Upon written request, copies available from: Securities and Exchange Commission, Office of Filings and Information Services, Washington, DC 20549.
Extension: Rule 248.30; SEC File No. 270-549; OMB Control No. 3235-0610.
Notice is hereby given that pursuant to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.) the Securities and Exchange Commission (“Commission”) plans to submit to the Office of Management and Budget (“OMB”) a request for extension of the previously approved collection of information for rule 248.30 under Regulation S-P (17 CFR 248.30), titled “Procedures to Safeguard Customer Records and Information; Disposal of Consumer Report Information.”
Rule 248.30 (the “safeguard rule”) requires brokers, dealers, investment companies, and investment advisers registered with the Commission (“registered investment advisers”) (collectively “covered institutions”) to adopt written policies and procedures for administrative, technical, and physical safeguards to protect customer records and information. The safeguards must be reasonably designed to “insure the security and confidentiality of customer records and information,” “protect against any anticipated threats or hazards to the security and integrity” of those records, and protect against unauthorized access to or use of those records or information, which “could result in substantial harm or inconvenience to any customer.” The safeguard rule's requirement that covered institutions' policies and procedures be documented in writing constitutes a collection of information and must be maintained on an ongoing basis. This requirement eliminates uncertainty as to required employee actions to protect customer records and information and promotes more systematic and organized reviews of safeguard policies and procedures by institutions. The information collection also assists the Commission's examination staff in assessing the existence and adequacy of covered institutions' safeguard policies and procedures.
The Commission staff estimates that approximately 449 new entities are subject to the requirements of the safeguard rule's documentation requirement each year. Of these, we estimate that 389 will be small entities, and that on average a small entity will spend an average of 15 hours to develop and document its safeguard policies and procedures. The Commission staff therefore estimates a one-time hour burden for these new, smaller entities of 5,835 hours. We estimate that 60 additional large institutions will be subject to the rule, and that on average each new large institution will spend 715 hours to develop and document their safeguard policies and procedures, for a one-time burden of 42,900 hours. Thus, we estimate a one-time hour burden for new entities of 48,735 hours per year.
The Commission staff also estimates that 2,080 institutions review and Start Printed Page 31355update their policies and procedures under the rule each year. We estimate that 815 of these institutions are smaller entities that spend an average of 6 hours reviewing and updating their policies and procedures once per year, or 4,890 hours annually. We estimate that an additional 1,265 larger institutions spend an average of 30 hours to review and update their safeguard policies and procedures, or 37,950 hours each year. Accordingly, we estimate that the annual burden for covered institutions that review and update their safeguard policies and procedures is 42,840 hours. We therefore estimate a total of 2,529 respondents and an annual burden of 91,575 hours associated with the rule's collection of information requirement.
These estimates of average burden hours are made solely for the purposes of the Paperwork Reduction Act. An agency may not conduct or sponsor, and a person is not required to respond to a collection of information unless it displays a currently valid control number. The safeguard rule does not require the reporting of any information or the filing of any documents with the Commission. The collection of information required by the safeguard rule is mandatory.
Written comments are invited on: (a) Whether the proposed collection of information is necessary for the proper performance of the functions of the agency, including whether the information will have practical utility; (b) the accuracy of the agency's estimate of the burden of the collection of information; (c) ways to enhance the quality, utility, and clarity of the information collected; and (d) ways to minimize the burden of the collection of information on respondents, including through the use of automated collection techniques or other forms of information technology. Consideration will be given to comments and suggestions submitted in writing within 60 days of this publication.
Please direct your written comments to R. Corey Booth, Director/Chief Information Officer, Securities and Exchange Commission, C/O Shirley Martinson, 6432 General Green Way, Alexandria, Virginia 22312 or send an e-mail to: PRA_Mailbox@sec.gov.Start Signature
Dated: May 30, 2007.
Florence E. Harmon,
[FR Doc. E7-10847 Filed 6-5-07; 8:45 am]
BILLING CODE 8010-01-P