Agency Information Collection Activities; Submission for OMB Review; Comment Request; Extension, 51535-51536 [2012-20909]
Download as PDF
<![CDATA[
erowe on DSK2VPTVN1PROD with
Federal Register / Vol. 77, No. 165 / Friday, August 24, 2012 / Notices
Appendix J to Part 334 implement
sections 114 and 315 of the Fair and
Accurate Credit Transactions Act of
2003 (FACT Act), Public Law 108–159
(2003). Section 114 amended section
615 of the Fair Credit Reporting Act
(FCRA) to require the OCC, FRB, FDIC,
OTS, NCUA, and FTC (Agencies) to
issue jointly (i) Guidelines for financial
institutions and creditors regarding
identity theft with respect to their
account holders and customers; (ii)
regulations requiring each financial
institution and creditor to establish
reasonable policies and procedures for
implementing the guidelines to identify
possible risks to account holders or
customers or to the safety and
soundness of the institution or creditor;
and (iii) regulations generally requiring
credit and debit card issuers to assess
the validity of change of address
requests under certain circumstances.
Section 315 amended section 605 of the
FCRA to require the Agencies to issue
regulations providing guidance
regarding reasonable policies and
procedures that a user of consumer
reports must employ when a user
receives a notice of address discrepancy
from a consumer reporting agency
(CRA). The information collections in
Sec. 334.90 require each financial
institution and creditor that offers or
maintains one or more covered accounts
to develop and implement a written
Identity Theft Prevention Program
(Program). In developing the Program,
financial institutions and creditors are
required to consider the guidelines in
Appendix J to Part 334 and include
those that are appropriate. The initial
Program must be approved by the board
of directors or an appropriate committee
thereof and the board, an appropriate
committee thereof or a designated
employee at the level of senior
management must be involved in the
oversight of the Program. In addition,
staff must be trained to carry out the
Program. Pursuant to Sec. 334.91, each
credit and debit card issuer is required
to establish and implement policies and
procedures to assess the validity of a
change of address request under certain
circumstances. Before issuing an
additional or replacement card, the card
issuer must notify the cardholder or use
another means to assess the validity of
the change of address. The information
collections in Sec. 41.82 require each
user of consumer reports to develop and
implement reasonable policies and
procedures designed to enable the user
to form a reasonable belief that a
consumer report relates to the consumer
about whom it requested the report
when the user receives a notice of
VerDate Mar<15>2010
15:22 Aug 23, 2012
Jkt 226001
address discrepancy from a CRA. A user
of consumer reports must also develop
and implement reasonable policies and
procedures for furnishing an address for
the consumer that the user has
reasonably confirmed to be accurate to
the CRA from which it receives a notice
of address discrepancy when: (1) The
user can form a reasonable belief that
the consumer report relates to the
consumer about whom the user has
requested the report; (2) the user
establishes a continuing relationship
with the consumer; and (3) the user
regularly and in the ordinary course of
business furnishes information to the
CRA from which it received the notice
of address discrepancy.
Request for Comment
Comments are invited on: (a) Whether
the collection of information is
necessary for the proper performance of
the FDIC’s functions, including whether
the information has practical utility; (b)
the accuracy of the estimates of the
burden of the information collection,
including the validity of the
methodology and assumptions used; (c)
ways to enhance the quality, utility, and
clarity of the information to be
collected; and (d) ways to minimize the
burden of the information collection on
respondents, including through the use
of automated collection techniques or
other forms of information technology.
All comments will become a matter of
public record.
Dated at Washington, DC, this 20th day of
August 2012.
Federal Deposit Insurance Corporation.
Robert E. Feldman,
Executive Secretary.
[FR Doc. 2012–20810 Filed 8–23–12; 8:45 am]
BILLING CODE 6714–01–P
FEDERAL TRADE COMMISSION
Agency Information Collection
Activities; Submission for OMB
Review; Comment Request; Extension
Federal Trade Commission
(‘‘FTC’’ or ‘‘Commission’’).
ACTION: Notice.
AGENCY:
The FTC intends to ask the
Office of Management and Budget
(‘‘OMB’’) to extend through September
30, 2015, the current Paperwork
Reduction Act (‘‘PRA’’) clearance for the
information collection requirements in
the Health Breach Notification Rule.
That clearance expires on September 30,
2012.
