81 FR 21666 - Agency Information Collection Activities: Information Collection Renewal; Comment Request; Notice Regarding Unauthorized Access to Customer Information
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency Federal Register Volume 81, Issue 70 (April 12, 2016)
Office of the Comptroller of the Currency
Federal Register Volume 81, Issue 70 (April 12, 2016)
| Page Range | 21666-21667 | |
| FR Document | 2016-08321 |
[Federal Register Volume 81, Number 70 (Tuesday, April 12, 2016)] [Notices] [Pages 21666-21667] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2016-08321] ======================================================================= ----------------------------------------------------------------------- DEPARTMENT OF THE TREASURY Office of the Comptroller of the Currency Agency Information Collection Activities: Information Collection Renewal; Comment Request; Notice Regarding Unauthorized Access to Customer Information AGENCY: Office of the Comptroller of the Currency (OCC), Treasury. ACTION: Notice and request for comment. ----------------------------------------------------------------------- SUMMARY: The OCC, as part of its continuing effort to reduce paperwork and respondent burden, invites the general public and other Federal agencies to comment on a continuing information collection, as required by the Paperwork Reduction Act of 1995 (PRA). In accordance with the requirements of the PRA, the OCC may not conduct or sponsor, and the respondent is not required to respond to, an information collection unless it displays a currently valid Office of Management and Budget (OMB) control number. The OCC is soliciting comment concerning its information collection titled, ``Notice Regarding Unauthorized Access to Customer Information.'' DATES: Comments must be submitted on or before June 13, 2016. ADDRESSES: Because paper mail in the Washington, DC area and at the OCC is subject to delay, commenters are encouraged to submit comments by email, if possible. Comments may be sent to: Legislative and Regulatory Activities Division, Office of the Comptroller of the Currency, Attention: 1557-0227, 400 7th Street SW., Suite 3E-218, Mail Stop 9W- 11, Washington, DC 20219. In addition, comments may be sent by fax to (571) 465-4326 or by electronic mail to [email protected]. You may personally inspect and photocopy comments at the OCC, 400 7th Street SW., Washington, DC 20219. For security reasons, the OCC requires that visitors make an appointment to inspect comments. You may do so by calling (202) 649-6700 or, for persons who are deaf or hard of hearing, TTY, (202) 649-5597. Upon [[Page 21667]] arrival, visitors will be required to present valid government-issued photo identification and to submit to security screening in order to inspect and photocopy comments. All comments received, including attachments and other supporting materials, are part of the public record and subject to public disclosure. Do not include any information in your comment or supporting materials that you consider confidential or inappropriate for public disclosure. FOR FURTHER INFORMATION CONTACT: Shaquita Merritt, OCC Clearance Officer, (202) 649-5490 or, for persons who are deaf or hard of hearing, TTY, (202) 649-5597, Legislative and Regulatory Activities Division, Office of the Comptroller of the Currency, 400 7th Street SW., Suite 3E-218, Mail Stop 9W-11, Washington, DC 20219. SUPPLEMENTARY INFORMATION: Under the PRA (44 U.S.C. 3501-3520), Federal agencies must obtain approval from the OMB for each collection of information they conduct or sponsor. ``Collection of information'' is defined in 44 U.S.C. 3502(3) and 5 CFR 1320.3(c) to include agency requests or requirements that members of the public submit reports, keep records, or provide information to a third party. Section 3506(c)(2)(A) of the PRA (44 U.S.C. 3506(c)(2)(A)) requires Federal agencies to provide a 60-day notice in the Federal Register concerning each proposed collection of information, including each proposed extension of an existing collection of information, before submitting the collection to OMB for approval. To comply with this requirement, the OCC is publishing notice of the proposed collection of information set forth in this document. The OCC is proposing to extend, with revision, the approval of the following information collection: Title: Notice Regarding Unauthorized Access to Customer Information. OMB Control No.: 1557-0227. Description: Section 501(b) of the Gramm-Leach-Bliley Act (15 U.S.C. 6801) requires the