Agency Information Collection Activities; Information Collection Renewal; Submission for OMB Review: Notice Regarding Unauthorized Access to Customer Information, 33153-33154 [2013-12973]
Download as PDF
<![CDATA[
sroberts on DSK5SPTVN1PROD with NOTICES
Federal Register / Vol. 78, No. 106 / Monday, June 3, 2013 / Notices
entities or persons (NGEPs) through
their Community Reinvestment Act
(CRA) responsibilities. Section 48 of the
Federal Deposit Insurance Act (FDI Act)
requires disclosure of certain of these
agreements, and imposes reporting
requirements on institutions and other
insured depository institutions (IDIs),
their affiliates, and NGEPs. 12 U.S.C.
1831y. As mandated by the FDI Act, the
OCC, the Federal Deposit Insurance
Corporation, and the Federal Reserve
Board issued regulations to implement
these disclosure and reporting
requirements. The reporting provisions
of these regulations constitute
collections of information under the
PRA. The regulations issued by the OCC
are codified at 12 CFR parts 35 and 133;
the collections of information contained
in that regulation are known as ‘‘CRA
Sunshine.’’
Section 48 of the FDI Act applies to
written agreements that: (1) Are made in
fulfillment of the CRA, (2) involve funds
or other resources of an IDI or affiliate
with an aggregate value of more than
$10,000 in a year, or loans with an
aggregate principal value of more than
$50,000 in a year, and (3) are entered
into by an IDI or affiliate of an IDI and
an NGEP. 12 U.S.C. 1831y(e).
The parties to a covered agreement
must make the agreement available to
the public and the appropriate agency.
The parties also must file a report
annually with the appropriate agency
concerning the disbursement, receipt,
and use of funds or other resources
under the agreement. The collections of
information in CRA Sunshine
implement these statutorily mandated
disclosure and reporting requirements.
The parties to the agreement may
request confidential treatment of
proprietary and confidential
information in an agreement or annual
report. 12 CFR 35.8; 12 U.S.C. 1831y(a)–
(c).
The information collections are found
in 12 CFR 35.4(b); 35.6(b)–(d); 35.7(b)
and (f); 133.4(b); 133.6(b)–(d); and
133.7(b) and (f).
Affected Public: Individuals;
Businesses or other for-profit.
Estimated Number of Respondents:
388.
Estimated Total Annual Burden: 800.
Comment: The OCC published a 60day notice in the Federal Register. 78
FR 16361 (March 14, 2013). No
comments were received. Comments
continue to be invited on:
(a) Whether the collection of
information is necessary for the proper
performance of the functions of the
OCC, including whether the information
has practical utility;
VerDate Mar<15>2010
16:40 May 31, 2013
Jkt 229001
(b) The accuracy of the OCC’s
estimate of the information collection
burden;
(c) Ways to enhance the quality,
utility, and clarity of the information to
be collected;
(d) Ways to minimize the burden of
the collection on respondents, including
through the use of automated collection
techniques or other forms of information
technology; and
(e) Estimates of capital or start-up
costs and costs of operation,
maintenance, and purchase of services
to provide information.
Dated: May 28, 2013.
Michele Meyer,
Assistant Director, Legislative and Regulatory
Activities Division.
[FR Doc. 2013–12974 Filed 5–31–13; 8:45 am]
BILLING CODE 4810–33–P
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the
Currency
Agency Information Collection
Activities; Information Collection
Renewal; Submission for OMB Review:
Notice Regarding Unauthorized
Access to Customer Information
Office of the Comptroller of the
Currency (OCC), Treasury.
ACTION: Notice and Request for
comment.
AGENCY:
The OCC, as part of its
continuing effort to reduce paperwork
and respondent burden, invites the
general public and other Federal
agencies to comment on a continuing
information collection, as required by
the Paperwork Reduction Act of 1995
(PRA).
Under PRA, Federal agencies are
required to publish notice in the
Federal Register concerning each
proposed collection of information,
including each proposed extension of an
existing collection of information.
