Agency Information Collection Activities; Proposed Collection; Comment Request; Extension, 40614-40618 [2012-16730]
Download as PDF
<![CDATA[
40614
Federal Register / Vol. 77, No. 132 / Tuesday, July 10, 2012 / Notices
housing associate. The estimate for the
average hours per maintenance response
is 4 hours. The estimate for the annual
hour burden for current housing
associates is 272 hours (68 certified
housing associates × 1 response per
associate × 4 hours).
The estimate for the total annual hour
burden is 286 hours (14 hours + 272
hours).
C. Comment Request
In accordance with 5 CFR 1320.8(d),
FHFA published a request for public
comments regarding this information
collection in the Federal Register on
April 13, 2012.6 The 60-day comment
period closed on June 12, 2012. FHFA
received no public comments.
Written comments are requested on:
(1) Whether the collection of
information is necessary for the proper
performance of FHFA functions,
including whether the information has
practical utility; (2) the accuracy of the
FHFA estimates of the burdens of the
collection of information; (3) ways to
enhance the quality, utility and clarity
of the information collected; and (4)
ways to minimize the burden of the
collection of information on applicants
and housing associates, including
through the use of automated collection
techniques or other forms of information
technology. Comments may be
submitted to OMB in writing at the
address listed above.
Dated: June 29, 2012.
Kevin Winkler,
Chief Information Officer, Federal Housing
Finance Agency.
[FR Doc. 2012–16729 Filed 7–9–12; 8:45 am]
BILLING CODE 8070–01–P
FEDERAL RESERVE SYSTEM
mstockstill on DSK4VPTVN1PROD with NOTICES
Change in Bank Control Notices;
Acquisitions of Shares of a Bank or
Bank Holding Company
The notificants listed below have
applied under the Change in Bank
Control Act (12 U.S.C. 1817(j)) and
§ 225.41 of the Board’s Regulation Y (12
CFR 225.41) to acquire shares of a bank
or bank holding company. The factors
that are considered in acting on the
notices are set forth in paragraph 7 of
the Act (12 U.S.C. 1817(j)(7)).
The notices are available for
immediate inspection at the Federal
Reserve Bank indicated. The notices
also will be available for inspection at
the offices of the Board of Governors.
Interested persons may express their
views in writing to the Reserve Bank
6 See
77 FR 22316 (April 13, 2012).
VerDate Mar<15>2010
16:28 Jul 09, 2012
Jkt 226001
indicated for that notice or to the offices
of the Board of Governors. Comments
must be received not later than July 25,
2012.
A. Federal Reserve Bank of Atlanta
(Chapelle Davis, Assistant Vice
President) 1000 Peachtree Street NE.,
Atlanta, Georgia 30309:
1. John Hinton Waters, Madalyn
Kathlene Waters, Michael Thomas
Waters, John Andrew Waters, Michael
Jason Waters, Brittaney Laine
McConkey, Charles Hilton Richards, Jr.,
Ted Rembert Townsend, all of
Chatsworth, Georgia, and Jodi Waters
Matter, Marietta, Georgia; to collectively
retain voting shares of First Chatsworth
Bankshares, Inc., and thereby indirectly
retain voting shares of First National
Community Bank, both in Chatsworth,
Georgia.
2. The Robert Roschman Revocable
Trust, Robert Roschman, trustee; The
Lorrie Lei Roschman Revocable Trust,
Lorrie Roschman, trustee; The
Revocable Trust Created by Jeffrey S.
Roschman, Jeffrey Roschman, trustee;
CT Foundation, Betty Roschman,
Roschman Restaurant Administration,
and Kerry Roschman, all of Fort
Lauderdale, Florida; to collectively
retain voting shares of Giant Holdings,
Inc., and thereby indirectly retain voting
shares of Landmark Bank, N.A., both in
Fort Lauderdale, Florida.
B. Federal Reserve Bank of
Minneapolis (Jacqueline G. King,
Community Affairs Officer) 90
Hennepin Avenue, Minneapolis,
Minnesota 55480–0291:
1. Todd J. Zaun, Sartell, Minnesota; to
retain and acquire, and Steven M. Zaun,
Marina Del Ray, California, to acquire,
voting shares of Eden Valley
Bancshares, and thereby indirectly
acquire control State Bank in Eden
Valley, both in Eden Valley, Minnesota.
C. Federal Reserve Bank of Kansas
City (Dennis Denney, Assistant Vice
President) 1 Memorial Drive, Kansas
City, Missouri 64198–0001:
1. Kevin D. Postier and J. B. Suddarth,
both of York, Nebraska; to acquire
control of Henderson State Company,
and thereby indirectly acquire control of
Henderson State Bank, both in
Henderson, Nebraska.
D. Federal Reserve Bank of San
Francisco (Kenneth Binning, Vice
President, Applications and
Enforcement) 101 Market Street, San
Francisco, California 94105–1579:
1. Harlan D. Douglass, Maxine D.
Douglass, and Harlan D. Douglass, Inc.,
all of Spokane, Washington, to retain
voting shares of Northwest
Bancorporation, Inc. and thereby
indirectly retain voting shares of Inland
PO 00000
Frm 00051
Fmt 4703
Sfmt 4703
Northwest Bank, both in Spokane,
Washington.
Board of Governors of the Federal Reserve
System, July 5, 2012.
Robert deV. Frierson,
Deputy Secretary of the Board.
[FR Doc. 2012–16820 Filed 7–9–12; 8:45 am]
BILLING CODE 6210–01–P
FEDERAL TRADE COMMISSION
Agency Information Collection
Activities; Proposed Collection;
Comment Request; Extension
Federal Trade Commission
(‘‘FTC’’ or ‘‘Commission’’).
ACTION: Notice.
AGENCY:
The information collection
requirements described below will be
submitted to the Office of Management
and Budget (‘‘OMB’’) for review, as
required by the Paperwork Reduction
Act (‘‘PRA’’). The FTC is seeking public
comments on its proposal to extend
through November 30, 2015, the current
PRA clearance requirements contained
in the FTC Red Flags/Card Issuers/
Address Discrepancies Rules 1 (‘‘Red
Flags Rule’’ or ‘‘Rule’’). The current
clearance expires on November 30,
2012.
DATES: Comments must be submitted on
or before September 10, 2012.
ADDRESSES: Interested parties may file a
comment online or on paper, by
following the instructions in the
Request for Comment part of the
SUPPLEMENTARY INFORMATION section
below. Write ‘‘Red Flags Rule, PRA
Comment, Project No. P095406’’ on your
comment, and file your comment online
at https://ftcpublic.commentworks.com/
ftc/RedFlagPRA by following the
instructions on the web-based form. If
you prefer to file your comment on
paper, mail or deliver your comment to
the following address: Federal Trade
Commission, Office of the Secretary,
Room H–113 (Annex J), 600
Pennsylvania Avenue NW., Washington,
DC 20580.
FOR FURTHER INFORMATION CONTACT:
Steven Toporoff, Attorney, Bureau of
Consumer Protection, (202) 326–2252,
Federal Trade Commission, 600
Pennsylvania Avenue NW., Washington,
DC 20580.
