Agency Information Collection Activities; Information Collection Renewal; Submission for OMB Review: Notice Regarding Unauthorized Access to Customer Information, 33153-33154 [2013-12973]

Download as PDF sroberts on DSK5SPTVN1PROD with NOTICES Federal Register / Vol. 78, No. 106 / Monday, June 3, 2013 / Notices entities or persons (NGEPs) through their Community Reinvestment Act (CRA) responsibilities. Section 48 of the Federal Deposit Insurance Act (FDI Act) requires disclosure of certain of these agreements, and imposes reporting requirements on institutions and other insured depository institutions (IDIs), their affiliates, and NGEPs. 12 U.S.C. 1831y. As mandated by the FDI Act, the OCC, the Federal Deposit Insurance Corporation, and the Federal Reserve Board issued regulations to implement these disclosure and reporting requirements. The reporting provisions of these regulations constitute collections of information under the PRA. The regulations issued by the OCC are codified at 12 CFR parts 35 and 133; the collections of information contained in that regulation are known as ‘‘CRA Sunshine.’’ Section 48 of the FDI Act applies to written agreements that: (1) Are made in fulfillment of the CRA, (2) involve funds or other resources of an IDI or affiliate with an aggregate value of more than $10,000 in a year, or loans with an aggregate principal value of more than $50,000 in a year, and (3) are entered into by an IDI or affiliate of an IDI and an NGEP. 12 U.S.C. 1831y(e). The parties to a covered agreement must make the agreement available to the public and the appropriate agency. The parties also must file a report annually with the appropriate agency concerning the disbursement, receipt, and use of funds or other resources under the agreement. The collections of information in CRA Sunshine implement these statutorily mandated disclosure and reporting requirements. The parties to the agreement may request confidential treatment of proprietary and confidential information in an agreement or annual report. 12 CFR 35.8; 12 U.S.C. 1831y(a)– (c). The information collections are found in 12 CFR 35.4(b); 35.6(b)–(d); 35.7(b) and (f); 133.4(b); 133.6(b)–(d); and 133.7(b) and (f). Affected Public: Individuals; Businesses or other for-profit. Estimated Number of Respondents: 388. Estimated Total Annual Burden: 800. Comment: The OCC published a 60day notice in the Federal Register. 78 FR 16361 (March 14, 2013). No comments were received. Comments continue to be invited on: (a) Whether the collection of information is necessary for the proper performance of the functions of the OCC, including whether the information has practical utility; VerDate Mar<15>2010 16:40 May 31, 2013 Jkt 229001 (b) The accuracy of the OCC’s estimate of the information collection burden; (c) Ways to enhance the quality, utility, and clarity of the information to be collected; (d) Ways to minimize the burden of the collection on respondents, including through the use of automated collection techniques or other forms of information technology; and (e) Estimates of capital or start-up costs and costs of operation, maintenance, and purchase of services to provide information. Dated: May 28, 2013. Michele Meyer, Assistant Director, Legislative and Regulatory Activities Division. [FR Doc. 2013–12974 Filed 5–31–13; 8:45 am] BILLING CODE 4810–33–P DEPARTMENT OF THE TREASURY Office of the Comptroller of the Currency Agency Information Collection Activities; Information Collection Renewal; Submission for OMB Review: Notice Regarding Unauthorized Access to Customer Information Office of the Comptroller of the Currency (OCC), Treasury. ACTION: Notice and Request for comment. AGENCY: The OCC, as part of its continuing effort to reduce paperwork and respondent burden, invites the general public and other Federal agencies to comment on a continuing information collection, as required by the Paperwork Reduction Act of 1995 (PRA). Under PRA, Federal agencies are required to publish notice in the Federal Register concerning each proposed collection of information, including each proposed extension of an existing collection of information. In accordance with the requirements of the PRA, the OCC may not conduct or sponsor, and the respondent is not required to respond to, an information collection unless it displays a currently valid Office of Management and Budget (OMB) control number. The OCC is soliciting comment concerning its information collection titled, ‘‘Notice Regarding Unauthorized Access to Customer Information.’’ The OCC is also giving notice that it has sent the collection to OMB for review. DATES: Comments must be submitted on or before July 3, 2013. SUMMARY: PO 00000 Frm 00109 Fmt 4703 Sfmt 4703 33153 Because paper mail in the Washington, DC area and at the OCC is subject to delay, commenters are encouraged to submit comments by email if possible. Comments may be sent to: Legislative and Regulatory Activities Division, Office of the Comptroller of the Currency, Attention: 1557–0227, 400 7th Street SW., Suite 3E–218, Mail Stop 9W–11, Washington, DC 20219. In addition, comments may be sent by fax to (571) 465–4326 or by electronic mail to regs.comments@occ.treas.gov. You may personally inspect and photocopy comments at the OCC, 400 7th Street SW., Washington, DC 20219. For security reasons, the OCC requires that visitors make an appointment to inspect comments. You may do so by calling (202) 649–6700. Upon arrival, visitors will be required to present valid government-issued photo identification and to submit to security screening in order to inspect and photocopy comments. All comments received, including attachments and other supporting materials, are part of the public record and subject to public disclosure. Do not enclose any information in your comment or supporting materials that you consider confidential or inappropriate for public disclosure. Additionally, please send a copy of your comments by mail to: OCC Desk Officer, 1557–0227, U.S. Office of Management and Budget, 725 17th Street NW., #10235, Washington, DC 20503, or by email to: oira_submission@omb.eop.gov. FOR FURTHER INFORMATION CONTACT: You may request additional information of the collection from Johnny Vilela or Mary H. Gottlieb, OCC Clearance Officers, (202) 649–5490, Legislative and Regulatory Activities Division, Office of the Comptroller of the Currency, 400 7th Street SW., Suite 3E–218, Mail Stop 9W–11, Washington, DC 20219. SUPPLEMENTARY INFORMATION: Under the PRA (44 U.S.C. 3501–3520), Federal agencies must obtain approval from the Office of Management and Budget (OMB) for each collection of information they conduct or sponsor. ‘‘Collection of information’’ is defined in 44 U.S.C. 3502(3) and 5 CFR 1320.3(c) to include agency requests or requirements that members of the public submit reports, keep records, or provide information to a third party. Five CFR 1320.5(a)(1)(iv) requires Federal agencies to publish a 30-day notice in the Federal Register concerning each proposed collection of information, including each proposed extension of an ADDRESSES: E:\FR\FM\03JNN1.SGM 03JNN1 sroberts on DSK5SPTVN1PROD with NOTICES 33154 Federal Register / Vol. 78, No. 106 / Monday, June 3, 2013 / Notices existing collection of information, before submitting the collection to OMB for approval. To comply with this requirement, the OCC is publishing notice of the proposed collection of information set forth in this document. The OCC is proposing to extend, with revision, the approval of the following information collection: Title: Notice Regarding Unauthorized Access to Customer Information. OMB Control No.: 1557–0227. Type of Review: Extension of a currently approved collection. Description: Section 501(b) of the Gramm-Leach-Bliley Act (15 U.S.C. 6801) requires the OCC to establish appropriate standards for national banks relating to administrative, technical, and physical safeguards: (1) To insure the security and confidentiality of customer records and information; (2) to protect against any anticipated threats or hazards to the security or integrity of such records; and (3) to protect against unauthorized access to, or use of, such records or information that could result in substantial harm or inconvenience to any customer. The Interagency Guidelines Establishing Information Security Standards, 12 CFR Part 30, Appendix B and Part 170, Appendix B (collectively, Security Guidelines), implementing section 501(b), require each entity supervised by the OCC (supervised institution) to consider and adopt a response program, if appropriate, that specifies actions to be taken when the supervised institution suspects or detects that unauthorized individuals have gained access to customer information. The Interagency Guidance on Response Programs for Unauthorized Customer Information and Customer Notice (Breach Notice Guidance 1), which interprets the Security Guidelines, states that, at a minimum, a supervised institution’s response program should contain procedures for the following: (1) Assessing the nature and scope of an incident, and identifying what customer information systems and types of customer information have been accessed or misused; (2) Notifying its