3170-0010 GLB (P) 2015 renewal SS-30day-final

3170-0010 GLB (P) 2015 renewal SS-30day-final.pdf

Privacy of Consumer Financial Information (Regulation P) 12 CFR 1016

OMB: 3170-0010

Document [pdf]
Download: pdf | pdf
BUREAU OF CONSUMER FINANCIAL PROTECTION
PAPERWORK REDUCTION ACT SUBMISSION
INFORMATION COLLECTION REQUEST
SUPPORTING STATEMENT PART A
GRAMM-LEACH-BLILEY ACT
(REGULATION P) 12 CFR 1016
(OMB CONTROL NUMBER: 3170-0010)
OMB TERMS OF CLEARANCE:
Not applicable. The Office of Management and Budget (OMB) did not provide Terms of
Clearance when approved this information collection on July 25, 2012.
ABSTRACT:
Section 502 of the Gramm-Leach-Bliley Act (GLBA) (Pub. L. 106-102) generally
prohibits a financial institution from sharing nonpublic personal information about a consumer
with nonaffiliated third parties unless the institution satisfies various disclosure requirements
(including provision of initial privacy notices, annual notices, notices of revisions to the
institution's privacy policy, and opt-out notices) and the consumer has not elected to opt out of
the information sharing. The Consumer Financial Protection Bureau (CFPB) promulgated
regulation P 12 CFR 1016 to implement the GLB Act's notice requirements and restrictions on a
financial institution's ability to disclose nonpublic personal information about consumers to
nonaffiliated third parties.

A. JUSTIFICATION
1. Circumstances Necessitating the Data Collection
Regulation P implements the requirements of GLBA to provide consumers with financial
institutions’ privacy policies and practices, as well as describing when the consumer’s
information may be shared with nonaffiliated third parties, and provides a method for consumers
to prevent disclosure of their information to non-affiliated third parties by “opting out” of that
disclosure. Regulation P details the specifics of how GLBA should be implemented, which
companies and situations this applies to, and the method of delivering the information to
consumers.
Regulation P includes model forms that can be used to comply with the disclosure
requirements of the GLBA and Regulation P, although use of the model forms is not required.
See Appendix to Regulation P.

2. Use of the Information
Consumers use the privacy notice to determine whether they want personal information
disclosed to third parties that are not affiliated with the institution. Further, consumers use the
opt-out notice mechanism to advise the institution of their wishes regarding disclosure of their
personal information. Institutions use the opt-out information to determine the wishes of their
consumers and to act in accordance with their customers’ instructions.
The CFPB, the Federal Trade Commission (FTC), and the Prudential Regulators all
enforce against the requirements of Regulation P to ensure privacy notices are being mailed out
and that consumers’ preferences are being followed with respect to opting out of informationsharing.
3. Use of Information Technology
The information collections are disclosures, filings from consumers, and internal
institution records. Institutions are not prohibited from using any technology that facilitates
consumer understanding and response, and that permits review, as appropriate, by examiners.
4. Efforts to Identify Duplication
The collections of information are unique and cover the institution’s particular
circumstances. No duplication exists with any other federal information collection or program.
5. Efforts to Minimize Burdens on Small Entities
The information collection requirements of the regulation do not impose any significant
burden beyond that required by statute. In addition, as directed by section 728 of the “Financial
Services Regulatory Relief Act of 2006” (Pub. L. No. 109-351), section 1016.2 and Appendix A
provide a model form for the disclosures, which may be used at the option of the financial
institution. Use of the model form should minimize the burden of this collection. Further, in
2014, the Bureau issued a rule Published October 28, 2014 at 79 FR 64057, to allow financial
institutions to use an alternative delivery method to provide annual privacy notices through
posting the annual notices on their Web sites if they meet certain conditions. Use of the
alternative delivery method should also minimize the burden of this collection.
6. Consequences of Less Frequent Collection and Obstacles to Burden Reduction
The information collection requirements closely follow the GLB Act, which requires
institutions to provide an annual notice of their privacy policies and practices to their customers,
and to permit customers to opt-out of the disclosure of their personal information. There is no
flexibility under the GLB Act to collect the information less frequently.
7. Circumstances Requiring Special Information Collection
Not applicable. The collections of information in Regulation P are consistent with the
applicable guidelines contained in 5 CFR 1320.5(d)(2).

2

8. Consultation Outside the Agency
In accordance with 5 CFR §1320.8(d)(1), the Bureau has published a notice in the
Federal Register allowing the public 60 days to comment on the proposed extension (renewal) of
this currently approved collection of information. Two comments were received, however
neither was related to PRA estimates or calculations, and so will not be responded to here.
Further and in accordance with 5 CFR §1320.5(a)(1)(iv), the Bureau has also published a notice
in the Federal Register allowing the public 30 days to comment on the submission of this
information collection request to the Office of Management and Budget.
9. Payments or Gifts to Respondents
No payments or gifts are provided to respondents.
10. Assurances of Confidentiality
The recordkeeping and written disclosure requirements contain private information about
consumers who opt out of disclosure of their information to third-parties. Such information is
protected by the Right to Financial Privacy Act, 12 U.S.C. 3401 et seq. Such records may also
constitute confidential customer lists. However, there is no part of the rule that mandates
information collection by the CFPB.
To the extent that information covered by a requirement of Regulation P is collected by
the CFPB for law enforcement purposes, the confidentiality provisions of CFPB’s rules on
Disclosure of Records and Information, 12 CFR Part 1070, would apply.
11. Justification for Sensitive Questions
Regulation P requires institutions to ascertain whether consumers want to opt out of
third-party information sharing, which can constitute a collection of sensitive information. This
requirement is necessary to ensure consumers are given an option about what is done with their
personal financial information, and is used for consumers’ protection and privacy.

