AGENCY:

National Credit Union Administration (NCUA).

ACTION:

Notice and request for comment.

SUMMARY:

NCUA, as part of its continuing effort to reduce paperwork and respondent burden, invites the general public and other Federal agencies to comment on the submission for reinstatement of a previously approved collection, as required by the Paperwork Reduction Act of 1995 (Pub. Start Printed Page 43265L. 104-13, 44 U.S.C. Chapter 35). NCUA is soliciting comment on the reinstatement of the information collection described below.

DATES:

Comments should be received on or before August 30, 2016 to be assured consideration.

ADDRESSES:

Interested persons are invited to submit written comments on the information collection to Troy Hillier, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428; Fax No. 703-837-2861; or Email at PRAComments@ncua.gov.

FOR FURTHER INFORMATION CONTACT:

Requests for additional information should be directed to the address above.

SUPPLEMENTARY INFORMATION:

I. Abstract and Request for Comments

Title V, Subtitle A of the Gramm-Leach-Bliley Act (Act), Public Law 106-102, governs the treatment of nonpublic personal information about consumers by financial institutions. Section 502 of the Act, subject to certain exceptions, prohibits a financial institution from disclosing nonpublic personal information about a consumer to nonaffiliated third parties, unless the institution satisfies various notice and opt-out requirements, and provided the consumer has not elected to opt out of the disclosure. Section 503 of the Act requires a financial institution to provide notice of its privacy policies and practices to its customers. Section 504 of the Act granted rulemaking authority for the privacy provisions of the Act to be shared by eight Federal agencies: The Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC), the Office of Thrift Supervision (OTS), the National Credit Union Administration (NCUA), the Federal Trade Commission (FTC), the Securities and Exchange Commission (SEC), and the Commodity Futures Trading Commission (CFTC). Each of the agencies issued rules (which were consistent and comparable) to implement the Act's privacy provisions.^[1]

The Dodd-Frank Wall Street Reform and Consumer Protection Act (DFA) amended a number of consumer financial protection laws, including the Act. Among other changes, the DFA transferred rulemaking authority for most of Subtitle A of Title V of the Act, with respect to financial institutions described in section 504(a)(1)(A) of the Act, from FRB, FDIC, OCC, OTS, and NCUA to the Consumer Financial Protection Bureau (CFPB). Pursuant to the DFA and the Act, as amended, the CFPB promulgated Regulation P, 12 CFR 1016, to implement those privacy provisions of the Act for which CFPB has rulemaking authority.

Regulation P implements the requirements of the Act to provide consumers with financial institutions' privacy policies and practices, as well as describes when the consumer's information may be shared with nonaffiliated third parties, and provides a method for consumers to prevent disclosure of their information to nonaffiliated third parties by opting out of that disclosure. Regulation P details the specifics of how the Act should be implemented, which companies and situations this applies to, and the method of delivering the information to consumers.

Regulation P includes model forms that can be used to comply with the disclosure requirements of the Act and Regulation P, although the use of the model forms is not required. See Appendix to Regulation P.

The collection of information pursuant to covers the development of privacy policies by the financial institutions and the dissemination of those policies to their customers upon starting a customer relationship, annually for existing customers, and in the event of any covered changes to the privacy policy. This collection also accounts for the burden to customers who choose to exercise their opt-out rights to prevent disclosure of financial information to nonaffiliated parties.

Comments submitted in response to this notice will be summarized and included in the request for Office of Management and Budget approval. All comments will become a matter of public record. The public is invited to submit comments concerning: (a) Whether the collection of information is necessary for the proper performance of the function of the agency, including whether the information will have practical utility; (b) the accuracy of the agency's estimate of the burden of the collection of information, including the validity of the methodology and assumptions used; (c) ways to enhance the quality, utility, and clarity of the information to be collected; and (d) ways to minimize the burden of the collection of the information on the respondents, including the use of automated collection techniques or other forms of information technology.

II. Data

Title: Privacy of Consumer Financial Information Recordkeeping and Disclosure Requirements Under the Gramm-Leach-Bliley Act and Regulation P, 12 CFR 1016.

OMB Number: 3133-0163.

Type of Review: Reinstatement with change of a previously approved collection.

Description: Regulation P (12 CFR 1016) requires credit unions to disclose its privacy policies to customers as well as offer customers a reasonable opportunity to opt out—in whole or in part—of those policies to further restrict the release of their personal financial information to nonaffiliated third parties. Credit unions are required to provide an initial privacy notice to customers that is clear and conspicuous, an annual notice of the privacy policies and practices of the institution, a revised notice to customers if triggered by specific changes to the existing policy, and a notice of the right of the customer to opt out of the institution's information sharing practices. Consumers who choose to exercise their opt-out right document this choice by returning an opt-out form or other permissible method.

Respondents: Federally-insured credit unions and any credit union member who chooses to exercise opt-out rights.

Estimated Number of Respondents: Federally-insured credit unions: Initial notice, 73; annual and revised notices, 5,954; opt-out notice, 5,954. Members who opt-out, 1,140,000.

Frequency of Response: Annually for most credit unions for both annual notice and annual notification of opt-out rights. Once for credit union members choosing to opt-out.

Estimated Burden Hours per Response: Federally-insured credit unions: Initial notice, 80 hours; annual and revised notice, 8 hours; opt-out notice, 8 hours. Members who opt-out, 15 minutes.

Estimated Total Annual Burden Hours: 386,104.

Footnotes