primary Federal regulator as soon as possible when the supervised institution becomes aware of an incident involving unauthorized access to, or use of, sensitive customer information; (3) Consistent with the OCC’s Suspicious Activity Report regulations, notifying appropriate law enforcement authorities and filing a timely SAR in 1 12 CFR Part 30, Appendix B, Supplement A. VerDate Mar<15>2010 16:40 May 31, 2013 Jkt 229001 situations in which Federal criminal violations require immediate attention, such as when a reportable violation is ongoing; (4) Taking appropriate steps to contain and control the incident in an effort to prevent further unauthorized access to, or use of, customer information (for example, by monitoring, freezing, or closing affected accounts) while preserving records and other evidence; and (5) Notifying customers when warranted. This collection of information covers the notice provisions in the Breach Notice Guidance. Affected Public: Individuals; businesses or other for-profit. Burden Estimates: Estimated Number of Respondents: 344. Estimated Number of Responses: 344. Estimated Annual Burden: 12,384 hours. Frequency of Response: On occasion. Comment: The OCC published a 60day notice in the Federal Register. 78 FR 15121 (March 8, 2013). No comments were received. Comments continue to be invited on: (a) Whether the collection of information is necessary for the proper performance of the functions of the OCC, including whether the information has practical utility; (b) The accuracy of the OCC’s estimate of the information collection; (c) Ways to enhance the quality, utility, and clarity of the information to be collected; (d) Ways to minimize the burden of the collection on respondents, including through the use of automated collection techniques or other forms of information technology; (e) Estimates of capital or start-up costs and costs of operation, maintenance, and purchase of services to provide information; and (f) Whether the estimates need to be adjusted based upon banks’ experiences regarding the number of actual security breaches that occur. Dated: May 28, 2013. Michele Meyer, Assistant Director, Legislative and Regulatory Activities Division. [FR Doc. 2013–12973 Filed 5–31–13; 8:45 am] BILLING CODE 4810–33–P PO 00000 Frm 00110 Fmt 4703 Sfmt 4703 DEPARTMENT OF THE TREASURY Internal Revenue Service Low Income Taxpayer Clinic Grant Program; Availability of 2014 Grant Application Package Internal Revenue Service (IRS), Treasury. ACTION: Notice. AGENCY: This document contains a notice that the IRS has made available the 2014 Grant Application Package and Guidelines (Publication 3319) for organizations interested in applying for a Low Income Taxpayer Clinic (LITC) matching grant for the 2014 grant year, which runs from January 1, 2014, through December 31, 2014. The application period runs from May 28, 2013, through July 12, 2013. The IRS will award a total of up to $6,000,000 (unless otherwise provided by specific Congressional appropriation) to qualifying organizations, subject to the limitations of Internal Revenue Code section 7526, for matching grants. A qualifying organization may receive a matching grant of up to $100,000 per year for up to a three-year project period. Qualifying organizations that provide representation for free or for a nominal fee to low income taxpayers involved in tax disputes with the IRS, or educate individuals for whom English is a second language of their taxpayer rights and responsibilities, or both, can apply for a grant. Examples of qualifying organizations include: (1) A clinical program at an accredited law, business or accounting school whose students represent low income taxpayers in tax controversies with the IRS, (2) an organization exempt from tax under I.R.C. § 501(a) that represents low income taxpayers in tax controversies with the IRS or refers those taxpayers to qualified representatives, and (3) an organization exempt from tax under I.R.C. § 501(a) that operates programs to inform individuals for whom English is a second language about their rights and responsibilities as taxpayers. DATES: The IRS is authorized to award a multi-year grant not to exceed three years. For a new clinic or a clinic applying for the first year of a three-year grant, the clinic must submit the application electronically at www.grants.gov.er of TREAS–GRANTS– 052014–001. For an existing clinic requesting funding for the second or third year of a multi-year grant, the clinic must submit the application electronically at www.grantsolutions.gov. All applicants SUMMARY: E:\FR\FM\03JNN1.SGM 03JNN1

