Agency Information Collection Activities: Information Collection Renewal; Submission for OMB Review; Guidance Regarding Unauthorized Access to Customer Information, 44354-44355 [2019-18159]
Download as PDF
<![CDATA[
44354
Federal Register / Vol. 84, No. 164 / Friday, August 23, 2019 / Notices
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the
Currency
Agency Information Collection
Activities: Information Collection
Renewal; Submission for OMB Review;
Guidance Regarding Unauthorized
Access to Customer Information
Office of the Comptroller of the
Currency (OCC), Treasury.
ACTION: Notice and request for comment.
AGENCY:
The OCC, as part of its
continuing effort to reduce paperwork
and respondent burden, invites the
general public and other federal
agencies to take this opportunity to
comment on a continuing information
collection as required by the Paperwork
Reduction Act of 1995 (PRA).
In accordance with the requirements
of the PRA, the OCC may not conduct
or sponsor, and respondents are not
required to respond to, an information
collection unless it displays a currently
valid Office of Management and Budget
(OMB) control number.
The OCC is soliciting comment
concerning the renewal of its
information collection titled, ‘‘Guidance
Regarding Unauthorized Access to
Customer Information.’’ The OCC also is
giving notice that it has submitted the
collection to OMB for review.
DATES: Comments must be submitted on
or before September 23, 2019.
ADDRESSES: Commenters are encouraged
to submit comments by email, if
possible. You may submit comments by
any of the following methods:
• Email: prainfo@occ.treas.gov.
• Mail: Chief Counsel’s Office,
Attention: Comment Processing, 1557–
0227, Office of the Comptroller of the
Currency, 400 7th Street SW, Suite 3E–
218, Washington, DC 20219.
• Hand Delivery/Courier: 400 7th
Street SW, Suite 3E–218, Washington,
DC 20219.
• Fax: (571) 465–4326.
Instructions: You must include
‘‘OCC’’ as the agency name and ‘‘1557–
0227’’ in your comment. In general, the
OCC will publish comments on
www.reginfo.gov without change,
including any business or personal
information provided, such as name and
address information, email addresses, or
phone numbers. Comments received,
including attachments and other
supporting materials, are part of the
public record and subject to public
disclosure. Do not include any
information in your comment or
supporting materials that you consider
confidential or inappropriate for public
disclosure.
jbell on DSK3GLQ082PROD with NOTICES
SUMMARY:
VerDate Sep<11>2014
16:40 Aug 22, 2019
Jkt 247001
Additionally, please send a copy of
your comments by mail to: OCC Desk
Officer, 1557–0227, U.S. Office of
Management and Budget, 725 17th
Street NW, #10235, Washington, DC
20503 or by email to oira_submission@
omb.eop.gov.
You may review comments and other
related materials that pertain to this
information collection 1 following the
close of the 30-day comment period for
this notice by any of the following
methods:
• Viewing Comments Electronically:
Go to www.reginfo.gov. Click on the
‘‘Information Collection Review’’ tab.
Underneath the ‘‘Currently under
Review’’ section heading, from the dropdown menu select ‘‘Department of
Treasury’’ and then click ‘‘submit.’’ This
information collection can be located by
searching by OMB control number
‘‘1557–0227’’ or ‘‘Notice Regarding
Unauthorized Access to Customer
Information.’’ Upon finding the
appropriate information collection, click
on the related ‘‘ICR Reference Number.’’
On the next screen, select ‘‘View
Supporting Statement and Other
Documents’’ and then click on the link
to any comment listed at the bottom of
the screen.
• For assistance in navigating
www.reginfo.gov, please contact the
Regulatory Information Service Center
at (202) 482–7340.
• Viewing Comments Personally: You
may personally inspect comments at the
OCC, 400 7th Street SW, Washington,
DC. For security reasons, the OCC
requires that visitors make an
appointment to inspect comments. You
may do so by calling (202) 649–6700 or,
for persons who are deaf or hearing
impaired, TTY, (202) 649–5597. Upon
arrival, visitors will be required to
present valid government-issued photo
identification and submit to security
screening in order to inspect comments.
FOR FURTHER INFORMATION CONTACT:
Shaquita Merritt, OCC Clearance
Officer, (202) 649–5490 or, for persons
who are deaf or hearing impaired, TTY,
(202) 649–5597, Chief Counsel’s Office,
Office of the Comptroller of the
Currency, 400 7th Street SW, Suite 3E–
218, Washington, DC 20219.