SUPPLEMENTARY INFORMATION:
SUMMARY:
I. Overview of the Rule
The Rule implements sections 114
and 315 of the Fair Credit Reporting Act
(‘‘FCRA’’), 15 U.S.C. 1681 et seq., to
1 16
E:\FR\FM\10JYN1.SGM
CFR 681.1; 16 CFR 681.2; 16 CFR part 641.
10JYN1
Federal Register / Vol. 77, No. 132 / Tuesday, July 10, 2012 / Notices
require businesses to undertake
measures to prevent identity theft and to
increase the accuracy of consumer
reports.
Specifically, section 114 requires
financial institutions and some creditors
to develop and implement written
Identity Theft Prevention Programs.
Section 114 also mandates specific
regulations that require credit and debit
card issuers to assess the validity of
notifications of changes of address
under certain circumstances. Section
315 requires regulations that provide
guidance on what users of consumer
reports must do when they receive a
notice of address discrepancy from a
nationwide consumer reporting agency
(‘‘CRA’’).
Since promulgation of the original
Rule, President Obama signed the Red
Flag Program Clarification Act of 2010
(‘‘Clarification Act’’), which narrowed
the definition of ‘‘creditor’’ for purposes
of section 114 of the FCRA. Specifically,
the Clarification Act limits application
of the Red Flags Rule to creditors that
regularly and in the ordinary course of
business: (1) Obtain or use consumer
reports, directly or indirectly, in
connection with a credit transaction; (2)
furnish information to consumer
reporting agencies in connection with a
credit transaction; or (3) advance funds
to or on behalf of a person, based on a
person’s obligation to repay the funds or
on repayment from specific property
pledged by or on the person’s behalf.
This third prong does not include a
creditor that advances funds on behalf
of a person for expenses incidental to a
service provided by the creditor to that
person.
mstockstill on DSK4VPTVN1PROD with NOTICES
II. Description of Collection of
Information
A. FCRA Section 114
The Rule requires financial
institutions and covered creditors to
develop and implement a written
Identity Theft Prevention Program
(‘‘Program’’) to detect, prevent, and
mitigate identity theft in connection
with existing accounts or the opening of
new accounts. Under the Rule, financial
institutions and certain creditors must
conduct a periodic risk assessment to
determine if they maintain ‘‘covered
accounts.’’ The Rule defines that term
‘‘covered account’’ as either: (1) A
consumer account that is designed to
permit multiple payments or
transactions, or (2) any other account for
which there is a reasonably foreseeable
risk of identity theft. Each financial
institution and covered creditor that has
covered accounts must create a written
Program that contains reasonable
VerDate Mar<15>2010
16:28 Jul 09, 2012
Jkt 226001
policies and procedures to identity
relevant indicators of the possible
existence of identity theft (‘‘Red Flags’’);
detect Red Flags that have been
incorporated into the Program; respond
appropriately to any Red Flags that are
detected to prevent and mitigate
identity theft; and update the Program
periodically to ensure it reflects change
in risks to customers.
The Rule also requires financial
institutions and covered creditors to: (1)
Obtain approval of the initial written
Program by the board of directors; a
committee thereof or, if there is no
board, an appropriate senior employee;
(2) ensure oversight of the development,
implementation, and administration of
the Program; and (3) train staff, as
needed, to implement the Program; and
(4) exercise appropriate and effective
oversight of service provider
arrangements.
In addition, the Rule implements the
section 114 requirement that financial
institutions or covered creditors that
issue debit or credit cards (‘‘card
issuers’’) generally must assess the
validity of change of address
notifications. Specifically, if the card
issuer receives a notice of change of
address for an existing account and,
within a short period of time (during at
least the first 30 days), receives a
request for an additional or replacement
card for the same account, the issuer
must follow reasonable policies and
procedures to assess the validity of the
change of address.
B. FCRA Section 315
The Rule also implements section 315
of the FCRA, requiring each user of
consumer reports to have reasonable
policies and procedures in place to
employ when the user receives a notice
of address discrepancy from a CRA.
Specifically, each user of consumer
reports must develop and implement
reasonable policies and procedures to:
(1) Enable the user to form a reasonable
belief that a consumer report relates to
the consumer about whom it has
requested the report, when the user
receives a notice of address discrepancy;
and (2) furnish an address for the
consumer that the user has reasonably
confirmed is accurate to the CRA from
which it receives a notice of address
discrepancy, if certain conditions are
met.
III. Burden Estimates
Overall estimated burden hours
regarding sections 114 and 315,
combined, total 2,629,940 hours and the
associated estimated labor costs are
$81,837,080. Staff assumes that affected
entities will already have in place,
PO 00000
Frm 00052
Fmt 4703
Sfmt 4703
40615
independent of the Rule, equipment and
supplies necessary to carry out the tasks
necessary to comply with it.
A. FCRA Section 114
1. Estimated Hours Burden—Red Flags
Rule
As noted above, the Rule requires
financial institutions and certain
creditors with covered accounts to
develop and implement a written
Program. Under the FCRA, financial
institutions over which the FTC has
jurisdiction include state chartered
credit unions and certain insurance
companies.
Although narrowed by the
Clarification Act, the definition of
‘‘creditor’’ still covers a broad array of
entities. Moreover, the Clarification Act
does not set forth any exemptions from
Rule coverage. Rather, application of the
Rule depends upon an entity’s course of
conduct, not its status as a particular
type of business. For these reasons, it is
difficult to determine precisely the
number of creditors subject to the FTC’s
jurisdiction. There are numerous small
businesses under the FTC’s jurisdiction
that may qualify as ‘‘creditors,’’ and
there is no formal way to track them.
Nonetheless, FTC staff estimates that the
Rule’s requirement to have a written
Program affects over 7,025 financial
institutions 2 and 160,614 creditors.3
To estimate burden hours for the Red
Flags Rule under section 114, FTC staff
divided affected entities into two
categories, based on the nature of their
business: (1) Entities that are subject to
high risk of identity theft and (2) entities
that are subject to a low risk of identity
theft, but have covered accounts that
2 The total number of financial institutions
(7,025) is derived from an analysis of state credit
unions and insurers within the FTC’s jurisdiction
using 2007 Census data (the most recent Census
data available) and, where also available, online
industry data. The FTC’s 2009 PRA submission
estimated that the Rule affects over 57,000 financial
institutions. 74 FR 42303, 42304 (Aug. 21, 2009).
That figure also included, however, investment
companies, broker dealers, and money service
businesses. Those financial institutions are now
covered by the Commodities Future Trading
Commission and Securities and Exchange
Commission, and, therefore, have been eliminated
from the calculation of financial institutions in this
submission, leaving the net amount of 7,025
financial institutions within the FTC’s jurisdiction.
