[Federal Register Volume 81, Number 70 (Tuesday, April 12, 2016)]
[Notices]
[Pages 21666-21667]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-08321]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency
Agency Information Collection Activities: Information Collection
Renewal; Comment Request; Notice Regarding Unauthorized Access to
Customer Information
AGENCY: Office of the Comptroller of the Currency (OCC), Treasury.
ACTION: Notice and request for comment.
-----------------------------------------------------------------------
SUMMARY: The OCC, as part of its continuing effort to reduce paperwork
and respondent burden, invites the general public and other Federal
agencies to comment on a continuing information collection, as required
by the Paperwork Reduction Act of 1995 (PRA).
In accordance with the requirements of the PRA, the OCC may not
conduct or sponsor, and the respondent is not required to respond to,
an information collection unless it displays a currently valid Office
of Management and Budget (OMB) control number.
The OCC is soliciting comment concerning its information collection
titled, ``Notice Regarding Unauthorized Access to Customer
Information.''
DATES: Comments must be submitted on or before June 13, 2016.
ADDRESSES: Because paper mail in the Washington, DC area and at the OCC
is subject to delay, commenters are encouraged to submit comments by
email, if possible. Comments may be sent to: Legislative and Regulatory
Activities Division, Office of the Comptroller of the Currency,
Attention: 1557-0227, 400 7th Street SW., Suite 3E-218, Mail Stop 9W-
11, Washington, DC 20219. In addition, comments may be sent by fax to
(571) 465-4326 or by electronic mail to [email protected].
You may personally inspect and photocopy comments at the OCC, 400 7th
Street SW., Washington, DC 20219. For security reasons, the OCC
requires that visitors make an appointment to inspect comments. You may
do so by calling (202) 649-6700 or, for persons who are deaf or hard of
hearing, TTY, (202) 649-5597. Upon
[[Page 21667]]
arrival, visitors will be required to present valid government-issued
photo identification and to submit to security screening in order to
inspect and photocopy comments.
All comments received, including attachments and other supporting
materials, are part of the public record and subject to public
disclosure. Do not include any information in your comment or
supporting materials that you consider confidential or inappropriate
for public disclosure.
FOR FURTHER INFORMATION CONTACT: Shaquita Merritt, OCC Clearance
Officer, (202) 649-5490 or, for persons who are deaf or hard of
hearing, TTY, (202) 649-5597, Legislative and Regulatory Activities
Division, Office of the Comptroller of the Currency, 400 7th Street
SW., Suite 3E-218, Mail Stop 9W-11, Washington, DC 20219.
SUPPLEMENTARY INFORMATION: Under the PRA (44 U.S.C. 3501-3520), Federal
agencies must obtain approval from the OMB for each collection of
information they conduct or sponsor. ``Collection of information'' is
defined in 44 U.S.C. 3502(3) and 5 CFR 1320.3(c) to include agency
requests or requirements that members of the public submit reports,
keep records, or provide information to a third party. Section
3506(c)(2)(A) of the PRA (44 U.S.C. 3506(c)(2)(A)) requires Federal
agencies to provide a 60-day notice in the Federal Register concerning
each proposed collection of information, including each proposed
extension of an existing collection of information, before submitting
the collection to OMB for approval. To comply with this requirement,
the OCC is publishing notice of the proposed collection of information
set forth in this document.
The OCC is proposing to extend, with revision, the approval of the
following information collection:
Title: Notice Regarding Unauthorized Access to Customer
Information.
OMB Control No.: 1557-0227.
Description: Section 501(b) of the Gramm-Leach-Bliley Act (15
U.S.C. 6801) requires the OCC to establish appropriate standards for
national banks relating to administrative, technical, and physical
safeguards: (1) To insure the security and confidentiality of customer
records and information; (2) to protect against any anticipated threats
or hazards to the security or integrity of such records; and (3) to
protect against unauthorized access to, or use of, such records or
information that could result in substantial harm or inconvenience to
any customer.
The Interagency Guidelines Establishing Information Security
Standards, 12 CFR part 30, Appendix B and part 170, Appendix B
(collectively, Security Guidelines), which implement section 501(b),
require each entity supervised by the OCC (supervised institution) to
consider and adopt a response program, as appropriate, that specifies
actions to be taken when the supervised institution suspects or detects
that unauthorized individuals have gained access to customer
information.
The Interagency Guidance on Response Programs for Unauthorized
Customer Information and Customer Notice (Breach Notice Guidance \1\),
which interprets the Security Guidelines, states that, at a minimum, a
supervised institution's response program should contain procedures for
the following:
---------------------------------------------------------------------------
\1\ 12 CFR part 30, Appendix B, Supplement A.
---------------------------------------------------------------------------
(1) Assessing the nature and scope of an incident, and identifying
what customer information systems and types of customer information
have been accessed or misused;
(2) Notifying its primary Federal regulator as soon as possible
when the supervised institution becomes aware of an incident involving
unauthorized access to, or use of, sensitive customer information;
(3) Consistent with the OCC's Suspicious Activity Report
regulations, notifying appropriate law enforcement authorities and
filing a timely SAR in situations in which a Federal criminal violation
requires immediate attention, such as when a reportable violation is
ongoing;
(4) Taking appropriate steps to contain and control the incident in
an effort to prevent further unauthorized access to, or use of,
customer information, for example, by monitoring, freezing, or closing
affected accounts, while preserving records and other evidence; and
(5) Notifying customers as warranted.
This collection of information covers the notice provisions in the
Breach Notice Guidance.
Type of Review: Regular.
Affected Public: Businesses or other for-profit.
Estimated Number of Respondents: 20.
Total Estimated Annual Burden: 720 hours.
Frequency of Response: On occasion.
Comments submitted in response to this notice will be summarized
and included in the request for OMB approval. All comments will become
a matter of public record. Comments are invited on:
(a) Whether the collection of information is necessary for the
proper performance of the functions of the OCC, including whether the
information has practical utility;
(b) The accuracy of the OCC's estimate of the burden of the
information collection;
(c) Ways to enhance the quality, utility, and clarity of the
information to be collected;
(d) Ways to minimize the burden of the collection on respondents,
including through the use of automated collection techniques or other
forms of information technology; and
(e) Estimates of capital or start-up costs and costs of operation,
maintenance, and purchase of services to provide information.
Dated: April 6, 2016.
Mary Hoyle Gottlieb,
Regulatory Specialist, Legislative and Regulatory Activities Division.
[FR Doc. 2016-08321 Filed 4-11-16; 8:45 am]
BILLING CODE 4810-33-P