SUPPLEMENTARY INFORMATION: Under the
PRA (44 U.S.C. 3501 et seq.), federal
agencies must obtain approval from the
OMB for each collection of information
they conduct or sponsor. ‘‘Collection of
information’’ is defined in 44 U.S.C.
3502(3) and 5 CFR 1320.3(c) to include
agency requests or requirements that
members of the public submit reports,
1 On April 9, 2019, the OCC published a 60-day
notice for this information collection, 84 FR 14194.
PO 00000
Frm 00080
Fmt 4703
Sfmt 4703
keep records, or provide information to
a third party. The OCC asks OMB to
extend its approval of the information
collection contained in this notice.
Title: Guidance Regarding
Unauthorized Access to Customer
Information.
OMB Control No.: 1557–0227.
Description: Section 501(b) of the
Gramm-Leach-Bliley Act (15 U.S.C.
6801(b)) requires the OCC to establish
appropriate standards for national banks
relating to administrative, technical, and
physical safeguards: (1) To insure the
security and confidentiality of customer
records and information; (2) to protect
against any anticipated threats or
hazards to the security or integrity of
such records; and (3) to protect against
unauthorized access to, or use of, such
records or information that could result
in substantial harm or inconvenience to
any customer.
The Interagency Guidelines
Establishing Information Security
Standards, 12 CFR part 30, appendix B
(Security Guidelines), which implement
section 501(b), require each entity
supervised by the OCC (supervised
institution) to consider and adopt a
response program, as appropriate, that
specifies actions to be taken when the
supervised institution suspects or
detects that unauthorized individuals
have gained access to customer
information systems.
The Interagency Guidance on
Response Programs for Unauthorized
Customer Information and Customer
Notice (Breach Notice Guidance),2
which interprets the Security
Guidelines, states that, at a minimum, a
supervised institution’s response
program should contain procedures for:
(1) Assessing the nature and scope of
an incident, and identifying what
customer information systems and types
of customer information have been
accessed or misused;
(2) Notifying its primary federal
regulator as soon as possible when the
supervised institution becomes aware of
an incident involving unauthorized
access to, or use of, sensitive customer
information;
(3) Taking appropriate steps to
contain and control the incident in an
effort to prevent further unauthorized
access to, or use of, customer
information, for example, by
monitoring, freezing, or closing affected
accounts, while preserving records and
other evidence; and
(4) Notifying customers when
warranted.
The Breach Notice Guidance states
that, when a financial institution
2 12
E:\FR\FM\23AUN1.SGM
CFR part 30, appendix B, supplement A.
23AUN1
Federal Register / Vol. 84, No. 164 / Friday, August 23, 2019 / Notices
becomes aware of an incident of
unauthorized access to sensitive
customer information, the institution
should conduct a reasonable
investigation to determine the
likelihood that the information has been
misused. If the institution determines
that the misuse of its information about
a customer has occurred or is reasonably
possible, it should notify the affected
customer as soon as possible.
Type of Review: Regular.
Affected Public: Businesses or other
for-profit.
Estimated Number of Respondents:
20.
Total Estimated Annual Burden: 720
hours.
Frequency of Response: On occasion.
On April 9, 2019, the OCC issued a
notice for 60 days of comment
concerning this collection, 84 FR 14194.
No comments were received. Comments
continue to be invited on:
(a) Whether the collection of
information is necessary for the proper
performance of the functions of the
OCC, including whether the information
has practical utility;
(b) The accuracy of the OCC’s
estimate of the burden of the
information collection;
(c) Ways to enhance the quality,
utility, and clarity of the information to
be collected;
(d) Ways to minimize the burden of
the collection on respondents, including
through the use of automated collection
techniques or other forms of information
technology; and
(e) Estimates of capital or start-up
costs and costs of operation,
maintenance, and purchase of services
to provide information.
Dated: August 19, 2019.
Theodore J. Dowd,
Deputy Chief Counsel, Office of the
Comptroller of the Currency.
[FR Doc. 2019–18159 Filed 8–22–19; 8:45 am]
BILLING CODE 4810–33–P
DEPARTMENT OF THE TREASURY
Office of Foreign Assets Control
Notice of OFAC Sanctions Actions
Office of Foreign Assets
Control, Department of the Treasury.
ACTION: Notice.
jbell on DSK3GLQ082PROD with NOTICES
AGENCY:
The U.S. Department of the
Treasury’s Office of Foreign Assets
Control (OFAC) is publishing the names
of persons that have been placed on
OFAC’s Specially Designated Nationals
and Blocked Persons List based on
OFAC’s determination that one or more
SUMMARY:
VerDate Sep<11>2014
17:54 Aug 22, 2019
Jkt 247001
applicable legal criteria were satisfied.