3 The total number of creditors (160,614) is
derived from an analysis of 2007 Census data and
industry data for businesses or organizations that
market goods and services to consumers or other
businesses or organizations subject to the FTC’s
jurisdiction, reduced by entities not likely to: (1)
Obtain credit reports, report credit transactions, or
advance loans; and (2) entities not likely to have
covered accounts under the Rule. As a result, the
estimated number of covered creditors has
decreased from nearly 2 million creditors in the
FTC’s 2009 submission to 160,614 creditors
currently. See 74 FR at 42304.
E:\FR\FM\10JYN1.SGM
10JYN1
40616
Federal Register / Vol. 77, No. 132 / Tuesday, July 10, 2012 / Notices
will require them to have a written
Program.
a. High-Risk Entities
FTC staff estimates that high-risk
entities 4 will each require 25 hours to
create and implement a written
Program, with an annual recurring
burden of one hour. FTC staff
anticipates that these entities will
incorporate into their Program policies
and procedures that they likely already
have in place. Further, FTC staff
estimates that preparation for an annual
report will require each high-risk entity
four hours initially, with an annual
recurring burden of one hour. Finally,
FTC staff believes that many of the highrisk entities, as part of their usual and
customary business practice, already
take steps to minimize losses due to
fraud, including conducting employee
training. Accordingly, only relevant staff
need be trained to implement the
Program: For example, staff already
trained as part of a covered entity’s antifraud prevention efforts do not need to
be re-trained as incrementally needed.
FTC staff estimates that training
connected with the implementation of a
Program of a high-risk entity will
require four hours, and annual training
thereafter will require one hour.
Thus, estimated hours for high-risk
entities are as follows:
• 105,774 high-risk entities subject to
the FTC’s jurisdiction at an average
annual burden of 13 hours per entity
[average annual burden over 3-year
clearance period for creation and
implementation of a Program ((25+1+1)/
3), plus average annual burden over 3year clearance period for staff training
((4+1+1)/3), plus average annual burden
over 3-year clearance period for
preparing an annual report ((4+1+1)/3)],
for a total of 1,375,062 hours.
mstockstill on DSK4VPTVN1PROD with NOTICES
b. Low-Risk Entities
Entities that have a minimal risk of
identity theft,5 but that have covered
accounts, must develop a Program;
however, they likely will only need a
streamlined Program. FTC staff
estimates that such entities will require
one hour to create such a Program, with
an annual recurring burden of five
minutes. Training staff of low-risk
entities to be attentive to future risks of
4 High-risk entities include, for example, financial
institutions within the FTC’s jurisdiction and
utilities, motor vehicle dealerships,
telecommunications firms, colleges and
universities, and hospitals.
5 Low-risk entities include, for example, public
warehouse and storage firms, nursing and
residential care facilities, automotive equipment
rental and leasing firms, office supplies and
stationary stores, fuel dealers, and financial
transactions processing firms.
VerDate Mar<15>2010
16:28 Jul 09, 2012
Jkt 226001
identity theft should require no more
than 10 minutes in an initial year, with
an annual recurring burden of five
minutes. FTC staff further estimates that
these entities will require, initially, 10
minutes to prepare an annual report,
with an annual recurring burden of five
minutes.
Thus, the estimated hours burden for
low-risk entities is as follows:
• 61,865 low risk entities that have
covered account subject to the FTC’s
jurisdiction at an average annual burden
of approximately 37 minutes per entity
[average annual burden over 3-year
clearance period for creation and
implementation of streamlined Program
((60+5+5)/3), plus average annual
burden over 3-year clearance period for
staff training ((10+5+5)/3), plus average
annual burden over 3-year clearance
period for preparing annual report
((10+5+5)/3], for a total of 38,150 hours.
2. Estimated Hours Burden—Card
Issuers Rule
As noted above, section 114 also
requires financial institutions and
covered creditors that issue credit or
debit cards to establish policies and
procedures to assess the validity of a
change of address request, including
notifying the cardholder or using
another means of assessing the validity
of the change of address. FTC staff
estimates that the Rule affects as many
as 17,9786 card issues within the FTC’s
jurisdiction. FTC staff believes that most
of these card issuers already have
automated the process of notifying the
cardholder or are using another means
to assess the validity of the change of
address, such that implementation will
pose no further burden. Nevertheless,
taking a conservative approach, FTC
staff estimates that it will take each card
issuer 4 hours to develop and
implement policy and procedures to
assess the validity of a change of
address request for a total burden of
71,912 hours.
Thus, the total average annual
estimated burden for Section 114 is
1,485,124 hours.
3. Estimated Cost Burden—Red Flags
and Card Issuers Rules
The FTC staff estimates labor costs by
applying appropriate estimated hourly
cost figures to the burden hours
described above. It is difficult to
calculate with precision the labor costs
associated with compliance with the
Rule, as they entail varying
compensation levels of management
6 Card issuers within the FTC’s jurisdiction
include, for example, state credit unions, general
retail merchandise stores, colleges and universities,
and telecoms.
PO 00000
Frm 00053
Fmt 4703
Sfmt 4703
(e.g., administrative services, computer
and information systems, training and
development) and/or technical staff
(e.g., computer support specialists,
systems analysts, network and computer
systems administrators) among
companies of different sizes. FTC staff
assumes that for all entities,
professional technical personnel and/or
management personnel will create and
implement the Program, prepare the
annual report, and train employees, at
an hourly rate of $42.7
Based on the above estimates and
assumptions, the total annual labor
costs for all categories of covered
entities under the Red Flags and Card
Issuers Rules for Section 114 is
$62,375,208 (1,485,124 hours × $42).
B. FCRA Section 315—The Address
Discrepancy Rule
As discussed above, the Rule’s
implementation of Section 315 provides
guidance on reasonable policies and
procedures that a user of consumer
reports must employ when a user
receives a notice of address discrepancy
from a CRA. Given the broad scope of
users of consumer reports, it is difficult
to determine with precision the number
of users of consumer reports that are
subject to the FTC’s jurisdiction. As
noted above, there are numerous small
businesses under the FTC’s jurisdiction,
and there is no formal way to track
them; moreover, as a whole, the entities
under the FTC’s jurisdiction are so
varied that there are no general sources
that provide a record of their existence.
Nonetheless, FTC staff estimates that the
Rule’s implementation of section 315
affects approximately 2,449,605 users of
consumer reports subject to the FTC’s
jurisdiction.8 Commission staff
estimates that approximately 10,000 of
these users will receive notice of a
discrepancy, in the course of their usual
and customary business practices, and
thereby have to furnish to CRAs an
address confirmation.9
7 This estimate is based on mean hourly wages
found at https://www.bls.gov/news.release/archives/
ocwage_03272012.pdf (‘‘Occupational Employment
and Wages–May 2011,’’ U.S. Department of Labor,
released March 2012, Table 1 (‘‘National
employment and wage data from the Occupational
Employment Statistics survey by occupation, May
2011’’) for the various managerial and technical
staff support exemplified above.
8 This estimate is derived from an analysis of
Census databases of U.S. businesses based on
NAICS codes for businesses in industries that
typically use consumer reports from CRAs
described in the Rule, which total 2,449,605 users
of consumer reports subject to the FTC’s
jurisdiction.