DATES: Comments must be filed by
September 24, 2012.
SUMMARY:
PO 00000
Frm 00025
Fmt 4703
Sfmt 4703
51535
Interested parties may file a
comment online or on paper, by
following the instructions in the
Request for Comment part of the
SUPPLEMENTARY INFORMATION section
below. Write ‘‘Health Breach
Notification Rule, PRA Comments, P–
125402’’ on your comment and file your
comment online at https://
ftcpublic.commentworks.com/ftc/
healthbreachnotificationPRA2, by
following the instructions on the webbased form. If you prefer to file your
comment on paper, mail or deliver your
comment to the following address:
Federal Trade Commission, Office of the
Secretary, Room H–113 (Annex J), 600
Pennsylvania Avenue NW., Washington,
DC 20580.
FOR FURTHER INFORMATION CONTACT:
Amanda Koulousias, Attorney, Division
of Privacy and Identity Protection,
Bureau of Consumer Protection, Federal
Trade Commission, 600 Pennsylvania
Avenue NW., Washington, DC 20580,
(202) 326–2252.
SUPPLEMENTARY INFORMATION:
Title: Health Breach Notification Rule.
OMB Control Number: 3084–0150.
Type of Review: Extension of a
currently approved collection.
Abstract: The Health Breach
Notification Rule (‘‘Rule’’), 16 CFR Part
318, requires vendors of personal health
records and PHR related entities 1 to
provide: (1) Notice to consumers whose
unsecured personally identifiable health
information has been breached; and (2)
notice to the Commission. The Rule
only applies to electronic health records
and does not include recordkeeping
requirements. The Rule requires third
party service providers (i.e., those
companies that provide services such as
billing or data storage) to vendors of
personal health records and PHR related
entities to provide notification to such
vendors and PHR related entities
following the discovery of a breach. To
notify the FTC of a breach, the
Commission developed a form, which is
posted at www.ftc.gov/healthbreach, for
entities subject to the rule to complete
and return to the agency.
On May 29, 2012, the FTC sought
comment on the information collection
requirements associated with the Rule.
77 FR 31612. No comments were
ADDRESSES:
1 ‘‘PHR related entity’’ means an entity, other than
a HIPAA-covered entity or an entity to the extent
that it engages in activities as a business associate
of a HIPAA-covered entity, that: (1) Offers products
or services through the Web site of a vendor of
personal health records; (2) offers products or
services through the Web sites of HIPAA-covered
entities that offer individuals personal health
records; or (3) accesses information in a personal
health record or sends information to a personal
health record. 16 CFR 318.2(f).
E:\FR\FM\24AUN1.SGM
24AUN1
erowe on DSK2VPTVN1PROD with
51536
Federal Register / Vol. 77, No. 165 / Friday, August 24, 2012 / Notices
received. Pursuant to the OMB
regulations, 5 CFR Part 1320, that
implement the PRA, 44 U.S.C. 3501 et
seq., the FTC is providing this second
opportunity for public comment while
seeking OMB approval to renew the preexisting clearance for the Rule. For more
details about the Rule requirements and
the basis for the calculations
summarized below, see 77 FR 31612.
Estimated Annual Burden: 100 hours
per breach (to determine what
information has been breached, identify
the affected customers, prepare the
breach notice, and make the required
report to the Commission) + 192 hours
to process an estimated 500 calls in the
event of a data breach.
Estimated Frequency: 2 breach
incidents.
Total Annual Labor Cost: $13,379.
Total Annual Capital or Other NonLabor Cost: $7,918.
Request For Comment:
You can file a comment online or on
paper. For the Commission to consider
your comment, we must receive it on or
before September 24, 2012. Write
‘‘Health Breach Notification Rule, PRA
Comments, P–125402’’ on your
comment. Your comment—including
your name and your state—will be
placed on the public record of this
proceeding, including to the extent
practicable, on the public Commission
Web site, at https://www.ftc.gov/os/
publiccomments.shtm. As a matter of
discretion, the Commission tries to
remove individuals’ home contact
information from comments before
placing them on the Commission Web
site.
