

[Federal Register: June 6, 2007 (Volume 72, Number 108)]
[Notices]               
[Page 31354-31355]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr06jn07-129]                         

=======================================================================
-----------------------------------------------------------------------

SECURITIES AND EXCHANGE COMMISSION

 
Proposed Collection; Comment Request

Upon written request, copies available from: Securities and Exchange 
Commission, Office of Filings and Information Services, Washington, DC 
20549.

Extension: Rule 248.30; SEC File No. 270-549; OMB Control No. 3235-
0610.

    Notice is hereby given that pursuant to the Paperwork Reduction Act 
of 1995 (44 U.S.C. 3501 et seq.) the Securities and Exchange Commission 
(``Commission'') plans to submit to the Office of Management and Budget 
(``OMB'') a request for extension of the previously approved collection 
of information for rule 248.30 under Regulation S-P (17 CFR 248.30), 
titled ``Procedures to Safeguard Customer Records and Information; 
Disposal of Consumer Report Information.''
    Rule 248.30 (the ``safeguard rule'') requires brokers, dealers, 
investment companies, and investment advisers registered with the 
Commission (``registered investment advisers'') (collectively ``covered 
institutions'') to adopt written policies and procedures for 
administrative, technical, and physical safeguards to protect customer 
records and information. The safeguards must be reasonably designed to 
``insure the security and confidentiality of customer records and 
information,'' ``protect against any anticipated threats or hazards to 
the security and integrity'' of those records, and protect against 
unauthorized access to or use of those records or information, which 
``could result in substantial harm or inconvenience to any customer.'' 
The safeguard rule's requirement that covered institutions' policies 
and procedures be documented in writing constitutes a collection of 
information and must be maintained on an ongoing basis. This 
requirement eliminates uncertainty as to required employee actions to 
protect customer records and information and promotes more systematic 
and organized reviews of safeguard policies and procedures by 
institutions. The information collection also assists the Commission's 
examination staff in assessing the existence and adequacy of covered 
institutions' safeguard policies and procedures.
    The Commission staff estimates that approximately 449 new entities 
are subject to the requirements of the safeguard rule's documentation 
requirement each year. Of these, we estimate that 389 will be small 
entities, and that on average a small entity will spend an average of 
15 hours to develop and document its safeguard policies and procedures. 
The Commission staff therefore estimates a one-time hour burden for 
these new, smaller entities of 5,835 hours. We estimate that 60 
additional large institutions will be subject to the rule, and that on 
average each new large institution will spend 715 hours to develop and 
document their safeguard policies and procedures, for a one-time burden 
of 42,900 hours. Thus, we estimate a one-time hour burden for new 
entities of 48,735 hours per year.
    The Commission staff also estimates that 2,080 institutions review 
and

[[Page 31355]]

update their policies and procedures under the rule each year. We 
estimate that 815 of these institutions are smaller entities that spend 
an average of 6 hours reviewing and updating their policies and 
procedures once per year, or 4,890 hours annually. We estimate that an 
additional 1,265 larger institutions spend an average of 30 hours to 
review and update their safeguard policies and procedures, or 37,950 
hours each year. Accordingly, we estimate that the annual burden for 
covered institutions that review and update their safeguard policies 
and procedures is 42,840 hours. We therefore estimate a total of 2,529 
respondents and an annual burden of 91,575 hours associated with the 
rule's collection of information requirement.
    These estimates of average burden hours are made solely for the 
purposes of the Paperwork Reduction Act. An agency may not conduct or 
sponsor, and a person is not required to respond to a collection of 
information unless it displays a currently valid control number. The 
safeguard rule does not require the reporting of any information or the 
filing of any documents with the Commission. The collection of 
information required by the safeguard rule is mandatory.
    Written comments are invited on: (a) Whether the proposed 
collection of information is necessary for the proper performance of 
the functions of the agency, including whether the information will 
have practical utility; (b) the accuracy of the agency's estimate of 
the burden of the collection of information; (c) ways to enhance the 
quality, utility, and clarity of the information collected; and (d) 
ways to minimize the burden of the collection of information on 
respondents, including through the use of automated collection 
techniques or other forms of information technology. Consideration will 
be given to comments and suggestions submitted in writing within 60 
days of this publication.
    Please direct your written comments to R. Corey Booth, Director/
Chief Information Officer, Securities and Exchange Commission, C/O 
Shirley Martinson, 6432 General Green Way, Alexandria, Virginia 22312 
or send an e-mail to: PRA_Mailbox@sec.gov.

    Dated: May 30, 2007.
Florence E. Harmon,
Deputy Secretary.
[FR Doc. E7-10847 Filed 6-5-07; 8:45 am]

BILLING CODE 8010-01-P