9 Report to Congress Under Sections 318 and 319
of the Fair and Accurate Credit Transactions of
2003, Federal Trade Commission, 80 (Dec. 2004)
available at https://www.ftc.gov/reports/facta/
041209factarpt.pdf.
E:\FR\FM\10JYN1.SGM
10JYN1
Federal Register / Vol. 77, No. 132 / Tuesday, July 10, 2012 / Notices
For section 315, FTC staff estimates
that the average annual information
collection burden during the three-year
period for which OMB clearance is
sought will be 1,144,816 hours. The
estimated associated labor cost is
$19,461.872.
1. Estimated Hours Burden
Prior to enactment of the Address
Discrepancy Rule, users of consumer
reports could compare the address on a
consumer report to the address provided
by the consumer and discern for
themselves any discrepancy. As a result,
FTC staff believes that many users of
consumer reports have developed
methods of reconciling address
discrepancies, and the following
estimates represent the incremental
amount of time users of consumer
reports may require to develop and
comply with the policies and
procedures for when they receive a
notice of address discrepancy.
mstockstill on DSK4VPTVN1PROD with NOTICES
a. Customer Verification
Given the varied nature of the entities
under the FTC’s jurisdiction, it is
difficult to determine precisely the
appropriate burden estimates.
Nonetheless, FTC staff estimates that it
would require an infrequent user of
consumer reports no more than 16
minutes to develop and comply with the
policies and procedures that it will
employ when it receives a notice of
address discrepancy, while a frequent
user might require one hour. Similarly,
FTC staff estimates that, during the
remaining two years of clearance, it may
take an infrequent user no more than
one minute to comply with the policies
and procedures it will employ when it
receives a notice of address discrepancy,
while a frequent user might require 45
minutes. Taking into account these
extremes, FTC staff estimates that,
during the first year, it will take users
of consumer reports under the FTC’s
jurisdiction an average of 38 minutes
[the midrange between 16 minutes and
60 minutes] to develop and comply with
the policies and procedures that they
will employ when they receive a notice
of address discrepancy. FTC staff also
estimates that the average recurring
burden for users of consumer reports to
comply with the Rule will be 23
minutes [the midrange between one
minute and 45 minutes].
Thus, for these 2,449,605 entities, the
average annual burden for each of them
to perform these collective tasks will be
28 minutes [(38 + 23 + 23) ÷ 3];
cumulatively, 1,143,149 hours.
VerDate Mar<15>2010
16:28 Jul 09, 2012
Jkt 226001
b. Address Verification
For the estimated 10,000 users of
consumer reports that will additionally
have to furnish to CRAs an address
confirmation upon notice of a
discrepancy, staff estimates that these
entities will require, initially, 30
minutes to develop related policies and
procedures. But, these 10,000 affected
entities likely will have automated the
process of furnishing the correct address
in the first year of a three-year PRA
clearance cycle. Thus, allowing for 30
minutes in the first year, with no annual
recurring burden in the second and
third years of clearance, yields an
average annual burden of 10 minutes
per entity to furnish a correct address to
a CRA, for a total of 1,667 hours.
2. Estimated Cost Burden
FTC staff assumes that the policies
and procedures for compliance with the
address discrepancy part of the Rule
will be set up by administrative support
personnel at an hourly rate of $17.10
Based on the above estimates and
assumptions, the total annual labor cost
for the two categories of burden under
section 315 is $19,461,872.
C. Burden Totals for FCRA Sections 114
and 315
Cumulatively, then, estimated burden
is 2,629,940 hours (1,485,124 hours for
section 114 and 1,144,816 hours for
section 315) and $81,837,080
($62,375,208 and $19,461,872) in
associated labor costs.
IV. Request for Comment
You can file a comment online or on
paper. For the Commission to consider
your comment, we must receive it on or
before September 10, 2012. Write ‘‘Red
Flags Rule, PRA Comment, Project No.
P095406’’ on your comment. Your
comment—including your name and
your state—will be placed on the public
record of this proceeding, including to
the extent practicable, on the public
Commission Web site, at https://
www.ftc.gov/os/publiccomments.shtm.
As a matter of discretion, the
Commission tries to remove individuals’
home contact information from
comments before placing them on the
Commission Web site.
Because your comment will be made
public, you are solely responsible for
10 This estimate is based on mean hourly wages
found at https://www.bls.gov/news.release/archives/
ocwage_03272012.pdf (‘‘Occupational Employment
and Wages–May 2011,’’ U.S. Department of Labor,
released March 2012, Table 1 (‘‘National
employment and wage data from the Occupational
Employment Statistics survey by occupation, May
2011’’) for administrative support staff (computer
operators, data entry, word processors and typists).
PO 00000
Frm 00054
Fmt 4703
Sfmt 4703
40617
making sure that your comment does
not include any sensitive personal
information, like anyone’s Social
Security number, date of birth, driver’s
license number or other state
identification number or foreign country
equivalent, passport number, financial
account number, or credit or debit card
number. You are also solely responsible
for making sure that your comment does
not include any sensitive health
information, like medical records or
other individually identifiable health
information. In addition, do not include
any ‘‘[t]rade secret or any commercial or
financial information which is obtained
from any person and which is privileged
or confidential’’ as provided in Section
6(f) of the FTC Act, 15 U.S.C. 46(f), and
FTC Rule 4.10(a)(2), 16 CFR 4.10(a)(2).
In particular, do not include
competitively sensitive information
such as costs, sales statistics,
inventories, formulas, patterns, devices,
manufacturing processes, or customer
names.
If you want the Commission to give
your comment confidential treatment,
you must file it in paper form, with a
request for confidential treatment, and
you have to follow the procedure
explained in FTC Rule 4.9(c).11 Your
comment will be kept confidential only
if the FTC General Counsel, in his or her
sole discretion, grants your request in
accordance with the law and the public
interest.
Postal mail addressed to the
Commission is subject to delay due to
heightened security screening. As a
result, we encourage you to submit your
comments online. To make sure that the
Commission considers your online
comment, you must file it at https://
ftcpublic.commentworks.com/ftc/
RedFlagPRA, by following the
instructions on the web-based form. If
this Notice appears at https://
www.regulations.gov/#!home, you also
may file a comment through that Web
site.
If you file your comment on paper,
write ‘‘Red Flags Rule, PRA Comment,
Project No. P095406’’ on your comment
and on the envelope, and mail or deliver
it to the following address: Federal
Trade Commission, Office of the
Secretary, Room H–113 (Annex J), 600
Pennsylvania Avenue NW., Washington,
DC 20580. If possible, submit your
paper comment to the Commission by
courier or overnight service.
11 In particular, the written request for
confidential treatment that accompanies the
comment must include the factual and legal basis
for the request, and must identify the specific
portions of the comment to be withheld from the
public record. See FTC Rule 4.9(c), 16 CFR 4.9(c).
