Agency Information Collection Activities: Submission for OMB Review; Comment Request, 20426 [2010-8828]

Download as PDF 20426 Federal Register / Vol. 75, No. 74 / Monday, April 19, 2010 / Notices Guinea-Bissau; Air Force Chief of Staff of Guinea-Bissau (individual) [SDNTK] Dated: April 8, 2010. Adam J. Szubin, Director, Office of Foreign Assets Control. [FR Doc. 2010–8915 Filed 4–16–10; 8:45 am] BILLING CODE 4810–AL–P DEPARTMENT OF THE TREASURY Office of the Comptroller of the Currency Agency Information Collection Activities: Submission for OMB Review; Comment Request AGENCY: Office of the Comptroller of the Currency (OCC), Treasury. ACTION: Notice and request for comment. wwoods2 on DSK1DXX6B1PROD with NOTICES_PART 1 SUMMARY: The OCC, as part of its continuing effort to reduce paperwork and respondent burden, invites the general public and other Federal agencies to take this opportunity to comment on a continuing information collection, as required by the Paperwork Reduction Act of 1995. An agency may not conduct or sponsor, and a respondent is not required to respond to, an information collection unless it displays a currently valid OMB control number. The OCC is soliciting comment concerning its information collection titled, ‘‘Notice Regarding Unauthorized Access to Customer Information.’’ The OCC is also giving notice that it has submitted the collection to OMB for review. DATES: You should submit comments by May 19, 2010. ADDRESSES: Communications Division, Office of the Comptroller of the Currency, Mailstop 2–3, Attention: 1557–0227, 250 E Street, SW., Washington, DC 20219. In addition, comments may be sent by fax to (202) 874–5274 or by electronic mail to regs.comments@occ.treas.gov. You may personally inspect and photocopy the comments at the OCC, 250 E Street, SW., Washington, DC. For security reasons, the OCC requires that visitors make an appointment to inspect comments. You may do so by calling (202) 874–4700. Upon arrival, visitors will be required to present valid government-issued photo identification and to submit to security screening in order to inspect and photocopy comments. Additionally, you should send a copy of your comments to: OCC Desk Officer, 1557–0227, by mail to U.S. Office of Management and Budget, 725 17th VerDate Nov<24>2008 15:04 Apr 16, 2010 Jkt 220001 Street, NW., #10235, Washington, DC 20503, or by fax to (202) 395–6974. FOR FURTHER INFORMATION CONTACT: You can request additional information or a copy of the collection from Mary H. Gottlieb, OCC Clearance Officer, (202) 874–5090, Legislative and Regulatory Activities Division, Office of the Comptroller of the Currency, 250 E Street, SW., Washington, DC 20219. SUPPLEMENTARY INFORMATION: The OCC is proposing to extend, without revision, the approval of the following information collection: Title: Notice Regarding Unauthorized Access to Customer Information. OMB Control No.: 1557–0227. Description: Section 501(b) of the Gramm-Leach-Bliley Act (15 U.S.C. 6901) requires the OCC to establish standards for national banks relating to administrative, technical, and physical safeguards to: (1) Insure the security and confidentiality of customer records and information; (2) protect against any anticipated threats or hazards to the security or integrity of such records; and (3) protect against unauthorized access to, or use of, such records or information that could result in substantial harm or inconvenience to any customer. The Interagency Guidelines Establishing Information Security Standards, 12 CFR part 30, Appendix B (Security Guidelines), implementing section 501(b), require each bank to consider and adopt a response program, if appropriate, that specifies actions to be taken when the bank suspects or detects that unauthorized individuals have gained access to customer information. The Interagency Guidance on Response Programs for Unauthorized Customer Information and Customer Notice (Breach Notice Guidance),1 which interprets the Security Guidelines, states that, at a minimum, a bank’s response program should contain procedures for the following: (1) Assessing the nature and scope of an incident, and identifying what customer information systems and types of customer information have been accessed or misused; (2) Notifying its primary Federal regulator as soon as possible when the bank becomes aware of an incident involving unauthorized access to, or use of, sensitive customer information; (3) Consistent with the OCC’s Suspicious Activity Report regulations, notifying appropriate law enforcement 1 12 CFR part 30, Appendix B, Supplement A, Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice. PO 00000 Frm 00102 Fmt 4703 Sfmt 9990 authorities, as well as filing a timely SAR in situations in which Federal criminal violations require immediate attention, such as when a reportable violation is ongoing; (4) Taking appropriate steps to contain and control the incident in an effort to prevent further unauthorized access to, or use of, customer information, for example, by monitoring, freezing, or closing affected accounts, while preserving records and other evidence; and (5) Notifying customers when warranted. This collection of information covers the notice provisions in the Breach Notice Guidance. Type of Review: Extension of a currently approved collection. Affected Public: Individuals; Businesses or other for-profit. Estimated Number of Respondents: 25. Estimated Time per Respondent: Developing notices: 16 hours. Notifying customers: 20 hours. Estimated Total Annual Burden: 900 hours. Frequency of Response: On occasion. The OCC issued a 60-day Federal Register notice on February 3, 2010 (75 FR 5641). No comments were received. Comments continue to be invited on: (a) Whether the collection of information is necessary for the proper performance of the functions of the OCC, including whether the information has practical utility; (b) The accuracy of the OCC’s estimate of the information collection; (c) Ways to enhance the quality, utility, and clarity of the information to be collected; (d) Ways to minimize the burden of the collection on respondents, including through the use of automated collection techniques or other forms of information technology; (e) Estimates of capital or start-up costs and costs of operation, maintenance, and purchase of services to provide information; and (f) Whether the estimates need to be adjusted based upon banks’ experiences regarding the number of actual security breaches that occur. Dated: April 13, 2010. Michele Meyer, Assistant Director, Legislative and Regulatory Activities Division. [FR Doc. 2010–8828 Filed 4–16–10; 8:45 am] BILLING CODE P E:\FR\FM\19APN1.SGM 19APN1

