

[Federal Register: August 13, 2007 (Volume 72, Number 155)]
[Notices]               
[Page 45279-45280]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr13au07-102]                         

=======================================================================
-----------------------------------------------------------------------

SECURITIES AND EXCHANGE COMMISSION

 
Submission for OMB Review; Comment Request

Upon Written Request, Copies Available From: Securities and Exchange 
Commission, Office of Investor Education and Advocacy, Washington, DC 
20549-0213.

Extension:
    Rule 248.30; SEC File No. 270-549; OMB Control No. 3235-0610.

    Notice is hereby given that pursuant to the Paperwork Reduction Act 
of 1995 (44 U.S.C. 3501 et seq.) the Securities and Exchange Commission 
(``Commission'') has submitted to the Office of Management and Budget 
(``OMB'') a request for extension of the previously approved collection 
of information for rule 248.30 under Regulation S-P (17 CFR 248.30), 
titled ``Procedures to Safeguard Customer Records and Information; 
Disposal of Consumer Report Information.''
    Rule 248.30 (the ``safeguard rule'') requires brokers, dealers, 
investment companies, and investment advisers registered with the 
Commission (``registered investment advisers'') (collectively ``covered 
institutions'') to adopt written policies and procedures for 
administrative, technical, and physical safeguards to protect customer 
records and information. The safeguards must be reasonably designed to 
``insure the security and confidentiality of customer records and 
information,'' ``protect against any anticipated threats or hazards to 
the security and integrity'' of those records, and protect against 
unauthorized access to or use of those records or information, which 
``could result in substantial harm or inconvenience to any customer.'' 
The safeguard rule's requirement that covered institutions' policies 
and procedures be documented in writing constitutes a collection of 
information and must be maintained on an ongoing basis. This 
requirement eliminates uncertainty as to required employee actions to 
protect customer records and information and promotes more systematic 
and organized reviews of safeguard policies and procedures by 
institutions. The information collection also assists the Commission's 
examination staff in assessing the existence and adequacy of covered 
institutions' safeguard policies and procedures.
    The Commission staff estimates that approximately 449 new entities 
are subject to the requirements of the safeguard rule's documentation 
requirement each year. Of these, we estimate that 389 will be small 
entities, and that on average a small entity will spend an average of 
15 hours to develop and document its safeguard policies and procedures. 
The Commission staff therefore estimates a one-time hour burden for 
these new, smaller entities of 5,835 hours. We estimate that 60 
additional large institutions will be subject to the rule, and that on 
average each new large institution will spend 715 hours to develop and 
document their safeguard policies and procedures, for a one-time burden 
of 42,900 hours. Thus, we estimate a one-time hour burden for new 
entities of 48,735 hours per year.
    The Commission staff also estimates that 2,080 institutions review 
and update their policies and procedures under the rule each year. We 
estimate that 815 of these institutions are smaller entities that spend 
an average of 6 hours reviewing and updating their policies and 
procedures once per year, or 4,890 hours annually. We estimate that an 
additional 1,265 larger institutions spend an average of 30 hours to 
review and update their safeguard policies and procedures, or 37,950 
hours each year. Accordingly, we estimate that the annual burden for 
covered institutions that review and update their safeguard policies 
and procedures is 42,840 hours. We therefore estimate a total of 2,529 
respondents and an annual burden of 91,575 hours associated with the 
rule's collection of information requirement.
    These estimates of average burden hours are made solely for the 
purposes of the Paperwork Reduction Act. An agency may not conduct or 
sponsor, and a person is not required to respond to a collection of 
information unless it displays a currently valid control number. The 
safeguard rule does not require the reporting of any information or the 
filing of any documents with the Commission. The collection of 
information required by the safeguard rule is mandatory.
    General comments regarding the above information should be directed 
to the following persons: (i) Desk Officer for the Securities and 
Exchange Commission, Office of Information and Regulatory Affairs, 
Office of Management and Budget, Room 10102, New Executive Office 
Building, Washington, DC 20503 or e-mail to: 
David_Rostker@omb.eop.gov; and (ii) R. Corey Booth, Director/Chief 

Information Officer, Securities and Exchange Commission, C/O Shirley 
Martinson, 6432 General Green Way, Alexandria, VA 22312, or send an e-
mail to: PRA_Mailbox@sec.gov. Comments must be submitted to OMB within 
30 days of this notice.


[[Page 45280]]


    Dated: August 6, 2007.
Florence E. Harmon,
Deputy Secretary.
 [FR Doc. E7-15722 Filed 8-10-07; 8:45 am]

BILLING CODE 8010-01-P