E:\FR\FM\10JYN1.SGM
10JYN1
40618
Federal Register / Vol. 77, No. 132 / Tuesday, July 10, 2012 / Notices
Willard K. Tom,
General Counsel.
The ‘‘SMART-Indivo Challenge’’ is a
call to developers to build an Indivo app
that provides value to patients using
data delivered through the SMART API
and its Indivo-specific extensions.
The statutory authority for this
challenge competition is Section 105 of
the America COMPETES
Reauthorization Act of 2010 (Pub. L.
111–358).
DATES: Effective on July 9, 2012.
Challenge submission period ends
September 28, 2012, 11:59 p.m. et.
FOR FURTHER INFORMATION CONTACT:
Adam Wong, 202–720–2866; Wil Yu,
202–690–5920.
SUPPLEMENTARY INFORMATION:
[FR Doc. 2012–16730 Filed 7–9–12; 8:45 am]
Subject of Challenge Competition
BILLING CODE 6750–01–P
SMART <https://
www.smartplatforms.org> (Substitutable
Medical Apps, Reusable Technologies)
is one of four Strategic Health IT
Advanced Research Projects (SHARP)
funded by the Office of the National
Coordinator for Health Information
Technology https://healthit.hhs.gov/
portal/server.pt?open=512&objID=1806
&mode=2
A health care system adapting to the
effects of an aging population, growing
expenditures, and a diminishing
primary care workforce needs the
support of a flexible information
infrastructure that facilitates innovation
in wellness, health care, and public
health. Flexibility is critical, since the
system will have to function under new
policies and in the service of new health
care delivery mechanisms, and it will
need to incorporate emerging
information technologies on an ongoing
basis. SMART capacitates innovation in
health care by providing common APIs
and standards for electronic medical
records and personally controlled health
records, enabling them to act as iPhonelike platforms; users can download or
delete substitutable apps. Each app is
entirely modular, and can thus be
readily substituted with new apps that
provide improved functionality and
usability. Continuous innovation is the
result.
Indivo <https://indivohealth.org>
enables individuals to own and manage
a complete, secure, digital copy of their
health and wellness information,
integrated across sites of care and over
time. Indivo is entirely free and opensource, and is designed as a platform for
apps: Built to be extended and
customized. Using the SMART API and
standards, augmented by functionality
like sharing, developers can create
powerful patient-facing applications. Its
objective is to lower the barriers to
creating apps for health, leaving
Visit the Commission Web site at to
read this Notice and the news release
describing it. The FTC Act and other
laws that the Commission administers
permit the collection of public
comments to consider and use in this
proceeding as appropriate. The
Commission will consider all timely
and responsive public comments that it
receives on or before September 10,
2012. You can find more information,
including routine uses permitted by the
Privacy Act, in the Commission’s
privacy policy, at https://www.ftc.gov/
ftc/privacy.htm.
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Announcement of Requirements and
Registration for ‘‘SMART-Indivo
Challenge’’
Office of the National
Coordinator for Health Information
Technology, HHS.
Award Approving Official: Farzad
Mostashari, National Coordinator for
Health Information Technology.
ACTION: Notice.
AGENCY:
A health care system adapting
to the effects of an aging population,
growing expenditures, and a
diminishing primary care workforce
needs the support of a flexible
information infrastructure that
facilitates innovation in wellness, health
care, and public health. Flexibility is
critical, since the system will have to
function under new policies and in the
service of new health care delivery
mechanisms, and it will need to
incorporate emerging information
technologies on an ongoing basis.
SMART (Substitutable Medical Apps,
Reusable Technologies, one of four
Strategic Health IT Advanced Research
Projects funded by the Office of the
National Coordinator for Health
Information Technology) capacitates
innovation in health care by providing
common APIs and standards for
electronic medical records and
personally controlled health records,
enabling them to act as iPhone-like
platforms; users can download or delete
substitutable apps. Indivo enables
individuals to own and manage a
complete, secure, digital copy of their
health and wellness information,
integrated across sites of care and over
time.
mstockstill on DSK4VPTVN1PROD with NOTICES
SUMMARY:
VerDate Mar<15>2010
16:28 Jul 09, 2012
Jkt 226001
PO 00000
Frm 00055
Fmt 4703
Sfmt 4703
developers to be able to focus on their
ideas.
The ‘‘SMART-Indivo Challenge’’ is a
call to developers to build an Indivo app
that provides value to patients using
data delivered through the SMART API
and its Indivo-specific extensions. The
app will be either an HTML5 Web app
or an iOS app that runs against the
Indivo Developer Sandbox, where it can
access patient demographics,
medications, laboratory tests, and
diagnoses using Web standards.
Developers could, for example, build a
medication manager, a health risk
detector, a patient-friendly laboratory
visualization tool, or an app that
integrates external data sources (see
https://www.healthdata.gov/) with
patient records in real time.
More information about SMART and
Indivo APIs can be found at https://
indivohealth.org/smart-indivo/.
Mobile HTML5 web app submissions
are welcome, as are native applications
built on SMART’s iOS Framework.
Eligibility Rules for Participating in the
Competition
To be eligible to win a prize under
this challenge, an individual or entity—
(1) Shall have registered to participate
in the competition under the rules
promulgated by the Office of the
National Coordinator for Health
Information Technology.
(2) Shall have complied with all the
requirements under this section.
(3) In the case of a private entity, shall
be incorporated in and maintain a
primary place of business in the United
States, and in the case of an individual,
whether participating singly or in a
group, shall be a citizen or permanent
resident of the United States.
(4) May not be a Federal entity or
Federal employee acting within the
scope of their employment.
(5) Shall not be an HHS employee
working on their applications or
submissions during assigned duty
hours.
(6) Shall not be an employee of Office
of the National Coordinator for Health
IT.
(7) Federal grantees may not use
Federal funds to develop COMPETES
Act challenge applications unless
consistent with the purpose of their
grant award.
(8) Federal contractors may not use
Federal funds from a contract to develop
COMPETES Act challenge applications
or to fund efforts in support of a
COMPETES Act challenge submission.
(9) Personnel of the SHARP program
and their students are not eligible to
compete for the prize.
E:\FR\FM\10JYN1.SGM
10JYN1
]]>Agencies
[Federal Register Volume 77, Number 132 (Tuesday, July 10, 2012)]
[Notices]
[Pages 40614-40618]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2012-16730]
=======================================================================
-----------------------------------------------------------------------
FEDERAL TRADE COMMISSION
Agency Information Collection Activities; Proposed Collection;
Comment Request; Extension
AGENCY: Federal Trade Commission (``FTC'' or ``Commission'').
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The information collection requirements described below will
be submitted to the Office of Management and Budget (``OMB'') for
review, as required by the Paperwork Reduction Act (``PRA''). The FTC
is seeking public comments on its proposal to extend through November
30, 2015, the current PRA clearance requirements contained in the FTC
Red Flags/Card Issuers/Address Discrepancies Rules \1\ (``Red Flags
Rule'' or ``Rule''). The current clearance expires on November 30,
2012.