Agencies

[Federal Register Volume 75, Number 74 (Monday, April 19, 2010)]
[Notices]
[Page 20426]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2010-8828]


-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency


Agency Information Collection Activities: Submission for OMB 
Review; Comment Request

AGENCY: Office of the Comptroller of the Currency (OCC), Treasury.

ACTION:  Notice and request for comment.

-----------------------------------------------------------------------

SUMMARY: The OCC, as part of its continuing effort to reduce paperwork 
and respondent burden, invites the general public and other Federal 
agencies to take this opportunity to comment on a continuing 
information collection, as required by the Paperwork Reduction Act of 
1995. An agency may not conduct or sponsor, and a respondent is not 
required to respond to, an information collection unless it displays a 
currently valid OMB control number. The OCC is soliciting comment 
concerning its information collection titled, ``Notice Regarding 
Unauthorized Access to Customer Information.'' The OCC is also giving 
notice that it has submitted the collection to OMB for review.

DATES: You should submit comments by May 19, 2010.

ADDRESSES: Communications Division, Office of the Comptroller of the 
Currency, Mailstop 2-3, Attention: 1557-0227, 250 E Street, SW., 
Washington, DC 20219. In addition, comments may be sent by fax to (202) 
874-5274 or by electronic mail to regs.comments@occ.treas.gov. You may 
personally inspect and photocopy the comments at the OCC, 250 E Street, 
SW., Washington, DC. For security reasons, the OCC requires that 
visitors make an appointment to inspect comments. You may do so by 
calling (202) 874-4700. Upon arrival, visitors will be required to 
present valid government-issued photo identification and to submit to 
security screening in order to inspect and photocopy comments.
    Additionally, you should send a copy of your comments to: OCC Desk 
Officer, 1557-0227, by mail to U.S. Office of Management and Budget, 
725 17th Street, NW., 10235, Washington, DC 20503, or by fax 
to (202) 395-6974.