All property and interests in property
subject to U.S. jurisdiction of these
persons are blocked, and U.S. persons
are generally prohibited from engaging
in transactions with them.
DATES: See SUPPLEMENTARY INFORMATION
section.
FOR FURTHER INFORMATION CONTACT:
OFAC: Associate Director for Global
Targeting, tel.: 202–622–2420; Assistant
Director for Licensing, tel.: 202–622–
2480; Assistant Director for Regulatory
Affairs, tel.: 202–622–4855; Assistant
Director for Sanctions Compliance &
Evaluation, tel.: 202–622–2490; or the
Department of the Treasury’s Office of
the General Counsel: Office of the Chief
Counsel (Foreign Assets Control), tel.:
202–622–2410.
SUPPLEMENTARY INFORMATION:
Electronic Availability
The Specially Designated Nationals
and Blocked Persons List (SDN List) and
additional information concerning
OFAC sanctions programs are available
on OFAC’s website (https://
www.treasury.gov/ofac).
Notice of OFAC Actions
On August 20, 2019, OFAC
determined that the property and
interests in property subject to U.S.
jurisdiction of the following persons are
blocked under the relevant sanctions
authority listed below.
Individuals
1. CASTRO CORDERO, Natanael,
Dominican Republic; DOB 08 Nov 1982;
POB Santo Domingo, Dominican
Republic; nationality Dominican
Republic; Gender Male; Cedula No.
001–1481029–4 (Dominican Republic)
(individual) [SDNTK]. Designated
pursuant to section 805(b)(3) of the
Foreign Narcotics Kingpin Designation
Act (‘‘Kingpin Act’’), 21 U.S.C.
1904(b)(3), for being owned, controlled,
or directed by, or acting for or on behalf
of, Cesar Emilio PERALTA, a foreign
person identified as a significant foreign
narcotics trafficker pursuant to the
Kingpin Act.
2. DEL ROSARIO PUENTE, Ramon
Antonio (a.k.a. ‘‘TONO LENA’’ (Latin:
˜ O LEN
˜ A’’)), Dominican Republic;
‘‘TON
DOB 13 Sep 1968; POB Guaymate,
Dominican Republic; nationality
Dominican Republic; Gender Male;
Cedula No. 026–0027057–9 (Dominican
Republic) (individual) [SDNTK] (Linked
To: CESAR PERALTA DRUG
TRAFFICKING ORGANIZATION).
Designated pursuant to section 805(b)(2)
of the Kingpin Act, 21 U.S.C. 1904(b)(2),
for materially assisting in, or providing
PO 00000
Frm 00081
Fmt 4703
Sfmt 4703
44355
financial or technological support for or
to, or providing goods or services in
support of, the international narcotics
trafficking activities of the CESAR
PERALTA DRUG TRAFFICKING
ORGANIZATION, a foreign person
identified as a significant foreign
narcotics trafficker pursuant to the
Kingpin Act.
3. FERNANDEZ FLAQUER, Kelvin
Enrique (a.k.a. ‘‘COTTO’’), Dominican
Republic; DOB 06 Dec 1977; POB
Higuey, Dominican Republic;
nationality Dominican Republic; Gender
Male; Cedula No. 026–0088747–1
(Dominican Republic) (individual)
[SDNTK] (Linked To: CESAR PERALTA
DRUG TRAFFICKING
ORGANIZATION). Designated pursuant
to section 805(b)(2) of the Kingpin Act,
21 U.S.C. 1904(b)(2), for materially
assisting in, or providing financial or
technological support for or to, or
providing goods or services in support
of, the international narcotics trafficking
activities of the CESAR PERALTA
DRUG TRAFFICKING ORGANIZATION,
a foreign person identified as a
significant foreign narcotics trafficker
pursuant to the Kingpin Act, and Ramon
Antonio DEL ROSARIO PUENTE, a
foreign person designated pursuant to
the Kingpin Act.
4. FERNANDEZ CONCEPCION,
Carlos Ariel, Dominican Republic; DOB
14 Jan 1973; POB Santo Domingo,
Dominican Republic; nationality
Dominican Republic; Gender Male;
Cedula No. 001–1217345–5 (Dominican
Republic) (individual) [SDNTK].