OCC to establish appropriate standards for national banks relating to administrative, technical, and physical safeguards: (1) To insure the security and confidentiality of customer records and information; (2) to protect against any anticipated threats or hazards to the security or integrity of such records; and (3) to protect against unauthorized access to, or use of, such records or information that could result in substantial harm or inconvenience to any customer. The Interagency Guidelines Establishing Information Security Standards, 12 CFR part 30, Appendix B and part 170, Appendix B (collectively, Security Guidelines), which implement section 501(b), require each entity supervised by the OCC (supervised institution) to consider and adopt a response program, as appropriate, that specifies actions to be taken when the supervised institution suspects or detects that unauthorized individuals have gained access to customer information. The Interagency Guidance on Response Programs for Unauthorized Customer Information and Customer Notice (Breach Notice Guidance \1\), which interprets the Security Guidelines, states that, at a minimum, a supervised institution's response program should contain procedures for the following: --------------------------------------------------------------------------- \1\ 12 CFR part 30, Appendix B, Supplement A. --------------------------------------------------------------------------- (1) Assessing the nature and scope of an incident, and identifying what customer information systems and types of customer information have been accessed or misused; (2) Notifying its primary Federal regulator as soon as possible when the supervised institution becomes aware of an incident involving unauthorized access to, or use of, sensitive customer information; (3) Consistent with the OCC's Suspicious Activity Report regulations, notifying appropriate law enforcement authorities and filing a timely SAR in situations in which a Federal criminal violation requires immediate attention, such as when a reportable violation is ongoing; (4) Taking appropriate steps to contain and control the incident in an effort to prevent further unauthorized access to, or use of, customer information, for example, by monitoring, freezing, or closing affected accounts, while preserving records and other evidence; and (5) Notifying customers as warranted. This collection of information covers the notice provisions in the Breach Notice Guidance. Type of Review: Regular. Affected Public: Businesses or other for-profit. Estimated Number of Respondents: 20. Total Estimated Annual Burden: 720 hours. Frequency of Response: On occasion. Comments submitted in response to this notice will be summarized and included in the request for OMB approval. All comments will become a matter of public record. Comments are invited on: (a) Whether the collection of information is necessary for the proper performance of the functions of the OCC, including whether the information has practical utility; (b) The accuracy of the OCC's estimate of the burden of the information collection; (c) Ways to enhance the quality, utility, and clarity of the information to be collected; (d) Ways to minimize the burden of the collection on respondents, including through the use of automated collection techniques or other forms of information technology; and (e) Estimates of capital or start-up costs and costs of operation, maintenance, and purchase of services to provide information. Dated: April 6, 2016. Mary Hoyle Gottlieb, Regulatory Specialist, Legislative and Regulatory Activities Division. [FR Doc. 2016-08321 Filed 4-11-16; 8:45 am] BILLING CODE 4810-33-P
![21666 Federal Register / Vol. 81, No. 70 / Tuesday, April 12, 2016 / Notices
‘‘substantive’’ requirements of FMVSS surprising. Further, vehicle lighting Authority: 49 U.S.C. 30118, 30120:
No. 108, but has provided no functions as a signal to other motorists delegations of authority at 49 CFR 1.95 and
information as to which requirements it and pedestrians; if other motorists 501.8.
considers ‘‘substantive’’ and which it found the noncompliant lighting Gregory K. Rea,
does not. Morgan has submitted no confusing, it is unlikely that those Associate Administrator for Enforcement.
compliance testing data or information motorists would have been able to [FR Doc. 2016–08360 Filed 4–11–16; 8:45 am]
showing that the lamps comply with all identify the subject vehicle and make a
BILLING CODE 4910–59–P
relevant requirements. Without such complaint to either NHTSA or Morgan.
