Daily Rules, Proposed Rules, and Notices of the Federal Government

• Home
• Departments
• Agencies
• Dates

Top Searches

Popular Sites

Common CFR Searches

Federal Register: February 27, 2007 (Volume 72, Number 38)

DOCID: fr27fe07-163 FR Doc E7-3266

DEPARTMENT OF THE TREASURY

Comptroller of the Currency

NOTICE: NOTICES

DOCID: fr27fe07-163

DOCUMENT ACTION: Notice and request for comment.

SUBJECT CATEGORY:

Agency Information Collection Activities: Submission for OMB Review; Comment Request

DATES: You should submit comments by March 29, 2007.

DOCUMENT SUMMARY:

The OCC, as part of its continuing effort to reduce paperwork and respondent burden, invites the general public and other Federal agencies to take this opportunity to comment on a continuing information collection, as required by the Paperwork Reduction Act of 1995. An agency may not conduct or sponsor, and a respondent is not required to respond to, an information collection unless it displays a currently valid OMB control number. The OCC is soliciting comment concerning its information collection titled, ``Notice Regarding Unauthorized
[[Page 8836]]
Access to Customer Information.'' The OCC is also giving notice that it has sent the information collection to OMB for review.

SUMMARY:

Agency information collection activities; proposals, submissions, and approvals,

SUPPLEMENTAL INFORMATION

The OCC is proposing to extend, without revision, the approval of the following information collection:

Title: Notice Regarding Unauthorized Access to Customer Information.

OMB Number: 15570227.

Description: Section 501(b) of the GrammLeachBliley Act (15 U.S.C. 6901) requires the OCC to establish standards for national banks relating to administrative, technical, and physical safeguards to: (1) Insure the security and confidentiality of customer records and information; (2) protect against any anticipated threats or hazards to the security or integrity of such records; and (3) protect against unauthorized access to or use of such records or information that could result in substantial harm or inconvenience to any customer.

The Interagency Guidelines Establishing Information Security Standards, 12 CFR Part 30, Appendix B (Security Guidelines) implementing section 501(b) require each bank to consider and adopt a response program, if appropriate, that specifies actions to be taken when the bank suspects or detects that unauthorized individuals have gained access to customer information.

The Interagency Guidance on Response Programs for Unauthorized Customer Information and Customer Notice (Breach Notice Guidance), which interprets the Security Guidelines states that, at a minimum, a bank's response program should contain procedures for the following: (1) Assessing the nature and scope of an incident, and identifying what customer information systems and types of customer information have been accessed or misused;
(2) Notifying its primary Federal regulator as soon as possible when the bank becomes aware of an incident involving unauthorized access to or use of sensitive customer information;
(3) Consistent with the OCC's Suspicious Activity Report regulations, notifying appropriate law enforcement authorities, in addition to filing a timely SAR in situations involving Federal criminal violations requiring immediate attention, such as when a reportable violation is ongoing;
(4) Taking appropriate steps to contain and control the incident to prevent further unauthorized access to or use of customer information, for example, by monitoring, freezing, or closing affected accounts, while preserving records and other evidence; and

(5) Notifying customers when warranted.

This collection of information covers the notice provisions in the Breach Notice Guidance.

Type of Review: Extension of a currently approved collection.

Affected Public: Individuals; Businesses or other forprofit.

Estimated Number of Respondents: 2,200.

Estimated Total Annual Responses: 2,244.

Frequency of Response: On occasion.

Estimated Total Annual Burden: 53,844 hours.

A 60day notice requesting comment was published on November 20, 2006 (71 FR 67204). No comments were received. Comments continued to be invited on:
(a) Whether the collection of information is necessary for the proper performance of the functions of the agency, including whether the information has practical utility;
(b) The accuracy of the agency's estimate of the burden of the collection of information;
(c) Ways to enhance the quality, utility, and clarity of the information to be collected;
(d) Ways to minimize the burden of the collection on respondents, including through the use of automated collection techniques or other forms of information technology;
(e) Estimates of capital or startup costs and costs of operation, maintenance, and purchase of services to provide information; and (f) Whether the estimates need to be adjusted based upon banks' experience regarding the number of actual security breaches that occur.

Dated: February 21, 2007.
Stuart Feldstein,
Assistant Director, Legislative and Regulatory Activities Division, Office of the Comptroller of the Currency.
[FR Doc. E73266 Filed 22607; 8:45 am]
BILLING CODE 481033P

FOR FURTHER INFORMATION CONTACT

You can request additional information or a copy of the collection from Mary Gottlieb, OCC Clearance Officer, or Camille Dickerson, (202) 8745090, Legislative and Regulatory Activities Division, Office of the Comptroller of the Currency, 250 E Street, SW., Washington, DC 20219.