Agency Information Collection Activities: Submission to OMB for Reinstatement, Without Change, of a Previously Approved Collection; Comment Request

AGENCY:

National Credit Union Administration (NCUA).

ACTION:

Request for comment.

SUMMARY:

The NCUA intends to submit the following information collection to the Office of Management and Budget (OMB) for review and clearance under the Paperwork Reduction Act of 1995. This information collection is published to obtain comments from the public. NCUA is renewing the requirements for Federally Insured Credit Unions to maintain an information security program and an incident response plan that complies with Title V of the Gramm-Leach-Bliley Act. The program and response plan are required by the NCUA rules and regulations. Appendix B contains guidance on creating an effective incident response plan in the event of unauthorized access to member information and the requirements of the notices distributed to the affected members.

DATES:

Comments will be accepted until September 27, 2013.

ADDRESSES:

Interested parties are invited to submit written comments to the NCUA Contact and OMB Reviewer listed below:

NCUA Contact: Tracy Crews, National Credit Union Administration, 1775 Duke Street, Alexandria, Virginia 22314-3428, Fax No. 703-837-2861, Email: OCIOPRA@ncua.gov.

OMB Contact: Office of Management and Budget, ATTN: Desk Officer for the National Credit Union Administration, Office of Information and Regulatory Affairs, Washington, DC 20503.

FOR FURTHER INFORMATION CONTACT:

Requests for additional information, a copy of the information collection request, or a copy of submitted comments should be directed to Tracy Crews at the National Credit Union Administration, 1775 Duke Street, Alexandria, VA 22314-3428, or at (703) 518-6444.

SUPPLEMENTARY INFORMATION:

I. Abstract and Request for Comments

NCUA is amending/reinstating the collection for 3133-0033. NCUA is renewing the requirements for Federally Insured Credit Unions to maintain an information security program and an incident response plan that complies with Title V of the Gramm-Leach-Bliley Act, 15 U.S.C. 6801 et seq. Section 748.0 of NCUA's Rules and Regulations, 12 CFR 748.0, directs federally insured credit unions to adopt a security program that includes ensuring the security and confidentiality of member records, protecting against the anticipated threats or hazards to the security or integrity of such records, and protecting against unauthorized access to or use of such records that could result in substantial harm or serious inconvenience to a member. The security program also contains a requirement to respond to incidents of unauthorized access to or use of member information that could result in substantial harm or serious inconvenience to a member. Proper incident response includes a notification requirement to the affected member. NCUA examiners review the programs to determine whether the credit union's procedures comply with the information security and incident response requirements. There is a decrease of 39,776 hours from the last submission (2007). The decrease is a result of an adjustment to the number of credit unions from 8,695 to 6,753. This decline is from credit union mergers and liquidations.

The NCUA requests that you send your comments on this collection to the location listed in the addresses section. Your comments should address: (a) The necessity of the information collection for the proper performance of NCUA, including whether the information will have practical utility; (b) the accuracy of our estimate of the burden (hours and cost) of the collection of information, including the validity of the methodology and assumptions used; (c) ways we could enhance the quality, utility, and clarity of the information to be collected; and (d) ways we could minimize the burden of the collection of the information on the respondents such as through the use of automated collection techniques or other forms of information technology. It is NCUA's policy to make all comments available to the public for review.

II. Data

Title: 12 CFR part 748, Security Program and Appendix B.

OMB Number: 3133-0033.

Form Number: None.

Type of Review: Third party disclosure, and reporting, on occasion.

Description: 12 CFR part 748 requires federally insured credit unions to develop a written security program to safeguard sensitive member information. This information collection requires that such programs be designed to respond to incidents of unauthorized access or use, in order to prevent substantial harm or serious inconvenience to members.

Respondents: Federally insured credit unions.

Estimated Number of Respondents/Record keepers: 6,753.

Estimated Burden Hours per Response: 20 hours.

Frequency of Response: On occasion.

Estimated Total Annual Burden Hours: 138,300 hours.

Estimated Total Annual Cost: None.