information and data, and without a Most importantly, the absence of a
‘‘DOT’’ mark on the headlamp to imply complaint does not mean there have not
that such information and data exist, the been any safety issues, nor does it mean DEPARTMENT OF THE TREASURY
agency is unable to conclude that the that there will not be safety issues in the
lack of the ‘‘DOT’’ mark is the only future. Office of the Comptroller of the
noncompliant aspect of the headlamps. Finally, the agency observes that Currency
In addition to the arguments although Morgan’s Part 573 report and
Agency Information Collection
addressed above, the agency is also not inconsequentiality petition only
Activities: Information Collection
persuaded by two additional arguments concern the headlamp spacing and
Renewal; Comment Request; Notice
Morgan makes for why it believes headlamp marking noncompliances, the
Regarding Unauthorized Access to
NHTSA should grant the petition with subject vehicles may also fail to comply
Customer Information
respect to both noncompliances. First, with other applicable FMVSSs. For
Morgan argues that its petition should example, a motorcycle headlamp that AGENCY: Office of the Comptroller of the
be granted because the subject vehicle is incorporates a replaceable light source Currency (OCC), Treasury.
an exotic vehicle produced in very low that does not comply with FMVSS No. ACTION: Notice and request for
numbers and likely to be operated on a 108, paragraph S11 (e.g., an H4 light comment.
limited basis, as opposed to a passenger source which is only permitted on
automobile designed to be used as a motorcycle specific headlamps) is also SUMMARY: The OCC, as part of its
family’s primary passenger vehicle. In required to have the headlamp lens continuing effort to reduce paperwork
support of this argument, Morgan cites permanently marked ‘‘motorcycle.’’ This and respondent burden, invites the
two previous agency decisions granting marking may not have appeared on the general public and other Federal
inconsequentiality petitions.21 Both headlamps of one of the subject vehicles agencies to comment on a continuing
petitions concerned noncompliances the agency observed. information collection, as required by
with automatic restraint requirements in Morgan’s proposed remedy: Morgan the Paperwork Reduction Act of 1995
FMVSS No. 208. The agency’s decisions proposes to add a single FMVSS No. 108 (PRA).
in those situations were based on the compliant headlamp on the M3W’s In accordance with the requirements
fact that it had already granted vertical centerline and have the original, of the PRA, the OCC may not conduct
temporary exemption petitions from noncompliant headlamps remain as or sponsor, and the respondent is not
both manufacturers for the vehicle separately switched auxiliary lamps. required to respond to, an information
models at issue in those Paragraph S6.2.1 of FMVSS No. 108 collection unless it displays a currently
inconsequentiality petitions. The agency requires that any additional lighting valid Office of Management and Budget
has not previously granted Morgan a elements (i.e., lighting elements that are (OMB) control number.
temporary exemption for the not required by the standard) installed The OCC is soliciting comment
noncompliances at issue in the present on a vehicle must not impair the concerning its information collection
petition. Moreover, the ‘‘vehicle effectiveness of lighting equipment titled, ‘‘Notice Regarding Unauthorized
attributes’’ that Morgan implies those required by the standard. A motorcycle Access to Customer Information.’’
grants were based on—that the vehicles equipped with both a compliant single
DATES: Comments must be submitted on
were exotic vehicles likely operated on headlighting system and an auxiliary
(supplemental) dual-headlamp system or before June 13, 2016.
