Supporting Statement
OMB Control Number 1557-0216
Privacy of Consumer Financial Information
A. Justification
1. Circumstances that make the collection necessary:
The Gramm-Leach-Bliley Act (Act) (Pub. L. 106-102) requires this information collection. The Consumer Financial Protection Bureau’s regulation implements the Act’s notice requirements and restrictions on a financial institution’s ability to disclose nonpublic personal information about consumers to nonaffiliated third parties.
2. Use of the information:
Consumers use the privacy notice to determine whether they want personal information disclosed to third parties that are not affiliated with the institution. Further, consumers use the opt-out notice mechanism to advise the bank of their wishes regarding disclosure of their personal information. Institutions use the opt-out information to determine the wishes of their consumers and act in accordance with their customers’ instructions.
The information collection requirements in part 1016 are as follows:
§ 1016.4(a) - Initial privacy notice to consumers requirement – A national bank or federal savings association must provide a clear and conspicuous notice to customers and consumers that accurately reflects its privacy policies and practices.
§ 1016.5(a)(1) - Annual privacy notice to customers requirement – A national bank or federal savings association must provide a clear and conspicuous notice to customers that accurately reflects its privacy policies and practices not less than annually during the continuation of the customer relationship.
§ 1016.8 - Revised privacy notices – A national bank or federal savings association must not disclose any nonpublic personal information to a nonaffiliated third party in a way that is inconsistent with the notices previously given to a consumer unless the institution has provided the consumer with a clear and conspicuous revised notice of the institution’s policies and practices, the institution has provided the consumer with a new opt out notice, the institution has given the consumer a reasonable opportunity to opt out of the disclosure, and the consumer has not opted out.
§ 1016.7(a) - Form of opt out notice to consumers; opt out methods - Form of opt out notice – If a national bank or federal savings association is required to provide an opt-out notice under § 1016.10(a), it must provide each of its consumers with a clear and conspicuous notice that accurately explains the right to opt out under that section. The notice must state:
That the national bank or federal savings association discloses or reserves the right to disclose nonpublic personal information about its consumer to a nonaffiliated third party;
That the consumer has the right to opt out of that disclosure; and
A reasonable means by which the consumer may exercise the opt out right.
A national bank or federal savings association provides a reasonable means to exercise an opt out right if it:
Designates check-off boxes on the relevant forms with the opt out notice;
Includes a reply form with the opt out notice;
Provides an electronic means to opt out; or
Provides a toll-free number that consumers may call to opt out.
§§ 1016.10(a) (1) and (2) and 1016.10(c) - Limits on disclosure of nonpublic personal information to nonaffiliated parties – A national bank or federal savings association may not disclose any nonpublic personal information about a consumer to a nonaffiliated third party unless the institution has provided the consumer with an initial notice under § 1016.4, the institution has provided the consumer with a opt out notice, the institution has given the consumer a reasonable opportunity to opt out of the disclosure, and the consumer has not opted out. A customer may direct one of the following forms of opt out:
Opt out – Consumers may direct that the national bank or federal savings association not disclose nonpublic personal information about them to a nonaffiliated third party, other than permitted by §§ 1016.13-1016.15.
Partial opt out – Consumer may exercise partial opt out rights by selecting certain nonpublic personal information or certain nonaffiliated third parties with respect to which the consumer wishes to opt out.
§§ 1016.7(h) and 1016.7(i) - Continuing right to opt out and Duration of right to opt out-- A consumer may exercise the right to opt out at any time. A consumer’s direction to opt out is effective until the consumer revokes it in writing or, if the consumer agrees, electronically. When a customer relationship terminates, the customer’s opt out direction continues to apply to the nonpublic personal information collected during or related to that relationship. If the consumer subsequently establishes a new customer relationship with the institution, the opt out direction that applied to the former relationship does not apply to the new relationship.
3. Consideration of the use of improved information technology:
The collections are disclosures, filings from consumers, and internal institution records. Institutions are not prohibited from using any technology that facilitates consumer understanding and response, and that permits review, as appropriate, by examiners.
4. Efforts to identify duplication:
The collections of information are unique and cover the institution’s particular circumstances. No duplication exists.
5. If the collection of information impacts small businesses or other small entities, describe any methods used to minimize burden.
There are no alternatives that would result in lowering the burden on small institutions, while still accomplishing the purpose of the rule.