---------------------------------------------------------------------------
\1\ 16 CFR 681.1; 16 CFR 681.2; 16 CFR part 641.
---------------------------------------------------------------------------
DATES: Comments must be submitted on or before September 10, 2012.
ADDRESSES: Interested parties may file a comment online or on paper, by
following the instructions in the Request for Comment part of the
SUPPLEMENTARY INFORMATION section below. Write ``Red Flags Rule, PRA
Comment, Project No. P095406'' on your comment, and file your comment
online at https://ftcpublic.commentworks.com/ftc/RedFlagPRA by
following the instructions on the web-based form. If you prefer to file
your comment on paper, mail or deliver your comment to the following
address: Federal Trade Commission, Office of the Secretary, Room H-113
(Annex J), 600 Pennsylvania Avenue NW., Washington, DC 20580.
FOR FURTHER INFORMATION CONTACT: Steven Toporoff, Attorney, Bureau of
Consumer Protection, (202) 326-2252, Federal Trade Commission, 600
Pennsylvania Avenue NW., Washington, DC 20580.
SUPPLEMENTARY INFORMATION:
I. Overview of the Rule
The Rule implements sections 114 and 315 of the Fair Credit
Reporting Act (``FCRA''), 15 U.S.C. 1681 et seq., to
[[Page 40615]]
require businesses to undertake measures to prevent identity theft and
to increase the accuracy of consumer reports.
Specifically, section 114 requires financial institutions and some
creditors to develop and implement written Identity Theft Prevention
Programs. Section 114 also mandates specific regulations that require
credit and debit card issuers to assess the validity of notifications
of changes of address under certain circumstances. Section 315 requires
regulations that provide guidance on what users of consumer reports
must do when they receive a notice of address discrepancy from a
nationwide consumer reporting agency (``CRA'').
Since promulgation of the original Rule, President Obama signed the
Red Flag Program Clarification Act of 2010 (``Clarification Act''),
which narrowed the definition of ``creditor'' for purposes of section
114 of the FCRA. Specifically, the Clarification Act limits application
of the Red Flags Rule to creditors that regularly and in the ordinary
course of business: (1) Obtain or use consumer reports, directly or
indirectly, in connection with a credit transaction; (2) furnish
information to consumer reporting agencies in connection with a credit
transaction; or (3) advance funds to or on behalf of a person, based on
a person's obligation to repay the funds or on repayment from specific
property pledged by or on the person's behalf. This third prong does
not include a creditor that advances funds on behalf of a person for
expenses incidental to a service provided by the creditor to that
person.
II. Description of Collection of Information
A. FCRA Section 114
The Rule requires financial institutions and covered creditors to
develop and implement a written Identity Theft Prevention Program
(``Program'') to detect, prevent, and mitigate identity theft in
connection with existing accounts or the opening of new accounts. Under
the Rule, financial institutions and certain creditors must conduct a
periodic risk assessment to determine if they maintain ``covered
accounts.'' The Rule defines that term ``covered account'' as either:
(1) A consumer account that is designed to permit multiple payments or
transactions, or (2) any other account for which there is a reasonably
foreseeable risk of identity theft. Each financial institution and
covered creditor that has covered accounts must create a written
Program that contains reasonable policies and procedures to identity
relevant indicators of the possible existence of identity theft (``Red
Flags''); detect Red Flags that have been incorporated into the
Program; respond appropriately to any Red Flags that are detected to
prevent and mitigate identity theft; and update the Program
periodically to ensure it reflects change in risks to customers.
The Rule also requires financial institutions and covered creditors
to: (1) Obtain approval of the initial written Program by the board of
directors; a committee thereof or, if there is no board, an appropriate
senior employee; (2) ensure oversight of the development,
implementation, and administration of the Program; and (3) train staff,
as needed, to implement the Program; and (4) exercise appropriate and
effective oversight of service provider arrangements.
In addition, the Rule implements the section 114 requirement that
financial institutions or covered creditors that issue debit or credit
cards (``card issuers'') generally must assess the validity of change
of address notifications. Specifically, if the card issuer receives a
notice of change of address for an existing account and, within a short
period of time (during at least the first 30 days), receives a request
for an additional or replacement card for the same account, the issuer
must follow reasonable policies and procedures to assess the validity
of the change of address.
B. FCRA Section 315
The Rule also implements section 315 of the FCRA, requiring each
user of consumer reports to have reasonable policies and procedures in
place to employ when the user receives a notice of address discrepancy
from a CRA. Specifically, each user of consumer reports must develop
and implement reasonable policies and procedures to: (1) Enable the
user to form a reasonable belief that a consumer report relates to the
consumer about whom it has requested the report, when the user receives
a notice of address discrepancy; and (2) furnish an address for the
consumer that the user has reasonably confirmed is accurate to the CRA
from which it receives a notice of address discrepancy, if certain
conditions are met.
III. Burden Estimates
Overall estimated burden hours regarding sections 114 and 315,
combined, total 2,629,940 hours and the associated estimated labor
costs are $81,837,080. Staff assumes that affected entities will
already have in place, independent of the Rule, equipment and supplies
necessary to carry out the tasks necessary to comply with it.
A. FCRA Section 114
1. Estimated Hours Burden--Red Flags Rule
As noted above, the Rule requires financial institutions and
certain creditors with covered accounts to develop and implement a
written Program. Under the FCRA, financial institutions over which the
FTC has jurisdiction include state chartered credit unions and certain
insurance companies.
Although narrowed by the Clarification Act, the definition of
``creditor'' still covers a broad array of entities. Moreover, the
Clarification Act does not set forth any exemptions from Rule coverage.
Rather, application of the Rule depends upon an entity's course of
conduct, not its status as a particular type of business. For these
reasons, it is difficult to determine precisely the number of creditors
subject to the FTC's jurisdiction. There are numerous small businesses
under the FTC's jurisdiction that may qualify as ``creditors,'' and
there is no formal way to track them. Nonetheless, FTC staff estimates
that the Rule's requirement to have a written Program affects over
7,025 financial institutions \2\ and 160,614 creditors.\3\
---------------------------------------------------------------------------
\2\ The total number of financial institutions (7,025) is
derived from an analysis of state credit unions and insurers within
the FTC's jurisdiction using 2007 Census data (the most recent
Census data available) and, where also available, online industry
data. The FTC's 2009 PRA submission estimated that the Rule affects
over 57,000 financial institutions. 74 FR 42303, 42304 (Aug. 21,
2009). That figure also included, however, investment companies,
broker dealers, and money service businesses. Those financial
institutions are now covered by the Commodities Future Trading
Commission and Securities and Exchange Commission, and, therefore,
have been eliminated from the calculation of financial institutions
in this submission, leaving the net amount of 7,025 financial
institutions within the FTC's jurisdiction.
\3\ The total number of creditors (160,614) is derived from an
analysis of 2007 Census data and industry data for businesses or
organizations that market goods and services to consumers or other
businesses or organizations subject to the FTC's jurisdiction,
reduced by entities not likely to: (1) Obtain credit reports, report
credit transactions, or advance loans; and (2) entities not likely
to have covered accounts under the Rule. As a result, the estimated
number of covered creditors has decreased from nearly 2 million
creditors in the FTC's 2009 submission to 160,614 creditors
currently. See 74 FR at 42304.