a limited basis—were simply arguments
made by the petitioners in those cases, might be prohibited by the impairment ADDRESSES: Because paper mail in the
and not, as Morgan’s petition implies, provision. The proximity of the Washington, DC area and at the OCC is
the basis for the agency’s decision. auxiliary lamps to the required front subject to delay, commenters are
NHTSA expects manufacturers to fulfill turn signal lamps might also raise encouraged to submit comments by
their duties and responsibilities to impairment concerns. We strongly email, if possible. Comments may be
provide vehicles that meet all safety encourage Morgan to review the sent to: Legislative and Regulatory
standards regardless of production standard to ensure that its remedy does Activities Division, Office of the
volume or estimated consumer use. indeed comply with all applicable Comptroller of the Currency, Attention:
Second, Morgan states that there have requirements. 1557–0227, 400 7th Street SW., Suite
been no reports of any safety issues or NHTSA’s Decision: After carefully 3E–218, Mail Stop 9W–11, Washington,
injuries related to the subject considering the arguments presented on DC 20219. In addition, comments may
noncompliances. NHTSA does not this matter, NHTSA finds that the be sent by fax to (571) 465–4326 or by
consider the absence of complaints to petitioner has not met its burden of electronic mail to regs.comments@
show that the noncompliances are persuasion in establishing that the occ.treas.gov. You may personally
asabaliauskas on DSK3SPTVN1PROD with NOTICES
inconsequential to safety. The subject described noncompliances in the inspect and photocopy comments at the
vehicle population is small, so the lack subject vehicles are inconsequential to OCC, 400 7th Street SW., Washington,
of reports or complaints may not be motor vehicle safety. Accordingly, DC 20219. For security reasons, the OCC
Morgan’s petition is hereby denied, and requires that visitors make an
21 60 FR 27593, May 24, 1995 (grant of
Morgan must notify owners, purchasers appointment to inspect comments. You
inconsequentiality petition from Excalibur and dealers pursuant to 49 U.S.C. 30118 may do so by calling (202) 649–6700 or,
Automobile Corp.); 61 FR 9517, Mar. 8, 1996 (grant
of inconsequentiality petition from Cantab Motors, and provide a free remedy in for persons who are deaf or hard of
Ltd.). accordance with 49 U.S.C. 30120. hearing, TTY, (202) 649–5597. Upon
VerDate Sep<11>2014 17:18 Apr 11, 2016 Jkt 238001 PO 00000 Frm 00134 Fmt 4703 Sfmt 4703 E:\FR\FM\12APN1.SGM 12APN1](https://thefederalregister.org/doc/81_FR_21736/page/1.svg)
![Federal Register / Vol. 81, No. 70 / Tuesday, April 12, 2016 / Notices 21667
arrival, visitors will be required to Standards, 12 CFR part 30, Appendix B performance of the functions of the
present valid government-issued photo and part 170, Appendix B (collectively, OCC, including whether the information
identification and to submit to security Security Guidelines), which implement has practical utility;
screening in order to inspect and section 501(b), require each entity (b) The accuracy of the OCC’s
photocopy comments. supervised by the OCC (supervised estimate of the burden of the
All comments received, including institution) to consider and adopt a information collection;
attachments and other supporting response program, as appropriate, that (c) Ways to enhance the quality,
materials, are part of the public record specifies actions to be taken when the utility, and clarity of the information to
and subject to public disclosure. Do not supervised institution suspects or be collected;
include any information in your detects that unauthorized individuals (d) Ways to minimize the burden of
comment or supporting materials that have gained access to customer the collection on respondents, including
you consider confidential or information. through the use of automated collection
inappropriate for public disclosure. The Interagency Guidance on techniques or other forms of information
FOR FURTHER INFORMATION CONTACT: Response Programs for Unauthorized technology; and
Shaquita Merritt, OCC Clearance Customer Information and Customer (e) Estimates of capital or start-up
Officer, (202) 649–5490 or, for persons Notice (Breach Notice Guidance 1), costs and costs of operation,
who are deaf or hard of hearing, TTY, which interprets the Security maintenance, and purchase of services
(202) 649–5597, Legislative and Guidelines, states that, at a minimum, a to provide information.
Regulatory Activities Division, Office of supervised institution’s response
Dated: April 6, 2016.
the Comptroller of the Currency, 400 7th program should contain procedures for
the following: Mary Hoyle Gottlieb,
Street SW., Suite 3E–218, Mail Stop Regulatory Specialist, Legislative and
(1) Assessing the nature and scope of
9W–11, Washington, DC 20219. Regulatory Activities Division.