Agencies

[Federal Register Volume 78, Number 106 (Monday, June 3, 2013)]
[Notices]
[Pages 33153-33154]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2013-12973]


-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency


Agency Information Collection Activities; Information Collection 
Renewal; Submission for OMB Review: Notice Regarding Unauthorized 
Access to Customer Information

AGENCY: Office of the Comptroller of the Currency (OCC), Treasury.

ACTION: Notice and Request for comment.

-----------------------------------------------------------------------

SUMMARY: The OCC, as part of its continuing effort to reduce paperwork 
and respondent burden, invites the general public and other Federal 
agencies to comment on a continuing information collection, as required 
by the Paperwork Reduction Act of 1995 (PRA).
    Under PRA, Federal agencies are required to publish notice in the 
Federal Register concerning each proposed collection of information, 
including each proposed extension of an existing collection of 
information.
    In accordance with the requirements of the PRA, the OCC may not 
conduct or sponsor, and the respondent is not required to respond to, 
an information collection unless it displays a currently valid Office 
of Management and Budget (OMB) control number.
    The OCC is soliciting comment concerning its information collection 
titled, ``Notice Regarding Unauthorized Access to Customer 
Information.'' The OCC is also giving notice that it has sent the 
collection to OMB for review.

DATES: Comments must be submitted on or before July 3, 2013.

ADDRESSES: Because paper mail in the Washington, DC area and at the OCC 
is subject to delay, commenters are encouraged to submit comments by 
email if possible. Comments may be sent to: Legislative and Regulatory 
Activities Division, Office of the Comptroller of the Currency, 
Attention: 1557-0227, 400 7th Street SW., Suite 3E-218, Mail Stop 9W-
11, Washington, DC 20219. In addition, comments may be sent by fax to 
(571) 465-4326 or by electronic mail to regs.comments@occ.treas.gov. 
You may personally inspect and photocopy comments at the OCC, 400 7th 
Street SW., Washington, DC 20219. For security reasons, the OCC 
requires that visitors make an appointment to inspect comments. You may 
do so by calling (202) 649-6700. Upon arrival, visitors will be 
required to present valid government-issued photo identification and to 
submit to security screening in order to inspect and photocopy 
comments.
    All comments received, including attachments and other supporting 
materials, are part of the public record and subject to public 
disclosure. Do not enclose any information in your comment or 
supporting materials that you consider confidential or inappropriate 
for public disclosure.
    Additionally, please send a copy of your comments by mail to: OCC 
Desk Officer, 1557-0227, U.S. Office of Management and Budget, 725 17th 
Street NW., 10235, Washington, DC 20503, or by email to: 
oira_submission@omb.eop.gov.

FOR FURTHER INFORMATION CONTACT: You may request additional information 
of the collection from Johnny Vilela or Mary H. Gottlieb, OCC Clearance 
Officers, (202) 649-5490, Legislative and Regulatory Activities 
Division, Office of the Comptroller of the Currency, 400 7th Street 
SW., Suite 3E-218, Mail Stop 9W-11, Washington, DC 20219.

