[Federal Register: November 20, 2006 (Volume 71, Number 223)]
[Notices]
[Page 67204-67205]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr20no06-116]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency
Agency Information Collection Activities: Proposed Information
Collection; Comment Request
AGENCY: Office of the Comptroller of the Currency (OCC), Treasury.
ACTION: Notice and request for comment.
-----------------------------------------------------------------------
SUMMARY: The OCC, as part of its continuing effort to reduce paperwork
and respondent burden, invites the general public and other Federal
agencies to take this opportunity to comment on a continuing
information collection, as required by the Paperwork Reduction Act of
1995. An agency may not conduct or sponsor, and a respondent is not
required to respond to, an information collection unless it displays a
currently valid OMB control number. The OCC is soliciting comment
concerning its information collection titled, ``Notice Regarding
Unauthorized Access to Customer Information.''
DATES: You should submit comments by January 19, 2007.
ADDRESSES: Communications Division, Office of the Comptroller of the
Currency, Public Information Room, Mailstop 1-5, Attention: 1557-0227,
250 E Street, SW., Washington, DC 20219. In addition, comments may be
sent by fax to (202) 874-4448, or by electronic mail to
regs.comments@occ.treas.gov. You can inspect and photocopy the comments
at the OCC's Public Information Room, 250 E Street, SW., Washington, DC
20219. You can make an appointment to inspect the comments by calling
(202) 874-5043.
Additionally, you should send a copy of your comments to OCC Desk
Officer, 1557-0227, by mail to U.S. Office of Management and Budget,
725 17th Street, NW., 10235, Washington, DC 20503, or by fax
to (202) 395-6974.
FOR FURTHER INFORMATION CONTACT: You can request additional information
or a copy of the collection from Mary Gottlieb, OCC Clearance Officer,
or Camille Dickerson, (202) 874-5090, Legislative and Regulatory
Activities Division, Office of the Comptroller of the Currency, 250 E
Street, SW., Washington, DC 20219.
SUPPLEMENTARY INFORMATION: The OCC is proposing to extend, without
revision, the approval of the following information collection:
Title: Notice Regarding Unauthorized Access to Customer
Information.
OMB Number: 1557-0227.
Description: Section 501(b) of the Gramm-Leach-Bliley Act (15
U.S.C. 6901) requires the OCC to establish standards for national banks
relating to administrative, technical, and physical safeguards to: (1)
Insure the security and confidentiality of customer records and
information; (2) protect against any anticipated threats or hazards to
the security or integrity of such records; and (3) protect against
unauthorized access to or use of such records or information that could
result in substantial harm or inconvenience to any customer.
The Interagency Guidelines Establishing Information Security
Standards, 12 CFR part 30, Appendix B (Security Guidelines)
implementing section 501(b) require each bank to consider and adopt a
response program, if appropriate, that specifies actions to be taken
when the bank suspects or detects that unauthorized individuals have
gained access to customer information.
The Interagency Guidance on Response Programs for Unauthorized
Customer Information and Customer Notice (Breach Notice Guidance),
which
[[Page 67205]]
interprets the Security Guidelines states that, at a minimum, a bank's
response program should contain procedures for the following:
(1) Assessing the nature and scope of an incident, and identifying
what customer information systems and types of customer information
have been accessed or misused;
(2) Notifying its primary Federal regulator as soon as possible
when the bank becomes aware of an incident involving unauthorized
access to or use of sensitive customer information;
(3) Consistent with the OCC's Suspicious Activity Report
regulations, notifying appropriate law enforcement authorities, in
addition to filing a timely SAR in situations involving Federal
criminal violations requiring immediate attention, such as when a
reportable violation is ongoing;
(4) Taking appropriate steps to contain and control the incident to
prevent further unauthorized access to or use of customer information,
for example, by monitoring, freezing, or closing affected accounts,
while preserving records and other evidence; and
(5) Notifying customers when warranted.
This collection of information covers the notice provisions in the
Breach Notice Guidance.
Type of Review: Extension of a currently approved collection.
Affected Public: Individuals; Businesses or other for-profit.
Estimated Number of Respondents: 2,200.
Estimated Total Annual Responses: 2,244.
Frequency of Response: On occasion.
Estimated Total Annual Burden: 53,844 hours.
Comments submitted in response to this notice will be summarized
and included in the request for OMB approval. All comments will become
a matter of public record. Comments are invited on:
(a) Whether the collection of information is necessary for the
proper performance of the functions of the agency, including whether
the information has practical utility;
(b) The accuracy of the agency's estimate of the burden of the
collection of information;
(c) Ways to enhance the quality, utility, and clarity of the
information to be collected;
(d) Ways to minimize the burden of the collection on respondents,
including through the use of automated collection techniques or other
forms of information technology;
(e) Estimates of capital or startup costs and costs of operation,
maintenance, and purchase of services to provide information; and
(f) Whether the estimates need to be adjusted based upon banks'
experience regarding the number of actual security breaches that occur.
Dated: November 14, 2006.
Stuart Feldstein,
Assistant Director, Legislative and Regulatory Activities Division.
[FR Doc. E6-19511 Filed 11-17-06; 8:45 am]
BILLING CODE 4810-33-P