NCUA headquarters. Credit/NCUA
The NCUA has proposed modifications to one of its internal Privacy Act systems of records, updating how the agency manages and shares financial and acquisition data tied to its own operations. The filing, published Friday in the Federal Register, amends System of Records NCUA-19, which serves as the agency’s core financial and budgetary management system.
The NCUA said the changes are intended to modernize the system and align it with updated guidance from the Office of Management and Budget, including requirements governing data-sharing transparency and cybersecurity practices. The system integrates information related to agency programs, vendor payments, payroll, contracts and debt collection, and includes records on current and former employees, contractors, vendors and customers.
Among the most notable changes, NCUA is adding new “routine uses” that clarify when information may be shared outside the agency. These include disclosures to Treasury and federal debt-collection entities to recover delinquent debts owed to NCUA, as well as information-sharing with other agencies to respond to or mitigate data breaches. The filing also consolidates and publishes a full list of routine uses, replacing prior references to “standard routine uses.”
NCUA emphasized that the changes do not create new exemptions under the Privacy Act and preserve individuals’ rights to access and amend records. The agency also updated descriptions of its administrative, technical and physical safeguards, noting that records are protected using NIST-aligned controls and FedRAMP-authorized cloud environments.
Comments on the proposed modifications are due within 30 days of publication.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.