Section 502 of the Gramm-Leach-Bliley
Act (GLB Act) (Pub. L. 106-102) generally prohibits a financial
institution from sharing nonpublic personal information about a
consumer with nonaffiliated third parties unless the institution
satisfies various disclosure requirements (including provision of
initial privacy notices, annual notices, notices of revisions to
the institution's privacy policy, and opt-out notices) and the
consumer has not elected to opt out of the information sharing. The
CFPB is promulgating regulations to implement the GLB Act's notice
requirements and restrictions on a financial institution's ability
to disclose nonpublic personal information about consumers to
nonaffiliated third parties.
The Bureau of Consumer
Financial Protection (CFPB) respectfully requests emergency
processing and approval of the collection of information discussed
below because the use of normal clearance procedures is reasonably
likely to prevent and disrupt an existing collection of
information. Subtitle A of Title V of the Gramm-Leach-Bliley Act
(GLB Act), captioned Disclosure of Nonpublic Personal
Information, limits the instances in which a financial institution
may disclose nonpublic personal information about a consumer to
nonaffiliated third parties and requires financial institutions to
provide certain privacy notices to their consumers and customers.
Historically, rulemaking authority for the privacy provisions of
the GLB Act has been shared by eight federal agencies: the Board of
Governors of the Federal Reserve System (Board), the Federal
Deposit Insurance Corporation (FDIC), the Federal Trade Commission
(FTC), the National Credit Union Administration (NCUA), the Office
of the Comptroller of the Currency (OCC), the Office of Thrift
Supervision (OTS), the Securities Exchange Commission (SEC), and
the Commodity Futures Trading Commission (CFTC). Each of the
agencies issued rules (which were consistent and comparable) to
implement the GLB Acts privacy provisions. The Dodd-Frank Wall
Street Reform and Consumer Protection Act (Dodd-Frank Act) amended
a number of consumer financial protection laws, including the GLB
Act. Among other changes, the Dodd-Frank Act transferred rulemaking
authority for most of Subtitle A of Title V of the GLB Act from the
Board, FDIC, FTC, NCUA, OCC, and OTS to the CFPB, effective July
21, 2011. In addition to the transfer of rulemaking authority under
the Dodd-Frank Act, the CFPB received certain enforcement
authorities with respect to the GLB Act. Pursuant to the Dodd-Frank
Act and the GLB Act, as amended, the CFPB is in the process of
publishing for public comment an interim final rule establishing a
new Regulation P (Privacy of Consumer Financial Information) in 12
CFR Part 1016, implementing those privacy provisions of the GLB Act
for which the CFPB has rulemaking authority. This interim final
rule substantially replicates the rules previously issued by the
transferor agencies, and will not impose any new substantive
obligations on regulated entities or any new information collection
requirements. As the CFPB now has enforcement authority over
certain populations that have been under the jurisdiction of other
agencies, the CFPB is requesting approval of a new OMB control
number for its collection activities under Regulation P. To prevent
disruptions of approved information collections, the CFPB is
requesting emergency processing and approval of the following
information collection request. Upon receipt of emergency approval
from the Office of Management and Budget, the CFPB will begin a
standard approval process for this collection and will seek public
input at that time.
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.
Supporting Statement for Regulation P 20111018 v2.doc
Consumer Opt-out Notice