Skip to Content


Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble


Office of Thrift Supervision (OTS), Treasury.


Notice and request for comment.


The proposed information collection request (ICR) described below has been submitted to the Office of Management and Budget (OMB) for review and approval, as required by the Paperwork Reduction Act of 1995. OTS is soliciting public comments on the proposal.


Submit written comments on or before May 14, 2010. A copy of this ICR, with applicable supporting documentation, can be obtained from at​public/​do/​PRAMain.

Start Further Info


For further information or to obtain a copy of the submission to OMB, please contact Ira L. Mills at, (202) 906-6531, or facsimile number (202) 906-6518, Regulations and Legislation Division, Chief Counsel's Office, Office of Thrift Supervision, 1700 G Street, NW., Washington, DC 20552.

End Further Info End Preamble Start Supplemental Information


OTS may not conduct or sponsor an information collection, and respondents are not required to respond to an information collection, unless the information collection displays a currently valid OMB control number. As part of the approval process, we invite comments on the following information collection.

Title of Proposal: Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice.

OMB Number: 1550-0110.

Form Number: N/A.

Regulation requirement: 12 CFR Part 570.

Description: The collection helps to establish standards for financial institutions relating to administrative, technical, and physical safeguards to: (1) Ensure the security and confidentiality of customer records and information; (2) protect against any anticipated threats or hazards to the security or integrity of such records; and (3) protect against unauthorized access to or use of such records or information that could result in substantial harm or inconvenience to any customer.

A response program, of which this collection is a critical part, contains policies and procedures that enable the financial institution to: (a) Assess the situation to determine the nature and scope of the incident, and identify the information systems and types of customer information affected; (b) notify the institution's primary Federal regulator and, in accordance with applicable regulations and guidance, file a Suspicious Activity Report and notify appropriate law enforcement agencies; (c) take measures to contain and control Start Printed Page 19465the incident to prevent further unauthorized access to or misuse of customer information, including shutting down particular applications or third party connections, reconfiguring firewalls, changing computer access codes, and modifying physical access controls; and (d) address and mitigate harm to individual customers.

Type of Review: Extension of a currently approved collection.

Affected Public: Business or other for-profit.

Estimated Number of Respondents: 657.

Estimated Burden Hours per Response: 16 hours for developing the notice and 20 hours for notifying the customer.

Estimated Frequency of Response: On occasion.

Estimated Total Burden: 16,912 hours.

Clearance Officer: Ira L. Mills, (202) 906-6531, Office of Thrift Supervision, 1700 G Street, NW., Washington, DC 20552.

Start Signature

Dated: April 8, 2010.

Ira L. Mills,

Paperwork Clearance Officer, Office of Chief Counsel, Office of Thrift Supervision.

End Signature End Supplemental Information

[FR Doc. 2010-8470 Filed 4-13-10; 8:45 am]