This PDF is the current document as it appeared on Public Inspection on 01/10/2017 at 08:45 am.
Federal Communications Commission.
Notice and request for comments.
As part of its continuing effort to reduce paperwork burdens, and as required by the Paperwork Reduction Act (PRA) of 1995 (44 U.S.C. 3501-3520), the Federal Communications Commission (FCC or the Commission) invites the general public and other Federal agencies to take this opportunity to comment on the following information collection. Comments are requested concerning: Whether the proposed collection of information is necessary for the proper performance of the functions of the Commission, including whether the information shall have practical utility; the accuracy of the Commission's burden estimate; ways to enhance the quality, utility, and clarity of the information collected; ways to minimize the burden of the collection of information on the respondents, including the use of automated collection techniques or other forms of information technology; and ways to further reduce the information collection burden on small business concerns with fewer than 25 employees. The FCC may not conduct or sponsor a collection of information unless it displays a currently valid control number. No person shall be subject to any penalty for failing to comply with a collection of information subject to the PRA that does not display a valid Office of Management and Budget (OMB) control number.
Written PRA comments should be submitted on or before March 13, 2017. If you anticipate that you will be submitting comments, but find it difficult to do so within the period of time allowed by this notice, you should advise the contact listed below as soon as possible.
ADDRESSES:Start Further Info
FOR FURTHER INFORMATION CONTACT:
For additional information about the information collection, contact Nicole Ongele at (202) 418-2991.End Further Info End Preamble Start Supplemental Information
OMB Control Number: 3060-XXXX.
Title: Data Breach Reporting.
Type of Review: New collection.
Respondents: Business or other for-profit.
Number of Respondents and Responses: 145 respondents; 290 responses.
Estimated Time per Response: 36 hours.
Frequency of Response: On occasion reporting requirements; record keeping requirement, one-time reporting requirement, third party disclosure requirement, (the required disclosures need only be made once upon each triggering instance, e.g. each time that a breach occurs).
Obligation to Respond: Mandatory. Statutory authority for this information collection is contained in sections 1, 2, 4, 201, 202, 222, 303, 316, 338, 631, 705 of the Communications Act of 1934, as amended, and section 706 of the Telecommunications Act of 1996, as amended, 47 U.S.C. Sections 151, 152, 154, 201, 202, 222, 303, 316, 338, 551, 605, and 1302.
Total Annual Burden: 5,220 hours.
Total Annual Cost: No Cost.
Privacy Act Impact Assessment: This information collection affects individuals or households; thus, there are impacts under the Privacy Act. However, the government is not directly collecting this information and the Report and Order directs carriers to Start Printed Page 3314protect the information to the extent it is customer proprietary information.
Nature and Extent of Confidentiality: The Commission is not requesting that respondents submit confidential information. Any respondent who submits information to the Commission, which the respondent believes is confidential, may request confidential treatment of such information under section 0.459 of the Commission's rules. See 47 CFR Section 0.459.
Needs and Uses: Section 222 requires that telecommunications carriers protect the confidentiality of customer proprietary information, and places restrictions on the use, disclosure, or permission of access to customer information absent customer approval. To include broadband Internet access services, and also to update the privacy rules for the changing business and technology landscape, the Commission adopted updated rules on October 27, 2016 (2016 Privacy Order). Among other things, the rules require telecommunications carriers, including BIAS providers, as well as interconnected VoIP providers, to: (1) Notify customers, the Commission, and the Federal Bureau of Investigation and the Secret Service under certain circumstances, when customer proprietary information is breached; and (2) maintain records of breaches and breach notifications. Each of these information collections is necessary to fulfill the purposes of the Act as implemented by the Report and Order. Requirements to disclose breaches of customer proprietary information are necessary to ensure that customers and law enforcement can act to limit the harms caused by breaches. Similarly, the rules' recordkeeping requirements for information about breaches of customer information are necessary to ensure continued protection of customer information through, inter alia, the identification of possible security vulnerabilities.Start Signature
Federal Communications Commission.
Marlene H. Dortch,
Secretary, Office of the Secretary.
1. Protecting the Privacy of Customers of Broadband and Other Telecommunications Services, WC Docket No. 16-106, Report and Order, FCC 16-148 (Nov. 2, 2016).Back to Citation
[FR Doc. 2017-00343 Filed 1-10-17; 8:45 am]
BILLING CODE 6712-01-P