SUPPLEMENTARY INFORMATION: Under the PRA (44 U.S.C. 3501-3520), Federal 
agencies must obtain approval from the Office of Management and Budget 
(OMB) for each collection of information they conduct or sponsor. 
``Collection of information'' is defined in 44 U.S.C. 3502(3) and 5 CFR 
1320.3(c) to include agency requests or requirements that members of 
the public submit reports, keep records, or provide information to a 
third party. Five CFR 1320.5(a)(1)(iv) requires Federal agencies to 
publish a 30-day notice in the Federal Register concerning each 
proposed collection of information, including each proposed extension 
of an

[[Page 33154]]

existing collection of information, before submitting the collection to 
OMB for approval. To comply with this requirement, the OCC is 
publishing notice of the proposed collection of information set forth 
in this document.
    The OCC is proposing to extend, with revision, the approval of the 
following information collection:
    Title: Notice Regarding Unauthorized Access to Customer 
Information.
    OMB Control No.: 1557-0227.
    Type of Review: Extension of a currently approved collection.
    Description: Section 501(b) of the Gramm-Leach-Bliley Act (15 
U.S.C. 6801) requires the OCC to establish appropriate standards for 
national banks relating to administrative, technical, and physical 
safeguards: (1) To insure the security and confidentiality of customer 
records and information; (2) to protect against any anticipated threats 
or hazards to the security or integrity of such records; and (3) to 
protect against unauthorized access to, or use of, such records or 
information that could result in substantial harm or inconvenience to 
any customer.
    The Interagency Guidelines Establishing Information Security 
Standards, 12 CFR Part 30, Appendix B and Part 170, Appendix B 
(collectively, Security Guidelines), implementing section 501(b), 
require each entity supervised by the OCC (supervised institution) to 
consider and adopt a response program, if appropriate, that specifies 
actions to be taken when the supervised institution suspects or detects 
that unauthorized individuals have gained access to customer 
information.
    The Interagency Guidance on Response Programs for Unauthorized 
Customer Information and Customer Notice (Breach Notice Guidance \1\), 
which interprets the Security Guidelines, states that, at a minimum, a 
supervised institution's response program should contain procedures for 
the following:
---------------------------------------------------------------------------

    \1\ 12 CFR Part 30, Appendix B, Supplement A.
---------------------------------------------------------------------------

    (1) Assessing the nature and scope of an incident, and identifying 
what customer information systems and types of customer information 
have been accessed or misused;
    (2) Notifying its primary Federal regulator as soon as possible 
when the supervised institution becomes aware of an incident involving 
unauthorized access to, or use of, sensitive customer information;
    (3) Consistent with the OCC's Suspicious Activity Report 
regulations, notifying appropriate law enforcement authorities and 
filing a timely SAR in situations in which Federal criminal violations 
require immediate attention, such as when a reportable violation is 
ongoing;
    (4) Taking appropriate steps to contain and control the incident in 
an effort to prevent further unauthorized access to, or use of, 
customer information (for example, by monitoring, freezing, or closing 
affected accounts) while preserving records and other evidence; and
    (5) Notifying customers when warranted.
    This collection of information covers the notice provisions in the 
Breach Notice Guidance.
    Affected Public: Individuals; businesses or other for-profit.
    Burden Estimates:
    Estimated Number of Respondents: 344.
    Estimated Number of Responses: 344.
    Estimated Annual Burden: 12,384 hours.
    Frequency of Response: On occasion.
    Comment: The OCC published a 60-day notice in the Federal Register. 
78 FR 15121 (March 8, 2013). No comments were received. Comments 
continue to be invited on:
    (a) Whether the collection of information is necessary for the 
proper performance of the functions of the OCC, including whether the 
information has practical utility;
    (b) The accuracy of the OCC's estimate of the information 
collection;
    (c) Ways to enhance the quality, utility, and clarity of the 
information to be collected;
    (d) Ways to minimize the burden of the collection on respondents, 
including through the use of automated collection techniques or other 
forms of information technology;
    (e) Estimates of capital or start-up costs and costs of operation, 
maintenance, and purchase of services to provide information; and
    (f) Whether the estimates need to be adjusted based upon banks' 
experiences regarding the number of actual security breaches that 
occur.

    Dated: May 28, 2013.
Michele Meyer,
Assistant Director, Legislative and Regulatory Activities Division.
[FR Doc. 2013-12973 Filed 5-31-13; 8:45 am]
BILLING CODE 4810-33-P