---------------------------------------------------------------------------
To estimate burden hours for the Red Flags Rule under section 114,
FTC staff divided affected entities into two categories, based on the
nature of their business: (1) Entities that are subject to high risk of
identity theft and (2) entities that are subject to a low risk of
identity theft, but have covered accounts that
[[Page 40616]]
will require them to have a written Program.
a. High-Risk Entities
FTC staff estimates that high-risk entities \4\ will each require
25 hours to create and implement a written Program, with an annual
recurring burden of one hour. FTC staff anticipates that these entities
will incorporate into their Program policies and procedures that they
likely already have in place. Further, FTC staff estimates that
preparation for an annual report will require each high-risk entity
four hours initially, with an annual recurring burden of one hour.
Finally, FTC staff believes that many of the high-risk entities, as
part of their usual and customary business practice, already take steps
to minimize losses due to fraud, including conducting employee
training. Accordingly, only relevant staff need be trained to implement
the Program: For example, staff already trained as part of a covered
entity's anti-fraud prevention efforts do not need to be re-trained as
incrementally needed. FTC staff estimates that training connected with
the implementation of a Program of a high-risk entity will require four
hours, and annual training thereafter will require one hour.
---------------------------------------------------------------------------
\4\ High-risk entities include, for example, financial
institutions within the FTC's jurisdiction and utilities, motor
vehicle dealerships, telecommunications firms, colleges and
universities, and hospitals.
---------------------------------------------------------------------------
Thus, estimated hours for high-risk entities are as follows:
105,774 high-risk entities subject to the FTC's
jurisdiction at an average annual burden of 13 hours per entity
[average annual burden over 3-year clearance period for creation and
implementation of a Program ((25+1+1)/3), plus average annual burden
over 3-year clearance period for staff training ((4+1+1)/3), plus
average annual burden over 3-year clearance period for preparing an
annual report ((4+1+1)/3)], for a total of 1,375,062 hours.
b. Low-Risk Entities
Entities that have a minimal risk of identity theft,\5\ but that
have covered accounts, must develop a Program; however, they likely
will only need a streamlined Program. FTC staff estimates that such
entities will require one hour to create such a Program, with an annual
recurring burden of five minutes. Training staff of low-risk entities
to be attentive to future risks of identity theft should require no
more than 10 minutes in an initial year, with an annual recurring
burden of five minutes. FTC staff further estimates that these entities
will require, initially, 10 minutes to prepare an annual report, with
an annual recurring burden of five minutes.
---------------------------------------------------------------------------
\5\ Low-risk entities include, for example, public warehouse and
storage firms, nursing and residential care facilities, automotive
equipment rental and leasing firms, office supplies and stationary
stores, fuel dealers, and financial transactions processing firms.
---------------------------------------------------------------------------
Thus, the estimated hours burden for low-risk entities is as
follows:
61,865 low risk entities that have covered account subject
to the FTC's jurisdiction at an average annual burden of approximately
37 minutes per entity [average annual burden over 3-year clearance
period for creation and implementation of streamlined Program
((60+5+5)/3), plus average annual burden over 3-year clearance period
for staff training ((10+5+5)/3), plus average annual burden over 3-year
clearance period for preparing annual report ((10+5+5)/3], for a total
of 38,150 hours.
2. Estimated Hours Burden--Card Issuers Rule
As noted above, section 114 also requires financial institutions
and covered creditors that issue credit or debit cards to establish
policies and procedures to assess the validity of a change of address
request, including notifying the cardholder or using another means of
assessing the validity of the change of address. FTC staff estimates
that the Rule affects as many as 17,978\6\ card issues within the FTC's
jurisdiction. FTC staff believes that most of these card issuers
already have automated the process of notifying the cardholder or are
using another means to assess the validity of the change of address,
such that implementation will pose no further burden. Nevertheless,
taking a conservative approach, FTC staff estimates that it will take
each card issuer 4 hours to develop and implement policy and procedures
to assess the validity of a change of address request for a total
burden of 71,912 hours.
---------------------------------------------------------------------------
\6\ Card issuers within the FTC's jurisdiction include, for
example, state credit unions, general retail merchandise stores,
colleges and universities, and telecoms.
---------------------------------------------------------------------------
Thus, the total average annual estimated burden for Section 114 is
1,485,124 hours.
3. Estimated Cost Burden--Red Flags and Card Issuers Rules
The FTC staff estimates labor costs by applying appropriate
estimated hourly cost figures to the burden hours described above. It
is difficult to calculate with precision the labor costs associated
with compliance with the Rule, as they entail varying compensation
levels of management (e.g., administrative services, computer and
information systems, training and development) and/or technical staff
(e.g., computer support specialists, systems analysts, network and
computer systems administrators) among companies of different sizes.
FTC staff assumes that for all entities, professional technical
personnel and/or management personnel will create and implement the
Program, prepare the annual report, and train employees, at an hourly
rate of $42.\7\
---------------------------------------------------------------------------
\7\ This estimate is based on mean hourly wages found at https://www.bls.gov/news.release/archives/ocwage_03272012.pdf
(``Occupational Employment and Wages-May 2011,'' U.S. Department of
Labor, released March 2012, Table 1 (``National employment and wage
data from the Occupational Employment Statistics survey by
occupation, May 2011'') for the various managerial and technical
staff support exemplified above.
---------------------------------------------------------------------------
Based on the above estimates and assumptions, the total annual
labor costs for all categories of covered entities under the Red Flags
and Card Issuers Rules for Section 114 is $62,375,208 (1,485,124 hours
x $42).
B. FCRA Section 315--The Address Discrepancy Rule
As discussed above, the Rule's implementation of Section 315
provides guidance on reasonable policies and procedures that a user of
consumer reports must employ when a user receives a notice of address
discrepancy from a CRA. Given the broad scope of users of consumer
reports, it is difficult to determine with precision the number of
users of consumer reports that are subject to the FTC's jurisdiction.
As noted above, there are numerous small businesses under the FTC's
jurisdiction, and there is no formal way to track them; moreover, as a
whole, the entities under the FTC's jurisdiction are so varied that
there are no general sources that provide a record of their existence.
Nonetheless, FTC staff estimates that the Rule's implementation of
section 315 affects approximately 2,449,605 users of consumer reports
subject to the FTC's jurisdiction.\8\ Commission staff estimates that
approximately 10,000 of these users will receive notice of a
discrepancy, in the course of their usual and customary business
practices, and thereby have to furnish to CRAs an address
confirmation.\9\
---------------------------------------------------------------------------
\8\ This estimate is derived from an analysis of Census
databases of U.S. businesses based on NAICS codes for businesses in
industries that typically use consumer reports from CRAs described
in the Rule, which total 2,449,605 users of consumer reports subject
to the FTC's jurisdiction.