FOR FURTHER INFORMATION CONTACT: You can request additional information 
or a copy of the collection from Mary H. Gottlieb, OCC Clearance 
Officer, (202) 874-5090, Legislative and Regulatory Activities 
Division, Office of the Comptroller of the Currency, 250 E Street, SW., 
Washington, DC 20219.

SUPPLEMENTARY INFORMATION: The OCC is proposing to extend, without 
revision, the approval of the following information collection:
    Title: Notice Regarding Unauthorized Access to Customer 
Information.
    OMB Control No.: 1557-0227.
    Description: Section 501(b) of the Gramm-Leach-Bliley Act (15 
U.S.C. 6901) requires the OCC to establish standards for national banks 
relating to administrative, technical, and physical safeguards to: (1) 
Insure the security and confidentiality of customer records and 
information; (2) protect against any anticipated threats or hazards to 
the security or integrity of such records; and (3) protect against 
unauthorized access to, or use of, such records or information that 
could result in substantial harm or inconvenience to any customer.
    The Interagency Guidelines Establishing Information Security 
Standards, 12 CFR part 30, Appendix B (Security Guidelines), 
implementing section 501(b), require each bank to consider and adopt a 
response program, if appropriate, that specifies actions to be taken 
when the bank suspects or detects that unauthorized individuals have 
gained access to customer information.
    The Interagency Guidance on Response Programs for Unauthorized 
Customer Information and Customer Notice (Breach Notice Guidance),\1\ 
which interprets the Security Guidelines, states that, at a minimum, a 
bank's response program should contain procedures for the following:
---------------------------------------------------------------------------

    \1\ 12 CFR part 30, Appendix B, Supplement A, Interagency 
Guidance on Response Programs for Unauthorized Access to Customer 
Information and Customer Notice.
---------------------------------------------------------------------------

    (1) Assessing the nature and scope of an incident, and identifying 
what customer information systems and types of customer information 
have been accessed or misused;
    (2) Notifying its primary Federal regulator as soon as possible 
when the bank becomes aware of an incident involving unauthorized 
access to, or use of, sensitive customer information;
    (3) Consistent with the OCC's Suspicious Activity Report 
regulations, notifying appropriate law enforcement authorities, as well 
as filing a timely SAR in situations in which Federal criminal 
violations require immediate attention, such as when a reportable 
violation is ongoing;
    (4) Taking appropriate steps to contain and control the incident in 
an effort to prevent further unauthorized access to, or use of, 
customer information, for example, by monitoring, freezing, or closing 
affected accounts, while preserving records and other evidence; and
    (5) Notifying customers when warranted.
    This collection of information covers the notice provisions in the 
Breach Notice Guidance.
    Type of Review: Extension of a currently approved collection.
    Affected Public: Individuals; Businesses or other for-profit.
    Estimated Number of Respondents: 25.
    Estimated Time per Respondent:
    Developing notices: 16 hours.
    Notifying customers: 20 hours.
    Estimated Total Annual Burden: 900 hours.
    Frequency of Response: On occasion.
    The OCC issued a 60-day Federal Register notice on February 3, 2010 
(75 FR 5641). No comments were received. Comments continue to be 
invited on:
    (a) Whether the collection of information is necessary for the 
proper performance of the functions of the OCC, including whether the 
information has practical utility;
    (b) The accuracy of the OCC's estimate of the information 
collection;
    (c) Ways to enhance the quality, utility, and clarity of the 
information to be collected;
    (d) Ways to minimize the burden of the collection on respondents, 
including through the use of automated collection techniques or other 
forms of information technology;
    (e) Estimates of capital or start-up costs and costs of operation, 
maintenance, and purchase of services to provide information; and
    (f) Whether the estimates need to be adjusted based upon banks' 
experiences regarding the number of actual security breaches that 
occur.

    Dated: April 13, 2010.
Michele Meyer,
Assistant Director, Legislative and Regulatory Activities Division.
[FR Doc. 2010-8828 Filed 4-16-10; 8:45 am]
BILLING CODE P