Because your comment will be made
public, you are solely responsible for
making sure that your comment does
not include any sensitive personal
information, like anyone’s Social
Security number, date of birth, driver’s
license number or other state
identification number or foreign country
equivalent, passport number, financial
account number, or credit or debit card
number. You are also solely responsible
for making sure that your comment does
not include any sensitive health
information, like medical records or
other individually identifiable health
information. In addition, do not include
any ‘‘[t]rade secret or any commercial or
financial information which is * * *
privileged or confidential’’ as provided
in Section 6(f) of the FTC Act, 15 U.S.C.
46(f), and FTC Rule 4.10(a)(2), 16 CFR
4.10(a)(2). In particular, do not include
competitively sensitive information
such as costs, sales statistics,
inventories, formulas, patterns, devices,
manufacturing processes, or customer
names.
VerDate Mar<15>2010
15:22 Aug 23, 2012
Jkt 226001
If you want the Commission to give
your comment confidential treatment,
you must file it in paper form, with a
request for confidential treatment, and
you have to follow the procedure
explained in FTC Rule 4.9(c).2 Your
comment will be kept confidential only
if the FTC General Counsel, in his or her
sole discretion, grants your request in
accordance with the law and the public
interest.
Postal mail addressed to the
Commission is subject to delay due to
heightened security screening. As a
result, we encourage you to submit your
comments online. To make sure that the
Commission considers your online
comment, you must file it at https://
ftcpublic.commentworks.com/ftc/
healthbreachnotificationPRA2, by
following the instructions on the webbased form. If this Notice appears at
https://www.regulations.gov/#!home, you
also may file a comment through that
Web site.
If you file your comment on paper,
write ‘‘Health Breach Notification Rule,
PRA comments, P–125402’’ on your
comment and on the envelope, and mail
or deliver it to the following address:
Federal Trade Commission, Office of the
Secretary, Room H–113 (Annex J), 600
Pennsylvania Avenue NW., Washington,
DC 20580. If possible, submit your
paper comment to the Commission by
courier or overnight service.
Visit the Commission Web site at
https://www.ftc.gov to read this Notice
and the news release describing it. The
FTC Act and other laws that the
Commission administers permit the
collection of public comments to
consider and use in this proceeding as
appropriate. The Commission will
consider all timely and responsive
public comments that it receives on or
before September 24, 2012. You can find
more information, including routine
uses permitted by the Privacy Act, in
the Commission’s privacy policy, at
https://www.ftc.gov/ftc/privacy.htm.
Comments on the disclosure and
reporting requirements subject to review
under the PRA should additionally be
submitted to OMB. If sent by U.S. mail,
they should be addressed to Office of
Information and Regulatory Affairs,
Office of Management and Budget,
Attention: Desk Officer for the Federal
Trade Commission, New Executive
Office Building, Docket Library, Room
10102, 725 17th Street NW.,
Washington, DC 20503. Comments sent
2 In particular, the written request for confidential
treatment that accompanies the comment must
include the factual and legal basis for the request,
and must identify the specific portions of the
comment to be withheld from the public record. See
FTC Rule 4.9(c), 16 CFR 4.9(c).
PO 00000
Frm 00026
Fmt 4703
Sfmt 4703
to OMB by U.S. postal mail, however,
are subject to delays due to heightened
security precautions. Thus, comments
instead should be sent by facsimile to
(202) 395–5167.
Willard K. Tom,
General Counsel.
[FR Doc. 2012–20909 Filed 8–23–12; 8:45 am]
BILLING CODE 6750–01–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Meeting of the National Vaccine
Advisory Committee
Department of Health and
Human Services, Office of the Secretary,
Office of the Assistant Secretary for
Health.
ACTION: Notice of meeting.
AGENCY:
As stipulated by the Federal
Advisory Committee Act, the
Department of Health and Human
Services (HHS) is hereby giving notice
that the National Vaccine Advisory
Committee (NVAC) will hold a meeting.
The meeting is open to the public. Preregistration is required for both public
attendance and comment. Individuals
who wish to attend the meeting and/or
participate in the public comment
session should register at https://
www.hhs.gov/nvpo/nvac, email
nvpo@hhs.gov or call 202–690–5566 and
provide name, organization, and email
address.
SUMMARY:
The meeting will be held on
September 11–12, 2012. The meeting
times and agenda will be posted on the
NVAC Web site at https://www.hhs.gov/
nvpo/nvac as soon they become
available.
DATES:
U.S. Department of Health
and Human Services, Hubert H.
