Upon Written Request, Copies Available From: Securities and Exchange Commission, Office of Investor Education and Advocacy, Washington, DC 20549-0213.
Rule 248.30; SEC File No. 270-549; OMB Control No. 3235-0610.
Notice is hereby given that pursuant to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.) the Securities and Exchange Commission (“Commission”) has submitted to the Office of Management and Budget (“OMB”) a request for extension of the previously approved collection of information for rule 248.30 under Regulation S-P (17 CFR 248.30), titled “Procedures to Safeguard Customer Records and Information; Disposal of Consumer Report Information.”
Rule 248.30 (the “safeguard rule”) requires brokers, dealers, investment companies, and investment advisers registered with the Commission (“registered investment advisers”) (collectively “covered institutions”) to adopt written policies and procedures for administrative, technical, and physical safeguards to protect customer records and information. The safeguards must be reasonably designed to “insure the security and confidentiality of customer records and information,” “protect against any anticipated threats or hazards to the security and integrity” of those records, and protect against unauthorized access to or use of those records or information, which “could result in substantial harm or inconvenience to any customer.” The safeguard rule's requirement that covered institutions' policies and procedures be documented in writing constitutes a collection of information and must be maintained on an ongoing basis. This requirement eliminates uncertainty as to required employee actions to protect customer records and information and promotes more systematic and organized reviews of safeguard policies and procedures by institutions. The information collection also assists the Commission's examination staff in assessing the existence and adequacy of covered institutions' safeguard policies and procedures.
The Commission staff estimates that approximately 449 new entities are subject to the requirements of the safeguard rule's documentation requirement each year. Of these, we estimate that 389 will be small entities, and that on average a small entity will spend an average of 15 hours to develop and document its safeguard policies and procedures. The Commission staff therefore estimates a one-time hour burden for these new, smaller entities of 5,835 hours. We estimate that 60 additional large institutions will be subject to the rule, and that on average each new large institution will spend 715 hours to develop and document their safeguard policies and procedures, for a one-time burden of 42,900 hours. Thus, we estimate a one-time hour burden for new entities of 48,735 hours per year.
The Commission staff also estimates that 2,080 institutions review and update their policies and procedures under the rule each year. We estimate that 815 of these institutions are smaller entities that spend an average of 6 hours reviewing and updating their policies and procedures once per year, or 4,890 hours annually. We estimate that an additional 1,265 larger institutions spend an average of 30 hours to review and update their safeguard policies and procedures, or 37,950 hours each year. Accordingly, we estimate that the annual burden for covered institutions that review and update their safeguard policies and procedures is 42,840 hours. We therefore estimate a total of 2,529 respondents and an annual burden of 91,575 hours associated with the rule's collection of information requirement.
These estimates of average burden hours are made solely for the purposes of the Paperwork Reduction Act. An agency may not conduct or sponsor, and a person is not required to respond to a collection of information unless it displays a currently valid control number. The safeguard rule does not require the reporting of any information or the filing of any documents with the Commission. The collection of information required by the safeguard rule is mandatory.
General comments regarding the above information should be directed to the following persons: (i) Desk Officer for the Securities and Exchange Commission, Office of Information and Regulatory Affairs, Office of Management and Budget, Room 10102, New Executive Office Building, Washington, DC 20503 or e-mail to: David_Rostker@omb.eop.gov; and (ii) R. Corey Booth, Director/Chief Information Officer, Securities and Exchange Commission, C/O Shirley Martinson, 6432 General Green Way, Alexandria, VA 22312, or send an e-mail to: PRA_Mailbox@sec.gov. Comments must be submitted to OMB within 30 days of this notice.Start Signature
Dated: August 6, 2007.
Florence E. Harmon,
[FR Doc. E7-15722 Filed 8-10-07; 8:45 am]
BILLING CODE 8010-01-P