved.

3. A statement specifying the changes to be made in the records and the justification therefore.

4. The address to which the response should be sent.

5. You must sign your request.

Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf.

NOTIFICATION PROCEDURES:

Individuals wishing to learn whether this system of records contains information about them should submit a written request to the Senior Agency Official for Privacy, NCUA, 1775 Duke Street, Alexandria, VA 22314, and provide the following information:

1. Full name.

2. Any available information regarding the type of record involved.

3. The address to which the record information should be sent.

4. You must sign your request.

Attorneys or other persons acting on behalf of an individual must provide written authorization from that individual for the representative to act on their behalf. Individuals requesting access must also comply with NCUA's Privacy Act regulations regarding verification of identity and access to records (12 CFR 792.55).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

This is a new system.