Designated pursuant to section 805(b)(3)
of the Kingpin Act, 21 U.S.C. 1904(b)(3),
for being owned, controlled, or directed
by, or acting for or on behalf of, Cesar
Emilio PERALTA, a foreign person
identified as a significant foreign
narcotics trafficker pursuant to the
Kingpin Act.
5. JAQUEZ ARAUJO, Yadher Rafael
(a.k.a. ‘‘JAKE MATE’’; a.k.a. ‘‘JAQUE
MATE’’), Dominican Republic; DOB 15
Oct 1985; POB Santo Domingo,
Dominican Republic; nationality
Dominican Republic; Gender Male;
Cedula No. 001–1733889–7 (Dominican
Republic) (individual) [SDNTK].
Designated pursuant to section 805(b)(3)
of the Kingpin Act, 21 U.S.C. 1904(b)(3),
for being owned, controlled, or directed
by, or acting for or on behalf of, Cesar
Emilio PERALTA, a foreign person
identified as a significant foreign
narcotics trafficker pursuant to the
Kingpin Act.
6. PERALTA, Cesar Emilio (a.k.a. ‘‘EL
ABUSADOR’’), Dominican Republic;
DOB 30 Jan 1975; POB Distrito
Nacional, Dominican Republic;
nationality Dominican Republic; Gender
E:\FR\FM\23AUN1.SGM
23AUN1
]]>Agencies
[Federal Register Volume 84, Number 164 (Friday, August 23, 2019)]
[Notices]
[Pages 44354-44355]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-18159]
[[Page 44354]]
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency
Agency Information Collection Activities: Information Collection
Renewal; Submission for OMB Review; Guidance Regarding Unauthorized
Access to Customer Information
AGENCY: Office of the Comptroller of the Currency (OCC), Treasury.
ACTION: Notice and request for comment.
-----------------------------------------------------------------------
SUMMARY: The OCC, as part of its continuing effort to reduce paperwork
and respondent burden, invites the general public and other federal
agencies to take this opportunity to comment on a continuing
information collection as required by the Paperwork Reduction Act of
1995 (PRA).
In accordance with the requirements of the PRA, the OCC may not
conduct or sponsor, and respondents are not required to respond to, an
information collection unless it displays a currently valid Office of
Management and Budget (OMB) control number.
The OCC is soliciting comment concerning the renewal of its
information collection titled, ``Guidance Regarding Unauthorized Access
to Customer Information.'' The OCC also is giving notice that it has
submitted the collection to OMB for review.
DATES: Comments must be submitted on or before September 23, 2019.
ADDRESSES: Commenters are encouraged to submit comments by email, if
possible. You may submit comments by any of the following methods:
Email: [email protected].
Mail: Chief Counsel's Office, Attention: Comment
Processing, 1557-0227, Office of the Comptroller of the Currency, 400
7th Street SW, Suite 3E-218, Washington, DC 20219.
Hand Delivery/Courier: 400 7th Street SW, Suite 3E-218,
Washington, DC 20219.
Fax: (571) 465-4326.
Instructions: You must include ``OCC'' as the agency name and
``1557-0227'' in your comment. In general, the OCC will publish
comments on www.reginfo.gov without change, including any business or
personal information provided, such as name and address information,
email addresses, or phone numbers. Comments received, including
attachments and other supporting materials, are part of the public
record and subject to public disclosure. Do not include any information
in your comment or supporting materials that you consider confidential
or inappropriate for public disclosure.
Additionally, please send a copy of your comments by mail to: OCC
Desk Officer, 1557-0227, U.S. Office of Management and Budget, 725 17th
Street NW, #10235, Washington, DC 20503 or by email to
[email protected].
You may review comments and other related materials that pertain to
this information collection \1\ following the close of the 30-day
comment period for this notice by any of the following methods:
---------------------------------------------------------------------------
\1\ On April 9, 2019, the OCC published a 60-day notice for this
information collection, 84 FR 14194.
---------------------------------------------------------------------------
Viewing Comments Electronically: Go to www.reginfo.gov.
Click on the ``Information Collection Review'' tab. Underneath the
``Currently under Review'' section heading, from the drop-down menu
select ``Department of Treasury'' and then click ``submit.'' This
information collection can be located by searching by OMB control
number ``1557-0227'' or ``Notice Regarding Unauthorized Access to
Customer Information.'' Upon finding the appropriate information
collection, click on the related ``ICR Reference Number.'' On the next
screen, select ``View Supporting Statement and Other Documents'' and
then click on the link to any comment listed at the bottom of the
screen.
For assistance in navigating www.reginfo.gov, please
contact the Regulatory Information Service Center at (202) 482-7340.