an incident, and identifying what
SUPPLEMENTARY INFORMATION: Under the customer information systems and types [FR Doc. 2016–08321 Filed 4–11–16; 8:45 am]
PRA (44 U.S.C. 3501–3520), Federal of customer information have been BILLING CODE 4810–33–P
agencies must obtain approval from the accessed or misused;
OMB for each collection of information (2) Notifying its primary Federal
they conduct or sponsor. ‘‘Collection of regulator as soon as possible when the DEPARTMENT OF VETERANS
information’’ is defined in 44 U.S.C. supervised institution becomes aware of AFFAIRS
3502(3) and 5 CFR 1320.3(c) to include an incident involving unauthorized
agency requests or requirements that access to, or use of, sensitive customer [OMB Control No. 2900–0219]
members of the public submit reports, information;
keep records, or provide information to (3) Consistent with the OCC’s Proposed Information Collection
a third party. Section 3506(c)(2)(A) of Suspicious Activity Report regulations, (Civilian Health And Medical Program
the PRA (44 U.S.C. 3506(c)(2)(A)) notifying appropriate law enforcement of the Department of Veterans Affairs
requires Federal agencies to provide a authorities and filing a timely SAR in (CHAMPVA) Benefits—Application,
60-day notice in the Federal Register situations in which a Federal criminal Claim, Other Health Insurance &
concerning each proposed collection of violation requires immediate attention, Potential Liability); Activity: Comment
information, including each proposed such as when a reportable violation is Request
extension of an existing collection of ongoing; AGENCY: Veterans Health
information, before submitting the (4) Taking appropriate steps to Administration, Department of Veterans
collection to OMB for approval. To contain and control the incident in an Affairs.
comply with this requirement, the OCC effort to prevent further unauthorized
access to, or use of, customer ACTION: Notice.
is publishing notice of the proposed
collection of information set forth in information, for example, by SUMMARY: The Veterans Health
this document. monitoring, freezing, or closing affected Administration (VHA) is announcing an
The OCC is proposing to extend, with accounts, while preserving records and opportunity for public comment on the
revision, the approval of the following other evidence; and proposed collection of certain
information collection: (5) Notifying customers as warranted.
This collection of information covers information by the agency. Under the
Title: Notice Regarding Unauthorized Paperwork Reduction Act (PRA) of
Access to Customer Information. the notice provisions in the Breach
Notice Guidance. 1995, Federal agencies are required to
OMB Control No.: 1557–0227. publish notice in the Federal Register
Description: Section 501(b) of the Type of Review: Regular.
Affected Public: Businesses or other concerning each proposed collection of
Gramm-Leach-Bliley Act (15 U.S.C. information, including each proposed
6801) requires the OCC to establish for-profit.
Estimated Number of Respondents: revision of a currently approved
appropriate standards for national banks collection, and allow 60 days for public
20.
relating to administrative, technical, and Total Estimated Annual Burden: 720 comment in response to the notice. This
physical safeguards: (1) To insure the hours. notice solicits comments on information
security and confidentiality of customer Frequency of Response: On occasion. needed to identify areas for
records and information; (2) to protect Comments submitted in response to improvement in clinical training
against any anticipated threats or
asabaliauskas on DSK3SPTVN1PROD with NOTICES
this notice will be summarized and programs.
hazards to the security or integrity of included in the request for OMB
such records; and (3) to protect against DATES: Written comments and
approval. All comments will become a
unauthorized access to, or use of, such matter of public record. Comments are recommendations on the proposed
records or information that could result invited on: collection of information should be
in substantial harm or inconvenience to (a) Whether the collection of received on or before June 13, 2016.
any customer. information is necessary for the proper ADDRESSES: Submit written comments
The Interagency Guidelines on the collection of information through
Establishing Information Security 1 12 CFR part 30, Appendix B, Supplement A. the Federal Docket Management System
VerDate Sep<11>2014 17:18 Apr 11, 2016 Jkt 238001 PO 00000 Frm 00135 Fmt 4703 Sfmt 4703 E:\FR\FM\12APN1.SGM 12APN1](https://thefederalregister.org/doc/81_FR_21736/page/2.svg)
Document Created: 2016-04-12 00:46:57
Document Modified: 2016-04-12 00:46:57
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Notice and request for comment. | |
| Dates | Comments must be submitted on or before June 13, 2016. | |
| Contact | Shaquita Merritt, OCC Clearance Officer, (202) 649-5490 or, for persons who are deaf or hard of hearing, TTY, (202) 649-5597, Legislative and Regulatory Activities Division, Office of the Comptroller of the Currency, 400 7th Street SW., Suite 3E-218, Mail Stop 9W-11, Washington, DC 20219. | |
| FR Citation | 81 FR 21666 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR