Supporting Statement
OMB Control Number 1557-0216
Privacy of Consumer Financial Information (12 CFR 1016)
A. Justification
1. Circumstances that make the collection necessary:
The Gramm-Leach-Bliley Act (Act) (Pub. L. 106-102) requires this information collection. The Consumer Financial Protection Bureau’s regulation implements the Act’s notice requirements and restrictions on a financial institution’s ability to disclose nonpublic personal information about consumers to nonaffiliated third parties.
2. Use of the information:
Consumers use the privacy notice to determine whether they want personal information disclosed to third parties that are not affiliated with the institution. Further, consumers use the opt-out notice mechanism to advise the bank of their wishes regarding disclosure of their personal information. Institutions use the opt-out information to determine the wishes of their consumers and to act in accordance with their customers’ instructions.
The information collection requirements in part 1016 are as follows:
§ 1016.4(a) - Disclosure (institution) - Initial privacy notice to consumers requirement – A national bank or Federal savings association must provide a clear and conspicuous notice to customers and consumers that accurately reflects its privacy policies and practices.
§ 1016.5(a)(1) - Disclosure (institution) - Annual privacy notice to customers requirement – A national bank or Federal savings association must provide a clear and conspicuous notice to customers that accurately reflects its privacy policies and practices not less than annually during the continuation of the customer relationship.
§ 1016.8 - Disclosure (institution) - Revised privacy notices – Before a national bank or Federal savings association discloses information in a way that is inconsistent with the notices previously given to a consumer, the institution must provide the consumer with a clear and conspicuous revised notice of the institution’s policies and procedures, provide the consumer with a new opt out notice, give the consumer a reasonable opportunity to opt out of the disclosure, and the consumer must not opt out.
§ 1016.7(a) - Disclosure (institution) - Form of opt out notice to consumers; opt out methods - Form of opt out notice – If a national bank or Federal savings association is required to provide an opt-out notice under § 1016.10(a), it must provide each of its consumers with a clear and conspicuous notice that accurately explains the right to opt out under that section. The notice must state:
That the national bank or Federal savings association discloses or reserves the right to disclose nonpublic personal information about its consumer to a nonaffiliated third party;
That the consumer has the right to opt out of that disclosure; and
A reasonable means by which the consumer may exercise the opt out right.
A national bank or Federal savings association provides a reasonable means to exercise an opt out right if it:
Designates check-off boxes on the relevant forms with the opt out notice;
Includes a reply form with the opt out notice;
Provides electronic means to opt out; or
Provides a toll-free number to opt out.
§§ 1016.10(a)(2) and 1016(c) - Consumers must take affirmative actions to exercise their rights to prevent financial institutions from sharing their information with nonaffiliated parties –
Opt out – Consumers may direct that the national bank or Federal savings association not disclose nonpublic personal information about them to a nonaffiliated third party, other than permitted by §§ 1016.13-1016.15.
Partial opt out – Consumer also may exercise partial opt out rights by selecting certain nonpublic personal information or certain nonaffiliated third parties with respect to which the consumer wishes to opt out.
§§ 1016.7(h) and 1016(i) - Reporting (consumer) – Duration of right to opt out – Continuing right to opt out – A consumer may exercise the right to opt out at any time. A consumer’s direction to opt out is effective until the consumer revokes it in writing or, if the consumer agrees, electronically. When a customer relationship terminates, the customer’s opt out direction continues to apply to the nonpublic personal information collected during or related to that relationship.
3. Consideration of the use of improved information technology:
The collections are disclosures, filings from consumers, and internal institution records. Institutions are not prohibited from using any technology that facilitates consumer understanding and response, and that permits review, as appropriate, by examiners.
4. Efforts to identify duplication:
The collections of information are unique and cover the institution’s particular circumstances. No duplication exists.
5. Methods used to minimize burden if the collection has a significant impact on a substantial number of small entities:
The information collection requirements do not impose any significant burden beyond that required by statute.
6. Consequences to the Federal program if the collection were conducted less frequently:
The information collection requirements closely follow the Act, which requires institutions to provide an annual notice of their privacy policies and practices to their customers, and to permit customers to opt-out of the disclosure of their personal information. There is no flexibility under the Act to collect the information less frequently.