6. Consequences to the federal program if the collection were conducted less frequently:
The information collection requirements closely follow the Act, which requires institutions to provide an annual notice of their privacy policies and practices to their customers, and to permit customers to opt-out of the disclosure of their personal information. There is no flexibility under the Act to collect the information less frequently.
7. Special circumstances necessitating collection inconsistent with 5 CFR part 1320:
This collection is conducted consistent with the requirements of 5 CFR part 1320.
8. Efforts to consult with persons outside the agency:
The OCC published a notice regarding this collection on May 31, 2022, 87 FR 32496. No comments were received.
9. Payment to respondents:
Not applicable.
10. Any assurance of confidentiality:
Not applicable.
11. Justification for questions of a sensitive nature:
There are no questions of a sensitive nature.
Burden estimate:
The information collection requirements and burden estimate are as follows:
Cite and Burden Type |
Requirements in 12 CFR Part 1016 |
Number of Respondents |
Average Hours Per Response |
Estimated Burden Hours |
12 CFR 1016.4(a) Disclosure (institution) |
Initial privacy notice to consumers requirement – A bank must provide a clear and conspicuous notice that accurately reflects its privacy policies and practices to customers and consumers. |
3 |
80 |
240 |
12 CFR 1016.5(a)(1) Disclosure (institution)
12 CFR 1016.8 Disclosure (institution) |
Annual privacy notice to customers requirement – A bank must provide a clear and conspicuous notice to customers that accurately reflects its privacy policies and practices not less than annually during the continuation of the customer relationship.
Revised privacy notices – If a bank wishes to disclose information in a way that is inconsistent with the notices previously given to a consumer, the bank must provide consumers with a revised notice of the bank’s policies and procedures and a new opt out notice and also provide the consumer with a reasonable opportunity to opt out. |
1,106 |
8 |
8,848 |
12 CFR 1016.7(a) Disclosure (institution)
|
Form of opt out notice to consumers; opt out methods – Form of opt out notice – If a bank is required to provide an opt out notice under § 1016.10(a), it must provide a clear and conspicuous notice to each of its consumers that accurately explains the right to opt out under that section. The notice must state:
A bank provides a reasonable means to exercise an opt out right if it:
|
553 |
8 |
4,424 |
12 CFR 1016.10(a)(1) and (2) 12 CFR 1016.10(c)
12 CFR 1016.7(h) and (i)
Reporting (consumer)
|
Limits on disclosure of nonpublic personal information to nonaffiliated parties – A national bank or federal savings association may not disclose any nonpublic personal information about a consumer to a nonaffiliated third party unless the institution has provided the consumer with an initial notice under § 1016.4, the institution has provided the consumer with a opt out notice, the institution has given the consumer a reasonable opportunity to opt out of the disclosure, and the consumer has not opted out. A customer may direct one of the following forms of opt out:
Continuing right to opt out and Duration of right to opt out – A consumer may opt out at any time. A consumer’s direction to opt out is effective until the consumer revokes it in writing or, if the consumer agrees, electronically. When a customer relationship terminates, the customer’s opt out direction continues to apply. If the consumer subsequently establishes a new customer relationship with the institution, the opt out direction that applied to the former relationship does not apply to the new relationship. |
2,449,997 |
0.25 hours |
612,499.25 |
Total burden |
|
2,451,659 respondents |
|
626,011.25 hours |
Cost of Hour Burden: 626,011.25 x $119.63 = $74,889,725.84
To estimate wages the OCC reviewed May 2021 data for wages (by industry and occupation) from the U.S. Bureau of Labor Statistics (BLS) for credit intermediation and related activities (NAICS 5220A1). To estimate compensation costs associated with the rule, the OCC uses $119.63 per hour, which is based on the average of the 90th percentile for six occupations adjusted for inflation (6.1 percent as of Q1 2022), plus an additional 32.8 percent for benefits (based on the percent of total compensation allocated to benefits as of Q4 2021 for NAICS 522: credit intermediation and related activities).
13. Estimate of annualized costs to respondents:
Not applicable.
14. Estimate of annualized costs to the Federal Government:
Not applicable.
15. Changes in burden:
There is no change in burden.
16. Information regarding information collections whose results are planned to be published for statistical use:
Not applicable.
17. Display of expiration date:
Not applicable.
18. Exceptions to certification statement:
None.
B. Collections of Information Employing Statistical Methods:
Not applicable.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| File Title | Cite |
| Author | Administrator |
| File Modified | 0000-00-00 |
| File Created | 2022-08-09 |