Humphrey Building, Room 800, 200
Independence Avenue SW.,
Washington, DC 20201.
FOR FURTHER INFORMATION CONTACT:
National Vaccine Program Office, U.S.
Department of Health and Human
Services, Room 715–H, Hubert H.
Humphrey Building, 200 Independence
Avenue SW., Washington, DC 20201.
Phone: (202) 690–5566; Fax: (202) 690–
4631; email: nvpo@hhs.gov.
SUPPLEMENTARY INFORMATION: Pursuant
to Section 2101 of the Public Health
Service Act (42 U.S.C. 300aa–1), the
Secretary of Health and Human Services
was mandated to establish the National
Vaccine Program to achieve optimal
prevention of human infectious diseases
through immunization and to achieve
optimal prevention against adverse
ADDRESSES:
E:\FR\FM\24AUN1.SGM
24AUN1
]]>Agencies
[Federal Register Volume 77, Number 165 (Friday, August 24, 2012)]
[Notices]
[Pages 51535-51536]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2012-20909]
=======================================================================
-----------------------------------------------------------------------
FEDERAL TRADE COMMISSION
Agency Information Collection Activities; Submission for OMB
Review; Comment Request; Extension
AGENCY: Federal Trade Commission (``FTC'' or ``Commission'').
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The FTC intends to ask the Office of Management and Budget
(``OMB'') to extend through September 30, 2015, the current Paperwork
Reduction Act (``PRA'') clearance for the information collection
requirements in the Health Breach Notification Rule. That clearance
expires on September 30, 2012.
DATES: Comments must be filed by September 24, 2012.
ADDRESSES: Interested parties may file a comment online or on paper, by
following the instructions in the Request for Comment part of the
SUPPLEMENTARY INFORMATION section below. Write ``Health Breach
Notification Rule, PRA Comments, P-125402'' on your comment and file
your comment online at https://ftcpublic.commentworks.com/ftc/healthbreachnotificationPRA2, by following the instructions on the web-
based form. If you prefer to file your comment on paper, mail or
deliver your comment to the following address: Federal Trade
Commission, Office of the Secretary, Room H-113 (Annex J), 600
Pennsylvania Avenue NW., Washington, DC 20580.
FOR FURTHER INFORMATION CONTACT: Amanda Koulousias, Attorney, Division
of Privacy and Identity Protection, Bureau of Consumer Protection,
Federal Trade Commission, 600 Pennsylvania Avenue NW., Washington, DC
20580, (202) 326-2252.
SUPPLEMENTARY INFORMATION:
Title: Health Breach Notification Rule.
OMB Control Number: 3084-0150.
Type of Review: Extension of a currently approved collection.
Abstract: The Health Breach Notification Rule (``Rule''), 16 CFR
Part 318, requires vendors of personal health records and PHR related
entities \1\ to provide: (1) Notice to consumers whose unsecured
personally identifiable health information has been breached; and (2)
notice to the Commission. The Rule only applies to electronic health
records and does not include recordkeeping requirements. The Rule
requires third party service providers (i.e., those companies that
provide services such as billing or data storage) to vendors of
personal health records and PHR related entities to provide
notification to such vendors and PHR related entities following the
discovery of a breach. To notify the FTC of a breach, the Commission
developed a form, which is posted at www.ftc.gov/healthbreach, for
entities subject to the rule to complete and return to the agency.
---------------------------------------------------------------------------
\1\ ``PHR related entity'' means an entity, other than a HIPAA-
covered entity or an entity to the extent that it engages in
activities as a business associate of a HIPAA-covered entity, that:
(1) Offers products or services through the Web site of a vendor of
personal health records; (2) offers products or services through the
Web sites of HIPAA-covered entities that offer individuals personal
health records; or (3) accesses information in a personal health
record or sends information to a personal health record. 16 CFR
318.2(f).
---------------------------------------------------------------------------
On May 29, 2012, the FTC sought comment on the information
collection requirements associated with the Rule. 77 FR 31612. No
comments were
[[Page 51536]]
received. Pursuant to the OMB regulations, 5 CFR Part 1320, that
implement the PRA, 44 U.S.C. 3501 et seq., the FTC is providing this
second opportunity for public comment while seeking OMB approval to
renew the pre-existing clearance for the Rule. For more details about
the Rule requirements and the basis for the calculations summarized
below, see 77 FR 31612.
