Supporting Statement
Privacy of Consumer Financial information
3064-0136
Introduction. The FDIC is requesting a three-year extension, without change in the method or substance of the collection, of OMB's approval of the information collection captioned above. The current clearance expires on September 30, 2009. The information collection requirements are as follows:
Section 332.4(a) requires a bank to provide an initial notice to consumers that accurately reflects its privacy policies and practices.
Section 332.5(a) requires a bank to provide a notice annually to customers during the continuation of the customer relationship that accurately reflects the bank’s privacy policies and practices.
Section 332.7(a)(1) requires a bank to provide a clear and conspicuous notice that accurately explains the right to opt out. The notice must state that the bank discloses or reserves the right to disclose nonpublic personal information to nonaffiliated third parties; that the consumer has the right to opt out of that disclosure; and a reasonable means by which the consumer may exercise the opt-out right.
Section 332.10(c) states that a bank may allow a consumer to select certain nonpublic personal information or certain nonaffiliated third parties with respect to which the consumer wishes to opt out (partial opt-out).
Section 332.8(a) requires a bank to provide consumers with a revised notice of the bank’s policies and procedures and a new opt-out notice, if the bank wishes to disclose information in a way that is inconsistent with the notices previously given to a consumer.
The regulation also identifies affirmative actions that consumers must take to exercise their rights. In order for consumers to prevent banks from sharing their information with nonaffiliated parties, they must opt out (§§ 332.7(a)(2)(ii), 332.10(a)(2) and 332.10(c)).
Consumers also have the right at any time during their continued relationship with the bank to change or update their opt-out status with the bank (§§ 332.7(f) and (g)).
A. Justification
1. Circumstances and Need
The elements of this information collection are required under section 504 of the Gramm-Leach-Bliley Act (Act), Public Law No. 106-102. Section 502 of the Act prohibits a financial institution from disclosing nonpublic personal information about a consumer to nonaffiliated third parties unless the institution satisfies various disclosure requirements (i.e., provides a privacy notice and opt out notice) and the consumer has not elected to opt out of the disclosure. Section 504 requires the Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, Office of Thrift Supervision, National Credit Union Administration, Federal Trade Commission, and Securities and Exchange Commission to issue regulations as necessary to implement the notice requirements and restrictions. The agencies issued final regulations on June 1, 2000 (65 FR 35162, enclosed), and obtained OMB approval to collect the information in conjunction with that rulemaking.
2. Use of Information Collected
Consumers use the privacy notice information to determine whether they want personal information disclosed to third parties that are not affiliated with the institution. Further, consumers use the opt-out notice mechanism to advise the bank of their wishes regarding disclosure of their personal information. Institutions use the opt-out information to determine the wishes of their consumers and to act appropriately.
3. Use of Technology to Reduce Burden
The collections are disclosures, filings from consumers, and internal institution records. Institutions are not prohibited from using any technology that facilitates consumer understanding and response and that permits review, as appropriate, by examiners.
4. Efforts to Identify Duplication
The collections of information are unique and cover the institution’s particular circumstances. No duplication exists.
5. Minimizing the Burden on Small Banks
The information collections do not impose any significant burden beyond that required by the statute. Because of the statutory requirements, there are no significant alternatives that minimize burden on small institutions.
6. Consequences of Less Frequent Collections
The collection in the regulation closely follows the Act, which requires institutions to provide an updated and annually restated notice to their customers of their privacy policies and practices, and to permit consumers to opt-out of disclosure of their personal information.
7. Special Circumstances
There are no special circumstances. This information collection is conducted in a manner consistent with the requirements of 5 CFR Part 1320.
8. Consultation with Persons Outside the FDIC
Before submitting this request to OMB, the FDIC published a Federal Register notice (74 FR 24852 (May 26, 2009)), pursuant to requirements of the Paperwork Reduction Act, seeking comment on the information collection for a 60-day period. No comments were received.
9. Payment or Gift to Respondents
Not applicable.
10. Confidentiality
Not applicable.
11. Questions of a Sensitive Nature
No questions of a sensitive nature are involved.
12. Estimates of Annualized Hour Burden and Associated Cost
Hour burden estimate for state chartered nonmember banks:
Estimated annual number of institution respondents: Initial notice, 208; annual notice and change in terms, 5,138; opt-out notice, 873.
Estimated average time per response per institution: Initial notice, 80 hours; annual notice and change in terms, 8 hours; opt-out notice, 8 hours.
Subtotal, annual burden hours for institutions: 64,728 hours.
Estimated annual number of consumer respondents: 223,475.
Estimated average time per consumer response: 30 minutes.
Subtotal, annual burden hours for consumers: 111,738 hours.
Total annual burden hours: 176,466 hours.
Cost burden estimate:
The following is an estimate of the annualized dollar cost to state chartered nonmember banks of the hour burden for this collection of information broken down by wage rate categories.
Clerical: 25 % of 64,728 hours = 16,182 hours @ $20 = $323,640
Managerial/Technical: 40 % of 64,728 hours = 25,891 hours @ $40 = $1,035,640
Senior Management/Professional: 25 % of 64,728 hours = 16,182 hours @ $ 80 = $1,294,560
Legal: 10 % of 64,728 hours = 6,473 hours @ $100 = $647,300
Total estimated dollar cost: $3,301,140
13. Capital/Start-up and Operation/Maintenance Costs
Institutions should be able to use readily available equipment to comply with the information collections in the joint NPRM. Most institution documents of this nature are revised on a continuing basis. Therefore, whether the revisions are made in-institution or through a servicer, the cost would be a part of usual and customary business practice.
14. Annualized cost to the Federal Government
Not applicable.
15. Reason for Change in Burden
There is no change in burden.
16. Publication
These are disclosures from institutions to consumers and filings from consumers to institutions. The Agencies are not collecting data. Therefore, they have no information to publish and no plans to publish any data for statistical or other purposes.
17. Display of Expiration Dates
Since these information collections are contained in a rule, the expiration date will not be displayed.
18. Exceptions to Certification
Not applicable.
B. STATISTICAL METHODS
Not applicable.
File Type | application/msword |
File Title | Supporting Statement |
Author | FDIC |
Last Modified By | leneta gregorie |
File Modified | 2009-08-10 |
File Created | 2009-06-04 |