Supporting Statement
OMB Control Number 1557-0216
Privacy of Consumer Financial Information (12 CFR 40)
A. Justification
1. Circumstances that make the collection necessary:
These information collection requirements are required under the Gramm-Leach-Bliley Act (Act) (Pub. L. 106-102), which required the OCC to issue regulations as necessary to implement notice requirements and restrictions on a financial institution’s ability to disclose nonpublic personal information about consumers to nonaffiliated third parties.
2. Use of the information:
Consumers use the privacy notice to determine whether they want personal information disclosed to third parties that are not affiliated with the institution. Further, consumers use the opt-out notice mechanism to advise the bank of their wishes regarding disclosure of their personal information. Institutions use the opt-out information to determine the wishes of their consumers and to act appropriately.
3. Consideration of the use of improved information technology:
The collections are disclosures, filings from consumers, and internal institution records. Institutions are not prohibited from using any technology that facilitates consumer understanding and response, and that permits review, as appropriate, by examiners.
4. Efforts to identify duplication:
The collections of information are unique and cover the institution’s particular circumstances. No duplication exists.
5. Methods used to minimize burden if the collection has a significant impact on a substantial number of small entities:
The information collection requirements do not impose any significant burden beyond that required by statute. In addition, section 728 of the recently enacted “Financial Services Regulatory Relief Act of 2006” (Act) (Pub. L. No. 109-351) provides for the development of a model form for the disclosures. The model form, which may be used at the option of the financial institution, must: be comprehensible to consumers, with a clear format and design; provide for clear and conspicuous disclosures; enable consumers easily to identify the sharing practices of a financial institution and to compare privacy practices among financial institutions; and be succinct, and use an easily readable type font. Use of the model form should serve to minimize the burden under this collection.
6. Consequences to the Federal program if the collection were conducted less frequently:
The information collection requirements closely follow the Act, which requires institutions to provide an annual notice to their customers of their privacy policies and practices, and to permit customers to opt-out of the disclosure of their personal information. There is no flexibility under the Act to collect the information less frequently.
7. Special circumstances necessitating collection inconsistent with 5 CFR 1320:
This collection is conducted consistent with the requirements of 5 CFR 1320.
8. Efforts to consult with persons outside the agency:
The OCC requested comments on the proposed extension, without revision, of the information collections contained in the Privacy regulations on September 22, 2006, 71 FR 55545. No comments were received.
9. Payment to respondents:
Not applicable.
10. Any assurance of confidentiality:
Not applicable.
11. Justification for questions of a sensitive nature:
There are no questions of a sensitive nature.
Burden estimate:
The information collection requirements and burden estimate are as follows:
Cite and Burden Type |
Requirements in 12 CFR Part 40 |
Number of Respondents |
Average Hours Per Response |
Estimated Burden Hours |
12 CFR 40.4(a) Disclosure (institution) |
Initial privacy notice to consumers requirement – A bank must provide a clear and conspicuous notice that accurately reflects its privacy policies and practices to customers and consumers. |
50 |
80 |
4,000 |
12 CFR 40.5(a) Disclosure (institution)
12 CFR 40.8 Disclosure (institution) |
Annual privacy notice to customers requirement – A bank must provide a clear and conspicuous notice to customers that accurately reflects its privacy policies and practices not less than annually during the continuation of the customer relationship.
Revised privacy notices – If a bank wishes to disclose information in a way that is inconsistent with the notices previously given to a consumer, the bank must provide consumers with a revised notice of the bank’s policies and procedures and a new opt out notice. |
1,869 |
8 |
14,952 |
12 CFR 40.7(a) Disclosure (institution)
|
Form of opt out notice to consumers; opt out methods – Form of opt out notice – If a bank is required to provide an opt out notice under § 40.10(a), it must provide a clear and conspicuous notice to each of its consumers that accurately explains the right to opt out under that section. The notice must state:
Bank must provide reasonable opt out means such as by –
|
935 |
8 |
7,480 |
12 CFR 40.10(a) 12 CFR 40.10(c)
12 CFR 40.7(f) and (g)
Reporting (consumer)
|
Consumers must take affirmative actions to exercise their rights to prevent financial institutions from sharing their information with nonaffiliated parties –
Consumers may exercise continuing right to opt out – Consumer may opt out at any time. A consumer’s direction to opt out is effective until the consumer revokes it in writing or, if the consumer agrees, electronically. When a customer relationship terminates, the customer’s opt out direction continues to apply |
9,000,000 |
0.25 hours |
2,250,000 |
Total institution disclosure burden |
|
2,854 institution respondents |
|
26,432 hours |
Total consumer reporting burden |
|
9,000,000 consumer respondents |
|
2,250,000 hours |
Total burden |
|
9,002,854 respondents |
|
2,276,432 hours |
13. Estimate of annualized costs to respondents:
Institutions should be able to use readily available equipment to comply with the information collections. However, some software costs likely will be incurred to add the privacy notice and opt-out notice disclosures, probably to existing institution documents. Most institution documents of this nature are revised on a continuing basis. Therefore, whether the revisions are made in-house or through a servicer, the cost would be a usual and customary business practice.
14. Estimate of annualized costs to the Federal government:
Not applicable.
15. Changes in burden:
Nominal estimates were used previously due to the uncertainty of what institutions would do to comply with the opt-out requirements and how consumers would react. Based on the OCC’s past three years’ experience, the OCC believes that the prior estimate of the number of consumer respondents affected was too low. We estimate that between 2% and 12% of consumers with new mortgages or credit cards and 1% of consumers with deposit accounts under $100,000 will opt out.
Former burden:
2,449 institution respondents and responses; 481,950 consumer respondents and responses; 484,399 total respondents and responses
28,088 institution burden hours; 240,975 consumer burden hours; 269,063 total burden hours
New burden:
2,854 institution respondents and responses; 9,000,000 consumer respondents and responses; 9,002,854 total responses and respondents
26,432 institution burden hours; 2,250,000 consumer burden hours; 2,276,432 total burden hours
Difference:
+ 405 institution respondents and responses;
+ 8,518,455 consumer respondents and consumer responses
+ 2,007,369 burden hours (adjustment)
16. Information regarding information collections whose results are planned to be published for statistical use:
Not applicable.
17. Display of expiration date:
Not applicable.
18. Exceptions to certification statement:
None.
B. Collections of Information Employing Statistical Methods:
Not applicable.
| File Type | application/msword |
| File Title | Cite |
| Author | Administrator |
| Last Modified By | Mary.Gottlieb |
| File Modified | 2006-11-15 |
| File Created | 2006-05-01 |