Estimated Annual Burden: 100 hours per breach (to determine what
information has been breached, identify the affected customers, prepare
the breach notice, and make the required report to the Commission) +
192 hours to process an estimated 500 calls in the event of a data
breach.
Estimated Frequency: 2 breach incidents.
Total Annual Labor Cost: $13,379.
Total Annual Capital or Other Non-Labor Cost: $7,918.
Request For Comment:
You can file a comment online or on paper. For the Commission to
consider your comment, we must receive it on or before September 24,
2012. Write ``Health Breach Notification Rule, PRA Comments, P-125402''
on your comment. Your comment--including your name and your state--will
be placed on the public record of this proceeding, including to the
extent practicable, on the public Commission Web site, at https://www.ftc.gov/os/publiccomments.shtm. As a matter of discretion, the
Commission tries to remove individuals' home contact information from
comments before placing them on the Commission Web site.
Because your comment will be made public, you are solely
responsible for making sure that your comment does not include any
sensitive personal information, like anyone's Social Security number,
date of birth, driver's license number or other state identification
number or foreign country equivalent, passport number, financial
account number, or credit or debit card number. You are also solely
responsible for making sure that your comment does not include any
sensitive health information, like medical records or other
individually identifiable health information. In addition, do not
include any ``[t]rade secret or any commercial or financial information
which is * * * privileged or confidential'' as provided in Section 6(f)
of the FTC Act, 15 U.S.C. 46(f), and FTC Rule 4.10(a)(2), 16 CFR
4.10(a)(2). In particular, do not include competitively sensitive
information such as costs, sales statistics, inventories, formulas,
patterns, devices, manufacturing processes, or customer names.
If you want the Commission to give your comment confidential
treatment, you must file it in paper form, with a request for
confidential treatment, and you have to follow the procedure explained
in FTC Rule 4.9(c).\2\ Your comment will be kept confidential only if
the FTC General Counsel, in his or her sole discretion, grants your
request in accordance with the law and the public interest.
---------------------------------------------------------------------------
\2\ In particular, the written request for confidential
treatment that accompanies the comment must include the factual and
legal basis for the request, and must identify the specific portions
of the comment to be withheld from the public record. See FTC Rule
4.9(c), 16 CFR 4.9(c).
---------------------------------------------------------------------------
Postal mail addressed to the Commission is subject to delay due to
heightened security screening. As a result, we encourage you to submit
your comments online. To make sure that the Commission considers your
online comment, you must file it at https://ftcpublic.commentworks.com/ftc/healthbreachnotificationPRA2, by following the instructions on the
web-based form. If this Notice appears at https://www.regulations.gov/#!home, you also may file a comment through that Web site.
If you file your comment on paper, write ``Health Breach
Notification Rule, PRA comments, P-125402'' on your comment and on the
envelope, and mail or deliver it to the following address: Federal
Trade Commission, Office of the Secretary, Room H-113 (Annex J), 600
Pennsylvania Avenue NW., Washington, DC 20580. If possible, submit your
paper comment to the Commission by courier or overnight service.
Visit the Commission Web site at https://www.ftc.gov to read this
Notice and the news release describing it. The FTC Act and other laws
that the Commission administers permit the collection of public
comments to consider and use in this proceeding as appropriate. The
Commission will consider all timely and responsive public comments that
it receives on or before September 24, 2012. You can find more
information, including routine uses permitted by the Privacy Act, in
the Commission's privacy policy, at https://www.ftc.gov/ftc/privacy.htm.
Comments on the disclosure and reporting requirements subject to
review under the PRA should additionally be submitted to OMB. If sent
by U.S. mail, they should be addressed to Office of Information and
Regulatory Affairs, Office of Management and Budget, Attention: Desk
Officer for the Federal Trade Commission, New Executive Office
Building, Docket Library, Room 10102, 725 17th Street NW., Washington,
DC 20503. Comments sent to OMB by U.S. postal mail, however, are
subject to delays due to heightened security precautions. Thus,
comments instead should be sent by facsimile to (202) 395-5167.
Willard K. Tom,
General Counsel.
[FR Doc. 2012-20909 Filed 8-23-12; 8:45 am]
BILLING CODE 6750-01-P
