Supporting Statement
OMB Control Number 1557-0216
Privacy of Consumer Financial Information (12 CFR 40)
A. Justification
1. Circumstances that make the collection necessary:
The Gramm-Leach-Bliley Act (Act) (Pub. L. 106-102) requires this information collection. The OCC issued regulations to implement the Act’s notice requirements and restrictions on a financial institution’s ability to disclose nonpublic personal information about consumers to nonaffiliated third parties.
2. Use of the information:
Consumers use the privacy notice to determine whether they want personal information disclosed to third parties that are not affiliated with the institution. Further, consumers use the opt-out notice mechanism to advise the bank of their wishes regarding disclosure of their personal information. Institutions use the opt-out information to determine the wishes of their consumers and to act in accordance with their customers’ instructions.
3. Consideration of the use of improved information technology:
The collections are disclosures, filings from consumers, and internal institution records. Institutions are not prohibited from using any technology that facilitates consumer understanding and response, and that permits review, as appropriate, by examiners.
4. Efforts to identify duplication:
The collections of information are unique and cover the institution’s particular circumstances. No duplication exists.
5. Methods used to minimize burden if the collection has a significant impact on a substantial number of small entities:
The information collection requirements do not impose any significant burden beyond that required by statute. In addition, section 728 of the recently enacted “Financial Services Regulatory Relief Act of 2006” (Act) (Pub. L. No. 109-351) provides for the development of a model form for the disclosures. The model form, which may be used at the option of the financial institution, must: be comprehensible to consumers with a clear format and design; provide for clear and conspicuous disclosures; enable consumers easily to identify the sharing practices of a financial institution and to compare privacy practices among financial institutions; be succinct; and use an easily readable type font. Use of the model form should minimize the burden of this collection.1
6. Consequences to the Federal program if the collection were conducted less frequently:
The information collection requirements closely follow the Act, which requires institutions to provide an annual notice of their privacy policies and practices to their customers, and to permit customers to opt-out of the disclosure of their personal information. There is no flexibility under the Act to collect the information less frequently.
7. Special circumstances necessitating collection inconsistent with 5 CFR 1320:
This collection is conducted consistent with the requirements of 5 CFR 1320.
8. Efforts to consult with persons outside the agency:
The OCC requested comments on the proposed extension of the information collection requirements contained in the regulation governing the Privacy of Consumer Financial Information on November 3, 2009. 74 FR 56923. No comments were received.
9. Payment to respondents:
Not applicable.
10. Any assurance of confidentiality:
Not applicable.
11. Justification for questions of a sensitive nature:
There are no questions of a sensitive nature.
Burden estimate:
The information collection requirements and burden estimate are as follows:
Cite and Burden Type |
Requirements in 12 CFR Part 40 |
Number of Respondents |
Average Hours Per Response |
Estimated Burden Hours |
12 CFR 40.4(a) Disclosure (institution) |
Initial privacy notice to consumers requirement – A bank must provide a clear and conspicuous notice that accurately reflects its privacy policies and practices to customers and consumers. |
11 |
80 |
880 |
12 CFR 40.5(a) Disclosure (institution)
12 CFR 40.8 Disclosure (institution) |
Annual privacy notice to customers requirement – A bank must provide a clear and conspicuous notice to customers that accurately reflects its privacy policies and practices not less than annually during the continuation of the customer relationship. Revised privacy notices – If a bank wishes to disclose information in a way that is inconsistent with the notices previously given to a consumer, the bank must provide consumers with a revised notice of the bank’s policies and procedures and a new opt out notice. |
1,625 |
8 |
13,000 |
12 CFR 40.7(a) Disclosure (institution)
|
Form of opt out notice to consumers; opt out methods – Form of opt out notice – If a bank is required to provide an opt out notice under § 40.10(a), it must provide a clear and conspicuous notice to each of its consumers that accurately explains the right to opt out under that section. The notice must state:
A bank provides a reasonable means to exercise an opt out right if it:
|
813 |
8 |
6,504 |
12 CFR 40.10(a) 12 CFR 40.10(c)
12 CFR 40.7(f) and (g)
Reporting (consumer)
|
Consumers must take affirmative actions to exercise their rights to prevent financial institutions from sharing their information with nonaffiliated parties –
Consumers may exercise continuing right to opt out – Consumer may opt out at any time. A consumer’s direction to opt out is effective until the consumer revokes it in writing or, if the consumer agrees, electronically. When a customer relationship terminates, the customer’s opt out direction continues to apply. |
15,028,802 |
0.25 hours |
3,757,200.5 |
Total institution disclosure burden |
|
2,449 institution respondents |
|
20,384 hours |
Total consumer reporting burden |
|
15,028,802 consumer respondents |
|
3,757,200.5 hours |
Total burden |
|
15,031,251 respondents |
|
3,777,584.5 hours |
13. Estimate of annualized costs to respondents:
Institutions should be able to use readily available equipment to comply with the information collections. However, some software costs likely will be incurred to add the privacy notice and opt-out notice disclosures to existing institution documents. Most institution documents of this nature are revised on a continuing basis. Therefore, whether the revisions are made in-house or through a servicer, the cost would be a usual and customary business practice.
14. Estimate of annualized costs to the Federal government:
Not applicable.
15. Changes in burden:
Former burden:
2,854 institution respondents and responses; 9,000,000 consumer respondents and responses; 9,002,854 total responses and respondents
26,432 institution burden hours; 2,250,000 consumer burden hours; 2,276,432 total burden hours
New burden:
2,449 institution respondents and responses; 15,028,802 consumer respondents and responses; 15,031,251 total responses and respondents
20,384 institution burden hours; 3,757,200.5 consumer burden hours; 3,777,584.5 total burden hours
Difference:
- 405 institution respondents and responses
+ 6,028,802 consumer respondents and responses
+ 6,028,397 total responses and respondents
- 6,048 institution burden hours
+ 1,507,200.5 consumer reporting burden
+ 1,501,152.5 burden hours (adjustment)
16. Information regarding information collections whose results are planned to be published for statistical use:
Not applicable.
17. Display of expiration date:
Not applicable.
18. Exceptions to certification statement:
None.
B. Collections of Information Employing Statistical Methods:
Not applicable.
1 The model form and its implementing regulations were published on December 1, 2009. 74 FR 62889.
| File Type | application/msword |
| File Title | Cite |
| Author | Administrator |
| Last Modified By | OCC |
| File Modified | 2009-12-03 |
| File Created | 2009-08-14 |