12. Estimated Burden of Information Collection
Hours: 366,134
Exhibit 1: Burden Hour Summary
Information
Collection
Requirement
Initial Notice
§1016.4(a)

All Bureau Respondents (DI and Non-DI)
Average
No. of
Annual
Annual Response
Time
Respondents Frequency Responses
(hrs.)
2,105

1

2,105

3

14.5

Bureau Portion
Annual
Burden
Hours

Annual
Responses

Average
Response
Time

Annual
Burden
Hours

30,523

1,055

14.5

15,298

Annual and Revised
Notices and OptOut Notice
§1016.5(d),
§1016.7, §1016.8
Consumer Opt-Out
Notice
§1016.7
Changes to Privacy
Policies and
Disclosures
(Ongoing)
§1016.8
Creating Disclosure
Documents
Reviewing Internal
GLBA Policies
(Initial)
Reviewing Internal
GLBA Policies
(Ongoing)
Totals:

29,544

1

29,544

7.28

215,054

14,844

11

157,482

29,544

14.66

433,216

0.25

108,304

433,216

0.25

108,304

420

1

420

10

4,200

210

10

2,100

2,100

1

2,100

3

6,300

1,050

3

3,150

2,100

1

2,100

20

42,000

1,050

20

21,000

29,400

1

29,400

4

117,600

14,700

4

58,800

29,544

466,125

366,134

For PRA purposes, the CFPB assumes all burden for depository institutions with
more than $10 billion in assets as well as their affiliates, for which CFPB has primary
enforcement authority with respect to regulation P. In addition, the CFPB and Federal Trade
Commission (FTC) share enforcement authority for those non-depository institutions subject
to the CFPB’s regulation P.
Associated Labor Costs: $14,046,529
The Bureau used an overall hourly average wage of $38.36 for the burden associated with
these information collections, which multiplied by the CFPB burden hours amounts to
$14,046,529 in labor costs. Specifically, the Bureau estimates on average each hour requires
20% administration at $16.99/hour, 45% management at $37.79/hour, 20% senior management
at $48.87/hour, and 15% legal at $54.58/hour. 1
13. Estimated Total Annual Cost Burden to Respondents or Recordkeepers
There are no additional materials costs for this regulation.

1

See respectively http://www.bls.gov/ooh/office-and-administrative-support/secretaries-and-administrativeassistants.htm, http://www.bls.gov/ooh/business-and-financial/management-analysts.htm,
http://www.bls.gov/ooh/management/top-executives.htm, http://www.bls.gov/ooh/legal/lawyers.htm.

4

14. Estimated Cost to the Federal Government
As the CFPB does not collect any information, there are no additional costs to the Federal
Government.
15. Program Changes or Adjustments
Exhibit 3: Summary of Burden Changes table

Total Requested
Current OMB Inventory

Total
Annual Responses Burden Hours
Respondents
29,544
466,125
366,134
13,100
467,213
254,096

Cost Burden
(O & M)
$0
$0

+16,444

-1,088

+112,038

$0

Program Change

0

0

0

$0

Discretionary

0

0

0

$0

Due to New Statute

0

0

0

$0

Violation

0

0

0

$0

Adjustment

+16,444

-1,088

+112,038

$0

Difference (+/-)

Analysis by the Bureau of previously stated burden shows that the initial total burden was
112,038 hours greater than previous stated. Thus, the Bureau is adjusting the current burden to
be (254,096 + 112,038) = 366,134 hours.
The change in the number of respondents reflects an improved methodology of
calculation, and therefore the new requests should be seen as a more accurate representation of
the true effect of Regulation P.
16. Plans for Tabulation, Statistical Analysis, and Publication
There are no plans to provide any publications based on the information collection of this
regulation.
17. Display of Expiration Date
The OMB control number and expiration date associated with this PRA submission will
be displayed on the Federal government’s electronic PRA docket at www.reginfo.gov, as well as
in the Federal Register Notice of the submission. Inasmuch as all forms associated with this
collection are model forms and therefore their use is voluntary, the display of the OMB control
number would not be appropriate on them
18. Exceptions to the Certification Requirement
The Bureau certifies that this collection of information is consistent with the requirements
of 5 CFR 1320.9, and the related provisions of 5 CFR 1320.8(b)(3) and is not seeking an
exemption to these certification requirements.
5


File Typeapplication/pdf
AuthorKane, Arland (CFPB)
File Modified2015-07-13
File Created2015-07-13

© 2024 OMB.report | Privacy Policy