In accordance with the requirements
of the PRA, the OCC may not conduct
or sponsor, and the respondent is not
required to respond to, an information
collection unless it displays a currently
valid Office of Management and Budget
(OMB) control number.
The OCC is soliciting comment
concerning its information collection
titled, ‘‘Notice Regarding Unauthorized
Access to Customer Information.’’ The
OCC is also giving notice that it has sent
the collection to OMB for review.
DATES: Comments must be submitted on
or before July 3, 2013.
SUMMARY:
PO 00000
Frm 00109
Fmt 4703
Sfmt 4703
33153
Because paper mail in the
Washington, DC area and at the OCC is
subject to delay, commenters are
encouraged to submit comments by
email if possible. Comments may be
sent to: Legislative and Regulatory
Activities Division, Office of the
Comptroller of the Currency, Attention:
1557–0227, 400 7th Street SW., Suite
3E–218, Mail Stop 9W–11, Washington,
DC 20219. In addition, comments may
be sent by fax to (571) 465–4326 or by
electronic mail to
regs.comments@occ.treas.gov. You may
personally inspect and photocopy
comments at the OCC, 400 7th Street
SW., Washington, DC 20219. For
security reasons, the OCC requires that
visitors make an appointment to inspect
comments. You may do so by calling
(202) 649–6700. Upon arrival, visitors
will be required to present valid
government-issued photo identification
and to submit to security screening in
order to inspect and photocopy
comments.
All comments received, including
attachments and other supporting
materials, are part of the public record
and subject to public disclosure. Do not
enclose any information in your
comment or supporting materials that
you consider confidential or
inappropriate for public disclosure.
Additionally, please send a copy of
your comments by mail to: OCC Desk
Officer, 1557–0227, U.S. Office of
Management and Budget, 725 17th
Street NW., #10235, Washington, DC
20503, or by email to:
oira_submission@omb.eop.gov.
FOR FURTHER INFORMATION CONTACT: You
may request additional information of
the collection from Johnny Vilela or
Mary H. Gottlieb, OCC Clearance
Officers, (202) 649–5490, Legislative
and Regulatory Activities Division,
Office of the Comptroller of the
Currency, 400 7th Street SW., Suite
3E–218, Mail Stop 9W–11, Washington,
DC 20219.
SUPPLEMENTARY INFORMATION: Under the
PRA (44 U.S.C. 3501–3520), Federal
agencies must obtain approval from the
Office of Management and Budget
(OMB) for each collection of
information they conduct or sponsor.
‘‘Collection of information’’ is defined
in 44 U.S.C. 3502(3) and 5 CFR
1320.3(c) to include agency requests or
requirements that members of the public
submit reports, keep records, or provide
information to a third party. Five CFR
1320.5(a)(1)(iv) requires Federal
agencies to publish a 30-day notice in
the Federal Register concerning each
proposed collection of information,
including each proposed extension of an
ADDRESSES:
E:\FR\FM\03JNN1.SGM
03JNN1
sroberts on DSK5SPTVN1PROD with NOTICES
33154
Federal Register / Vol. 78, No. 106 / Monday, June 3, 2013 / Notices
existing collection of information,
before submitting the collection to OMB
for approval. To comply with this
requirement, the OCC is publishing
notice of the proposed collection of
information set forth in this document.
The OCC is proposing to extend, with
revision, the approval of the following
information collection:
Title: Notice Regarding Unauthorized
Access to Customer Information.
OMB Control No.: 1557–0227.
Type of Review: Extension of a
currently approved collection.
Description: Section 501(b) of the
Gramm-Leach-Bliley Act (15 U.S.C.
6801) requires the OCC to establish
appropriate standards for national banks
relating to administrative, technical, and
physical safeguards: (1) To insure the
security and confidentiality of customer
records and information; (2) to protect
against any anticipated threats or
hazards to the security or integrity of
such records; and (3) to protect against
unauthorized access to, or use of, such
records or information that could result
in substantial harm or inconvenience to
any customer.
The Interagency Guidelines
Establishing Information Security
Standards, 12 CFR Part 30, Appendix B
and Part 170, Appendix B (collectively,
Security Guidelines), implementing
section 501(b), require each entity
supervised by the OCC (supervised
institution) to consider and adopt a
response program, if appropriate, that
specifies actions to be taken when the
supervised institution suspects or
detects that unauthorized individuals
have gained access to customer
information.
The Interagency Guidance on
Response Programs for Unauthorized
Customer Information and Customer
Notice (Breach Notice Guidance 1),
which interprets the Security
Guidelines, states that, at a minimum, a
supervised institution’s response
program should contain procedures for
the following:
(1) Assessing the nature and scope of
an incident, and identifying what
customer information systems and types
of customer information have been
accessed or misused;
(2) Notifying its primary Federal
regulator as soon as possible when the
supervised institution becomes aware of
an incident involving unauthorized
access to, or use of, sensitive customer
information;
(3) Consistent with the OCC’s
Suspicious Activity Report regulations,
notifying appropriate law enforcement
authorities and filing a timely SAR in
1 12
CFR Part 30, Appendix B, Supplement A.
VerDate Mar<15>2010
16:40 May 31, 2013
Jkt 229001
situations in which Federal criminal
violations require immediate attention,
such as when a reportable violation is
ongoing;
(4) Taking appropriate steps to
contain and control the incident in an
effort to prevent further unauthorized
access to, or use of, customer
information (for example, by
monitoring, freezing, or closing affected
accounts) while preserving records and
other evidence; and
(5) Notifying customers when
warranted.
This collection of information covers
the notice provisions in the Breach
Notice Guidance.
Affected Public: Individuals;
businesses or other for-profit.
Burden Estimates:
Estimated Number of Respondents:
344.
Estimated Number of Responses: 344.
Estimated Annual Burden: 12,384
hours.
Frequency of Response: On occasion.
Comment: The OCC published a 60day notice in the Federal Register. 78
FR 15121 (March 8, 2013). No
comments were received. Comments
continue to be invited on:
(a) Whether the collection of
information is necessary for the proper
performance of the functions of the
OCC, including whether the information
has practical utility;
(b) The accuracy of the OCC’s
estimate of the information collection;
(c) Ways to enhance the quality,
utility, and clarity of the information to
be collected;
(d) Ways to minimize the burden of
the collection on respondents, including
through the use of automated collection
techniques or other forms of information
technology;
(e) Estimates of capital or start-up
costs and costs of operation,
maintenance, and purchase of services
to provide information; and
(f) Whether the estimates need to be
adjusted based upon banks’ experiences
regarding the number of actual security
breaches that occur.
Dated: May 28, 2013.
Michele Meyer,
Assistant Director, Legislative and Regulatory
Activities Division.
[FR Doc. 2013–12973 Filed 5–31–13; 8:45 am]
BILLING CODE 4810–33–P
PO 00000
Frm 00110
Fmt 4703
Sfmt 4703
DEPARTMENT OF THE TREASURY
Internal Revenue Service
Low Income Taxpayer Clinic Grant
Program; Availability of 2014 Grant
Application Package
Internal Revenue Service (IRS),
Treasury.
ACTION: Notice.
AGENCY:
This document contains a
notice that the IRS has made available
the 2014 Grant Application Package
and Guidelines (Publication 3319) for
organizations interested in applying for
a Low Income Taxpayer Clinic (LITC)
matching grant for the 2014 grant year,
which runs from January 1, 2014,
through December 31, 2014. The
application period runs from May 28,
2013, through July 12, 2013.
The IRS will award a total of up to
$6,000,000 (unless otherwise provided
by specific Congressional appropriation)
to qualifying organizations, subject to
the limitations of Internal Revenue Code
section 7526, for matching grants. A
qualifying organization may receive a
matching grant of up to $100,000 per
year for up to a three-year project
period. Qualifying organizations that
provide representation for free or for a
nominal fee to low income taxpayers
involved in tax disputes with the IRS,
or educate individuals for whom
English is a second language of their
taxpayer rights and responsibilities, or
both, can apply for a grant.