\9\ Report to Congress Under Sections 318 and 319 of the Fair
and Accurate Credit Transactions of 2003, Federal Trade Commission,
80 (Dec. 2004) available at https://www.ftc.gov/reports/facta/041209factarpt.pdf.
---------------------------------------------------------------------------
[[Page 40617]]
For section 315, FTC staff estimates that the average annual
information collection burden during the three-year period for which
OMB clearance is sought will be 1,144,816 hours. The estimated
associated labor cost is $19,461.872.
1. Estimated Hours Burden
Prior to enactment of the Address Discrepancy Rule, users of
consumer reports could compare the address on a consumer report to the
address provided by the consumer and discern for themselves any
discrepancy. As a result, FTC staff believes that many users of
consumer reports have developed methods of reconciling address
discrepancies, and the following estimates represent the incremental
amount of time users of consumer reports may require to develop and
comply with the policies and procedures for when they receive a notice
of address discrepancy.
a. Customer Verification
Given the varied nature of the entities under the FTC's
jurisdiction, it is difficult to determine precisely the appropriate
burden estimates. Nonetheless, FTC staff estimates that it would
require an infrequent user of consumer reports no more than 16 minutes
to develop and comply with the policies and procedures that it will
employ when it receives a notice of address discrepancy, while a
frequent user might require one hour. Similarly, FTC staff estimates
that, during the remaining two years of clearance, it may take an
infrequent user no more than one minute to comply with the policies and
procedures it will employ when it receives a notice of address
discrepancy, while a frequent user might require 45 minutes. Taking
into account these extremes, FTC staff estimates that, during the first
year, it will take users of consumer reports under the FTC's
jurisdiction an average of 38 minutes [the midrange between 16 minutes
and 60 minutes] to develop and comply with the policies and procedures
that they will employ when they receive a notice of address
discrepancy. FTC staff also estimates that the average recurring burden
for users of consumer reports to comply with the Rule will be 23
minutes [the midrange between one minute and 45 minutes].
Thus, for these 2,449,605 entities, the average annual burden for
each of them to perform these collective tasks will be 28 minutes [(38
+ 23 + 23) / 3]; cumulatively, 1,143,149 hours.
b. Address Verification
For the estimated 10,000 users of consumer reports that will
additionally have to furnish to CRAs an address confirmation upon
notice of a discrepancy, staff estimates that these entities will
require, initially, 30 minutes to develop related policies and
procedures. But, these 10,000 affected entities likely will have
automated the process of furnishing the correct address in the first
year of a three-year PRA clearance cycle. Thus, allowing for 30 minutes
in the first year, with no annual recurring burden in the second and
third years of clearance, yields an average annual burden of 10 minutes
per entity to furnish a correct address to a CRA, for a total of 1,667
hours.
2. Estimated Cost Burden
FTC staff assumes that the policies and procedures for compliance
with the address discrepancy part of the Rule will be set up by
administrative support personnel at an hourly rate of $17.\10\ Based on
the above estimates and assumptions, the total annual labor cost for
the two categories of burden under section 315 is $19,461,872.
---------------------------------------------------------------------------
\10\ This estimate is based on mean hourly wages found at https://www.bls.gov/news.release/archives/ocwage_03272012.pdf
(``Occupational Employment and Wages-May 2011,'' U.S. Department of
Labor, released March 2012, Table 1 (``National employment and wage
data from the Occupational Employment Statistics survey by
occupation, May 2011'') for administrative support staff (computer
operators, data entry, word processors and typists).
---------------------------------------------------------------------------
C. Burden Totals for FCRA Sections 114 and 315
Cumulatively, then, estimated burden is 2,629,940 hours (1,485,124
hours for section 114 and 1,144,816 hours for section 315) and
$81,837,080 ($62,375,208 and $19,461,872) in associated labor costs.
IV. Request for Comment
You can file a comment online or on paper. For the Commission to
consider your comment, we must receive it on or before September 10,
2012. Write ``Red Flags Rule, PRA Comment, Project No. P095406'' on
your comment. Your comment--including your name and your state--will be
placed on the public record of this proceeding, including to the extent
practicable, on the public Commission Web site, at https://www.ftc.gov/os/publiccomments.shtm. As a matter of discretion, the Commission tries
to remove individuals' home contact information from comments before
placing them on the Commission Web site.
Because your comment will be made public, you are solely
responsible for making sure that your comment does not include any
sensitive personal information, like anyone's Social Security number,
date of birth, driver's license number or other state identification
number or foreign country equivalent, passport number, financial
account number, or credit or debit card number. You are also solely
responsible for making sure that your comment does not include any
sensitive health information, like medical records or other
individually identifiable health information. In addition, do not
include any ``[t]rade secret or any commercial or financial information
which is obtained from any person and which is privileged or
confidential'' as provided in Section 6(f) of the FTC Act, 15 U.S.C.
46(f), and FTC Rule 4.10(a)(2), 16 CFR 4.10(a)(2). In particular, do
not include competitively sensitive information such as costs, sales
statistics, inventories, formulas, patterns, devices, manufacturing
processes, or customer names.
If you want the Commission to give your comment confidential
treatment, you must file it in paper form, with a request for
confidential treatment, and you have to follow the procedure explained
in FTC Rule 4.9(c).\11\ Your comment will be kept confidential only if
the FTC General Counsel, in his or her sole discretion, grants your
request in accordance with the law and the public interest.
---------------------------------------------------------------------------
\11\ In particular, the written request for confidential
treatment that accompanies the comment must include the factual and
legal basis for the request, and must identify the specific portions
of the comment to be withheld from the public record. See FTC Rule
4.9(c), 16 CFR 4.9(c).
---------------------------------------------------------------------------
Postal mail addressed to the Commission is subject to delay due to
heightened security screening. As a result, we encourage you to submit
your comments online. To make sure that the Commission considers your
online comment, you must file it at https://ftcpublic.commentworks.com/ftc/RedFlagPRA, by following the instructions on the web-based form. If
this Notice appears at https://www.regulations.gov/#!home, you also may
file a comment through that Web site.
If you file your comment on paper, write ``Red Flags Rule, PRA
Comment, Project No. P095406'' on your comment and on the envelope, and
mail or deliver it to the following address: Federal Trade Commission,
Office of the Secretary, Room H-113 (Annex J), 600 Pennsylvania Avenue
NW., Washington, DC 20580. If possible, submit your paper comment to
the Commission by courier or overnight service.
[[Page 40618]]
Visit the Commission Web site at to read this Notice and the news
release describing it. The FTC Act and other laws that the Commission
administers permit the collection of public comments to consider and
use in this proceeding as appropriate. The Commission will consider all
timely and responsive public comments that it receives on or before
September 10, 2012. You can find more information, including routine
uses permitted by the Privacy Act, in the Commission's privacy policy,
at https://www.ftc.gov/ftc/privacy.htm.
Willard K. Tom,
General Counsel.
[FR Doc. 2012-16730 Filed 7-9-12; 8:45 am]
BILLING CODE 6750-01-P
