8011-01P
SECURITIES AND EXCHANGE COMMISSION
[SEC File No. 270-480, OMB Control No. 3235-0537]
Proposed Collection; Comment Request; Extension: Regulation S-P
Upon Written Request, Copies Available From:
Securities and Exchange Commission
Office of FOIA Services
100 F Street, NE
Washington, DC 20549-2736
Notice is hereby given that, pursuant to the Paperwork Reduction Act of 1995 (“PRA”)
(44 U.S.C. 3501 et seq.), the Securities and Exchange Commission (“Commission”) is soliciting
comments on the existing collection of information provided for in the privacy notice and opt out
notice provisions of Regulation S-P – Privacy of Consumer Financial Information (17 CFR part
248, subpart A) under the Securities Exchange Act of 1934 (“Exchange Act”) (15 U.S.C. 78a et
seq.). The Commission plans to submit this existing collection of information to the Office of
Management and Budget (“OMB”) for extension and approval.
The privacy notice and opt out notice provisions of Regulation S-P (the “Rule”)
implement the privacy notice and opt out notice requirements of Title V of the Gramm-LeachBliley Act (“GLBA”), which requires that at the time of establishing a customer relationship
with a consumer and not less than annually during the continuation of such relationship, a
financial institution shall provide a clear and conspicuous disclosure to such consumer of such
financial institution’s policies and practices with respect to disclosing nonpublic personal
information to affiliates and nonaffiliated third parties (“privacy notice”). Title V of the GLBA
also provides that, unless an exception applies, a financial institution may not disclose nonpublic
personal information of a consumer to a nonaffiliated third party unless the financial institution
clearly and conspicuously discloses to the consumer that such information may be disclosed to

such third party; the consumer is given the opportunity, before the time that such information is
initially disclosed, to direct that such information not be disclosed to such third party; and the
consumer is given an explanation of how the consumer can exercise that nondisclosure option
(“opt out notice”). The Rule applies to broker-dealers, investment advisers registered with the
Commission, and investment companies (“covered entities”).
Commission staff estimates that, as of April 1, 2024, the Rule’s information collection
burden applies to approximately 32,707 covered entities (approximately 3,410 broker-dealers,
15,531 investment advisers registered with the Commission, and 13,766 investment companies). In
view of (a) the minimal recordkeeping burden imposed by the Rule (since the Rule has no
recordkeeping requirement and records relating to customer communications already must be made
and retained pursuant to other SEC rules); (b) the summary fashion in which information must be
provided to customers in the privacy and opt out notices required by the Rule (the model privacy
form adopted by the SEC and the other agencies in 2009, designed to serve as both a privacy notice
and an opt out notice, is only two pages); (c) the availability to covered entities of the model privacy
form and online model privacy form builder; and (d) the experience of covered entities’ staff with
the notices, SEC staff estimates that covered entities will each spend an average of approximately
12 hours per year complying with the Rule, for a total of approximately 392,484 annual burdenhours (12 x 32,707 = 392,484). SEC staff understands that the vast majority of covered entities
deliver their privacy and opt out notices with other communications such as account opening
documents and account statements. Because the other communications are already delivered to
consumers, adding a brief privacy and opt out notice should not result in added costs for processing
or for postage and materials. Also, privacy and opt out notices may be delivered electronically to
consumers who have agreed to electronic communications, which further reduces the costs of
delivery. Because SEC staff assumes that most paper copies of privacy and opt out notices are
combined with other required mailings, the burden-hour estimates above are based on resources
required to integrate the privacy and opt notices into another mailing, rather than on the resources

required to create and send a separate mailing. SEC staff estimates that, of the estimated 12
annual burden-hours incurred, approximately 8 hours would be spent by administrative assistants
at an hourly rate of $90, and approximately 4 hours would be spent by internal counsel at an
hourly rate of $518, for a total annual internal cost of compliance of approximately $2,792 for
each of the covered entities (8 x $90 = $720; 4 x $518 = $2,072; $720 + $2,072 = $2,792).
Hourly cost of compliance estimates for administrative assistant time are derived from the
Securities Industry and Financial Markets Association’s Office Salaries in the Securities Industry
2013, modified by SEC staff to account for an 1,800-hour work-year and multiplied by 2.93 to
account for bonuses, firm size, employee benefits and overhead. Hourly cost of compliance
estimates for internal counsel time are derived from the Securities Industry and Financial
Markets Association’s Management & Professional Earnings in the Securities Industry 2013,
modified by SEC staff to account for an 1,800-hour work-year and multiplied by 5.35 to account
for bonuses, firm size, employee benefits, and overhead. Accordingly, SEC staff estimates that
the total annual internal cost of compliance for the estimated total hour burden for the
approximately 32,707 covered entities subject to the Rule is approximately $91,371,944 ($2,796
x 32,707 = $91,317,944).
Written comments are invited on: (a) whether the proposed collection of information is
necessary for the proper performance of the functions of the Commission, including whether the
information shall have practical utility; (b) the accuracy of the Commission's estimates of the
burden of the proposed collection of information; (c) ways to enhance the quality, utility, and
clarity of the information collected; and (d) ways to minimize the burden of the collection of
information on respondents, including through the use of automated collection techniques or
other forms of information technology. Consideration will be given to comments and
suggestions submitted by [INSERT DATE 60 DAYS AFTER DATE OF PUBLICATION OF
THIS NOTICE IN THE FEDERAL REGISTER].

An agency may not conduct or sponsor, and a person is not required to respond to, a
collection of information under the PRA unless it displays a currently valid OMB control
number.
Please direct your written comments to: David Bottom, Director/Chief Information
Officer, Securities and Exchange Commission, c/o John Pezzullo, 100 F Street, NE, Washington,
DC 20549, or send an e-mail to: PRA_Mailbox@sec.gov.
Dated: June 28, 2024.
Sherry R. Haywood,
Assistant Secretary.

[FR Doc. 2024-14623 Filed: 7/2/2024 8:45 am; Publication Date: 7/3/2024]