Examples of qualifying organizations
include: (1) A clinical program at an
accredited law, business or accounting
school whose students represent low
income taxpayers in tax controversies
with the IRS, (2) an organization exempt
from tax under I.R.C. § 501(a) that
represents low income taxpayers in tax
controversies with the IRS or refers
those taxpayers to qualified
representatives, and (3) an organization
exempt from tax under I.R.C. § 501(a)
that operates programs to inform
individuals for whom English is a
second language about their rights and
responsibilities as taxpayers.
DATES: The IRS is authorized to award
a multi-year grant not to exceed three
years. For a new clinic or a clinic
applying for the first year of a three-year
grant, the clinic must submit the
application electronically at
www.grants.gov.er of TREAS–GRANTS–
052014–001. For an existing clinic
requesting funding for the second or
third year of a multi-year grant, the
clinic must submit the application
electronically at
www.grantsolutions.gov. All applicants
SUMMARY:
E:\FR\FM\03JNN1.SGM
03JNN1
]]>Agencies
[Federal Register Volume 78, Number 106 (Monday, June 3, 2013)]
[Notices]
[Pages 33153-33154]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2013-12973]
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency
Agency Information Collection Activities; Information Collection
Renewal; Submission for OMB Review: Notice Regarding Unauthorized
Access to Customer Information
AGENCY: Office of the Comptroller of the Currency (OCC), Treasury.
ACTION: Notice and Request for comment.
-----------------------------------------------------------------------
SUMMARY: The OCC, as part of its continuing effort to reduce paperwork
and respondent burden, invites the general public and other Federal
agencies to comment on a continuing information collection, as required
by the Paperwork Reduction Act of 1995 (PRA).
Under PRA, Federal agencies are required to publish notice in the
Federal Register concerning each proposed collection of information,
including each proposed extension of an existing collection of
information.
In accordance with the requirements of the PRA, the OCC may not
conduct or sponsor, and the respondent is not required to respond to,
an information collection unless it displays a currently valid Office
of Management and Budget (OMB) control number.
The OCC is soliciting comment concerning its information collection
titled, ``Notice Regarding Unauthorized Access to Customer
Information.'' The OCC is also giving notice that it has sent the
collection to OMB for review.
DATES: Comments must be submitted on or before July 3, 2013.
ADDRESSES: Because paper mail in the Washington, DC area and at the OCC
is subject to delay, commenters are encouraged to submit comments by
email if possible. Comments may be sent to: Legislative and Regulatory
Activities Division, Office of the Comptroller of the Currency,
Attention: 1557-0227, 400 7th Street SW., Suite 3E-218, Mail Stop 9W-
11, Washington, DC 20219. In addition, comments may be sent by fax to
(571) 465-4326 or by electronic mail to regs.comments@occ.treas.gov.
You may personally inspect and photocopy comments at the OCC, 400 7th
Street SW., Washington, DC 20219. For security reasons, the OCC
requires that visitors make an appointment to inspect comments. You may
do so by calling (202) 649-6700. Upon arrival, visitors will be
required to present valid government-issued photo identification and to
submit to security screening in order to inspect and photocopy
comments.
All comments received, including attachments and other supporting
materials, are part of the public record and subject to public
disclosure. Do not enclose any information in your comment or
supporting materials that you consider confidential or inappropriate
for public disclosure.
Additionally, please send a copy of your comments by mail to: OCC
Desk Officer, 1557-0227, U.S. Office of Management and Budget, 725 17th
Street NW., 10235, Washington, DC 20503, or by email to:
oira_submission@omb.eop.gov.
FOR FURTHER INFORMATION CONTACT: You may request additional information
of the collection from Johnny Vilela or Mary H. Gottlieb, OCC Clearance
Officers, (202) 649-5490, Legislative and Regulatory Activities
Division, Office of the Comptroller of the Currency, 400 7th Street
SW., Suite 3E-218, Mail Stop 9W-11, Washington, DC 20219.
SUPPLEMENTARY INFORMATION: Under the PRA (44 U.S.C. 3501-3520), Federal
agencies must obtain approval from the Office of Management and Budget
(OMB) for each collection of information they conduct or sponsor.