Viewing Comments Personally: You may personally inspect
comments at the OCC, 400 7th Street SW, Washington, DC. For security
reasons, the OCC requires that visitors make an appointment to inspect
comments. You may do so by calling (202) 649-6700 or, for persons who
are deaf or hearing impaired, TTY, (202) 649-5597. Upon arrival,
visitors will be required to present valid government-issued photo
identification and submit to security screening in order to inspect
comments.
FOR FURTHER INFORMATION CONTACT: Shaquita Merritt, OCC Clearance
Officer, (202) 649-5490 or, for persons who are deaf or hearing
impaired, TTY, (202) 649-5597, Chief Counsel's Office, Office of the
Comptroller of the Currency, 400 7th Street SW, Suite 3E-218,
Washington, DC 20219.
SUPPLEMENTARY INFORMATION: Under the PRA (44 U.S.C. 3501 et seq.),
federal agencies must obtain approval from the OMB for each collection
of information they conduct or sponsor. ``Collection of information''
is defined in 44 U.S.C. 3502(3) and 5 CFR 1320.3(c) to include agency
requests or requirements that members of the public submit reports,
keep records, or provide information to a third party. The OCC asks OMB
to extend its approval of the information collection contained in this
notice.
Title: Guidance Regarding Unauthorized Access to Customer
Information.
OMB Control No.: 1557-0227.
Description: Section 501(b) of the Gramm-Leach-Bliley Act (15
U.S.C. 6801(b)) requires the OCC to establish appropriate standards for
national banks relating to administrative, technical, and physical
safeguards: (1) To insure the security and confidentiality of customer
records and information; (2) to protect against any anticipated threats
or hazards to the security or integrity of such records; and (3) to
protect against unauthorized access to, or use of, such records or
information that could result in substantial harm or inconvenience to
any customer.
The Interagency Guidelines Establishing Information Security
Standards, 12 CFR part 30, appendix B (Security Guidelines), which
implement section 501(b), require each entity supervised by the OCC
(supervised institution) to consider and adopt a response program, as
appropriate, that specifies actions to be taken when the supervised
institution suspects or detects that unauthorized individuals have
gained access to customer information systems.
The Interagency Guidance on Response Programs for Unauthorized
Customer Information and Customer Notice (Breach Notice Guidance),\2\
which interprets the Security Guidelines, states that, at a minimum, a
supervised institution's response program should contain procedures
for:
---------------------------------------------------------------------------
\2\ 12 CFR part 30, appendix B, supplement A.
---------------------------------------------------------------------------
(1) Assessing the nature and scope of an incident, and identifying
what customer information systems and types of customer information
have been accessed or misused;
(2) Notifying its primary federal regulator as soon as possible
when the supervised institution becomes aware of an incident involving
unauthorized access to, or use of, sensitive customer information;
(3) Taking appropriate steps to contain and control the incident in
an effort to prevent further unauthorized access to, or use of,
customer information, for example, by monitoring, freezing, or closing
affected accounts, while preserving records and other evidence; and
(4) Notifying customers when warranted.
The Breach Notice Guidance states that, when a financial
institution
[[Page 44355]]
becomes aware of an incident of unauthorized access to sensitive
customer information, the institution should conduct a reasonable
investigation to determine the likelihood that the information has been
misused. If the institution determines that the misuse of its
information about a customer has occurred or is reasonably possible, it
should notify the affected customer as soon as possible.
Type of Review: Regular.
Affected Public: Businesses or other for-profit.
Estimated Number of Respondents: 20.
Total Estimated Annual Burden: 720 hours.
Frequency of Response: On occasion.
On April 9, 2019, the OCC issued a notice for 60 days of comment
concerning this collection, 84 FR 14194. No comments were received.
Comments continue to be invited on:
(a) Whether the collection of information is necessary for the
proper performance of the functions of the OCC, including whether the
information has practical utility;
(b) The accuracy of the OCC's estimate of the burden of the
information collection;
(c) Ways to enhance the quality, utility, and clarity of the
information to be collected;
(d) Ways to minimize the burden of the collection on respondents,
including through the use of automated collection techniques or other
forms of information technology; and
(e) Estimates of capital or start-up costs and costs of operation,
maintenance, and purchase of services to provide information.
Dated: August 19, 2019.
Theodore J. Dowd,
Deputy Chief Counsel, Office of the Comptroller of the Currency.
[FR Doc. 2019-18159 Filed 8-22-19; 8:45 am]
BILLING CODE 4810-33-P