7. Special circumstances necessitating collection inconsistent with 5 CFR 1320:
This collection is conducted consistent with the requirements of 5 CFR 1320.
8. Efforts to consult with persons outside the agency:
The OCC published a notice regarding this collection on February 8, 2016, 81 FR 6595. No comments were received.
9. Payment to respondents:
Not applicable.
10. Any assurance of confidentiality:
Not applicable.
11. Justification for questions of a sensitive nature:
There are no questions of a sensitive nature.
Burden estimate:
The information collection requirements and burden estimate are as follows:
Cite and Burden Type |
Requirements in 12 CFR Part 1016 |
Number of Respondents |
Average Hours Per Response |
Estimated Burden Hours |
12 CFR 1016.4(a) Disclosure (institution) |
Initial privacy notice to consumers requirement – A bank must provide a clear and conspicuous notice that accurately reflects its privacy policies and practices to customers and consumers. |
3 |
80 |
240 |
12 CFR 1016.5(a)(1) Disclosure (institution)
12 CFR 1016.8 Disclosure (institution) |
Annual privacy notice to customers requirement – A bank must provide a clear and conspicuous notice to customers that accurately reflects its privacy policies and practices not less than annually during the continuation of the customer relationship.
Revised privacy notices – If a bank wishes to disclose information in a way that is inconsistent with the notices previously given to a consumer, the bank must provide consumers with a revised notice of the bank’s policies and procedures and a new opt out notice. |
1,392 |
8 |
11,1361 |
12 CFR 1016.7(a) Disclosure (institution)
|
Form of opt out notice to consumers; opt out methods – Form of opt out notice – If a bank is required to provide an opt out notice under § 1016.10(a), it must provide a clear and conspicuous notice to each of its consumers that accurately explains the right to opt out under that section. The notice must state:
A bank provides a reasonable means to exercise an opt out right if it:
|
696 |
8 |
5,568 |
12 CFR 1016.10(a)(2) 12 CFR 1016.10(c)
12 CFR 1016.7(h) and (i)
Reporting (consumer)
|
Consumers must take affirmative actions to exercise their rights to prevent financial institutions from sharing their information with nonaffiliated parties –
Consumers may exercise continuing right to opt out – Consumer may opt out at any time. A consumer’s direction to opt out is effective until the consumer revokes it in writing or, if the consumer agrees, electronically. When a customer relationship terminates, the customer’s opt out direction continues to apply. |
2,705,358 |
0.25 hours |
676,340 |
Total burden |
|
2,706,750 respondents |
|
693,284 hours |
13. Estimate of annualized costs to respondents:
Not applicable.
14. Estimate of annualized costs to the Federal government:
Not applicable.
15. Changes in burden:
Former burden:
2,528,595 respondents; 653,461 hours
New burden:
2,706,750 respondents; 693,284 hours
Difference:
+ 178,155 respondents; + 39,823 hours
The increase in burden is due to the increase in the number of deposit accounts.
16. Information regarding information collections whose results are planned to be published for statistical use:
Not applicable.
17. Display of expiration date:
Not applicable.
18. Exceptions to certification statement:
None.
B. Collections of Information Employing Statistical Methods:
Not applicable.
1 On, December 4, 2015, the FAST Act (Pub. L. 114-94, Section 75001) was enacted, which amended the Gramm-Leach-Bliley Act (15 U.S.C. 6803) to exempt financial institutions from issuing a mandatory annual privacy notice if there has been no change in the disclosures required to be included in the institution’s privacy policy from those that were provided in the most recent prior privacy policy notice and the institutions is not sharing nonpublic personal information with nonaffiliated third parties except pursuant to the exceptions in the existing law. It is unclear how many institutions will avail themselves of this exemption and, therefore, we have used a conservative burden estimate that does not take into consideration the recent enactment of the FAST Act. We will continue to monitor these notices and adjust our burden estimate, as necessary.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| File Title | Cite |
| Author | Administrator |
| File Modified | 0000-00-00 |
| File Created | 2021-01-24 |