``Collection of information'' is defined in 44 U.S.C. 3502(3) and 5 CFR
1320.3(c) to include agency requests or requirements that members of
the public submit reports, keep records, or provide information to a
third party. Five CFR 1320.5(a)(1)(iv) requires Federal agencies to
publish a 30-day notice in the Federal Register concerning each
proposed collection of information, including each proposed extension
of an
[[Page 33154]]
existing collection of information, before submitting the collection to
OMB for approval. To comply with this requirement, the OCC is
publishing notice of the proposed collection of information set forth
in this document.
The OCC is proposing to extend, with revision, the approval of the
following information collection:
Title: Notice Regarding Unauthorized Access to Customer
Information.
OMB Control No.: 1557-0227.
Type of Review: Extension of a currently approved collection.
Description: Section 501(b) of the Gramm-Leach-Bliley Act (15
U.S.C. 6801) requires the OCC to establish appropriate standards for
national banks relating to administrative, technical, and physical
safeguards: (1) To insure the security and confidentiality of customer
records and information; (2) to protect against any anticipated threats
or hazards to the security or integrity of such records; and (3) to
protect against unauthorized access to, or use of, such records or
information that could result in substantial harm or inconvenience to
any customer.
The Interagency Guidelines Establishing Information Security
Standards, 12 CFR Part 30, Appendix B and Part 170, Appendix B
(collectively, Security Guidelines), implementing section 501(b),
require each entity supervised by the OCC (supervised institution) to
consider and adopt a response program, if appropriate, that specifies
actions to be taken when the supervised institution suspects or detects
that unauthorized individuals have gained access to customer
information.
The Interagency Guidance on Response Programs for Unauthorized
Customer Information and Customer Notice (Breach Notice Guidance \1\),
which interprets the Security Guidelines, states that, at a minimum, a
supervised institution's response program should contain procedures for
the following:
---------------------------------------------------------------------------
\1\ 12 CFR Part 30, Appendix B, Supplement A.
---------------------------------------------------------------------------
(1) Assessing the nature and scope of an incident, and identifying
what customer information systems and types of customer information
have been accessed or misused;
(2) Notifying its primary Federal regulator as soon as possible
when the supervised institution becomes aware of an incident involving
unauthorized access to, or use of, sensitive customer information;
(3) Consistent with the OCC's Suspicious Activity Report
regulations, notifying appropriate law enforcement authorities and
filing a timely SAR in situations in which Federal criminal violations
require immediate attention, such as when a reportable violation is
ongoing;
(4) Taking appropriate steps to contain and control the incident in
an effort to prevent further unauthorized access to, or use of,
customer information (for example, by monitoring, freezing, or closing
affected accounts) while preserving records and other evidence; and
(5) Notifying customers when warranted.
This collection of information covers the notice provisions in the
Breach Notice Guidance.
Affected Public: Individuals; businesses or other for-profit.
Burden Estimates:
Estimated Number of Respondents: 344.
Estimated Number of Responses: 344.
Estimated Annual Burden: 12,384 hours.
Frequency of Response: On occasion.
Comment: The OCC published a 60-day notice in the Federal Register.
78 FR 15121 (March 8, 2013). No comments were received. Comments
continue to be invited on:
(a) Whether the collection of information is necessary for the
proper performance of the functions of the OCC, including whether the
information has practical utility;
(b) The accuracy of the OCC's estimate of the information
collection;
(c) Ways to enhance the quality, utility, and clarity of the
information to be collected;
(d) Ways to minimize the burden of the collection on respondents,
including through the use of automated collection techniques or other
forms of information technology;
(e) Estimates of capital or start-up costs and costs of operation,
maintenance, and purchase of services to provide information; and
(f) Whether the estimates need to be adjusted based upon banks'
experiences regarding the number of actual security breaches that
occur.
Dated: May 28, 2013.
Michele Meyer,
Assistant Director, Legislative and Regulatory Activities Division.
[FR Doc. 2013-12973 Filed 5-31-13; 8:45 am]
BILLING CODE 4810-33-P
