Report Title:
Financial Information Privacy
Description:
Regulates the insurance licensee use of nonpublic personal financial information of individuals.
|
HOUSE OF REPRESENTATIVES |
H.B. NO. |
1559 |
|
TWENTY-FIRST LEGISLATURE, 2001 |
||
|
STATE OF HAWAII |
||
|
|
A BILL FOR AN ACT
relaTING TO PRIVACY OF FINANCIAL INFORMATION.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF HAWAII:
SECTION 1. Chapter 431, Hawaii Revised Statutes, is amended by adding a new article to be appropriately designated and to read as follows:
"ARTICLE
PRIVACY OF CONSUMER FINANCIAL INFORMATION
PART I. GENERAL PROVISIONS
§431: -101 Purpose and scope. (a) This article governs the treatment of nonpublic personal financial information about individuals by all insurance licensees. This article:
(1) Requires licensees to provide notice to individuals about its privacy policies and practices;
(2) Establishes the conditions under which a licensee may disclose nonpublic personal financial information about individuals to affiliates and nonaffiliated third parties; and
(3) Provides methods for individuals to prevent a licensee from disclosing that information.
(b) This article applies to nonpublic personal financial information about individuals who obtain or are claimants or beneficiaries of products or services primarily for personal, family, or household purposes from licensees. This article does not apply to information about companies or about individuals who obtain products or services for business, commercial, or agricultural purposes.
(c) The notice provisions of this article shall not apply to licensees in liquidation or receivership.
§431:__-102 Definitions. As used in this article:
"Affiliate" means any company that controls, is controlled by, or is under common control with another company.
"Clear and conspicuous" means that a notice is reasonably understandable and designed to call attention to the nature and significance of the information in the notice.
"Collect" means to obtain information that the licensee organizes or can retrieve by the name of an individual or by identifying number, symbol, or other identifying particular assigned to the individual, irrespective of the source of the underlying information.
"Company" means a corporation, limited liability company, business trust, general or limited partnership, association, sole proprietorship, mutual benefit society, health maintenance organization, non-profit corporation, or similar organization.
"Consumer" means an individual who seeks to obtain, obtains, or has obtained an insurance product or service from a licensee that is to be used primarily for personal, family, or household purposes, and about whom the licensee has nonpublic personal information, or that individual’s legal representative.
"Consumer reporting agency" has the same meaning as in section 603(f) of the Fair Credit Reporting Act (15 U.S.C. 1681a(f)).
"Control" means:
(1) Ownership, control, or power to vote twenty-five per cent or more of the outstanding shares of any class of voting security of the company, directly or indirectly, or acting through one or more other persons;
(2) Control in any manner over the election of a majority of the directors, trustees, or general partners (or individuals exercising similar functions) of the company; or
(3) The power to exercise, directly or indirectly, a controlling influence over the management or policies of the company, as the commissioner determines.
"Customer" means a consumer who has a customer relationship with a licensee.
"Customer relationship" means a continuing relationship between a consumer and a licensee under which the licensee provides one or more insurance products or services to the consumer that are to be used primarily for personal, family, or household purposes.
"Financial institution" means any institution the business of which is engaging in activities that are financial in nature or incidental to such financial activities as described in Section 4(k) of the Bank Holding Company Act of 1956 (12 U.S.C. 1843(k)). "Financial institution" does not include:
(1) Any person or entity with respect to any financial activity that is subject to the jurisdiction of the Commodity Futures Trading Commission under the Commodity Exchange Act (7 U.S.C. 1 et seq.);
(2) The Federal Agricultural Mortgage Corporation or any entity charged and operating under the Farm Credit Act of 1971 (12 U.S.C. 2001 et seq.); or
(3) Institutions chartered by Congress specifically to engage in securitizations, secondary market sales (including sales of servicing rights) or similar transactions related to a transaction of a consumer, as long as the institutions do not sell or transfer nonpublic personal information to a nonaffiliated third party.
"Financial product or service" means any product or service that a financial holding company could offer by engaging in an activity that is financial in nature or incidental to such a financial activity under Section 4(k) of the Bank Holding Company Act of 1956 (12 U.S.C. 1843(k)). "Financial service" includes a financial institution’s evaluation or brokerage of information that the financial institution collects in connection with a request or an application from a consumer for a financial product or service.
"Health information" means any information or data except age or gender, whether oral or recorded in any form or medium, created by or derived from a health care provider or the consumer that relates to:
(1) The past, present, or future physical, mental, or behavioral health or condition of an individual;
(2) The provision of health care to an individual; or
(3) Payment for the provision of health care to an individual.
"Insurance product or service" means any product or service that is offered by a licensee subject to the insurance laws of this state. "Insurance service" includes a licensee's evaluation, brokerage, or distribution of information collected in connection with a request or an application from a consumer for an insurance product or service.
"Licensee" means all licensed insurers, producers, and other persons licensed or required to be licensed, or authorized or required to be authorized, or registered or required to be registered, pursuant to chapter 431 or 432, and health maintenance organizations holding a certificate of authority pursuant to chapter 432D. The term includes an unauthorized insurer that accepts business placed through a licensed surplus lines broker in this state, but only in regard to the surplus lines placements placed pursuant to article 8 of chapter 431.
"Licensee" does not include an employee, agent, or other representative of another licensee ("the principal") where:
(1) The principal otherwise complies with, and provides the notices required by, the provisions of this article; and
(2) The employee, agent, or other representative of the principal discloses nonpublic personal financial information only to the principal or its affiliates in a manner permitted by this article.
"Nonaffiliated third party" means any person except:
(1) A licensee’s affiliate; or
(2) A person employed jointly by a licensee and any company that is not the licensee’s affiliate (but nonaffiliated third party includes the other company that jointly employs the person).
"Nonaffiliated third party" includes any company that is an affiliate solely by virtue of the direct or indirect ownership or control of the company by the licensee or its affiliate in conducting merchant banking or investment banking activities of the type described in section 4(k)(4)(H) of the federal Bank Holding Company Act, or insurance company investment activities of the type described in section 4(k)(4)(I) of the Bank Holding Company Act (12 U.S.C. 1843(k)(4)(H) and (I)).
"Nonpublic personal financial information" means:
(1) Personally identifiable financial information; and
(2) Any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived using any personally identifiable financial information that is not publicly available.
"Nonpublic personal financial information" does not include:
(1) Health information;
(2) Publicly available information, except as included on a list described in subsection (b) of the definition of "nonpublic personal financial information"; or
(3) Any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived without using any personally identifiable financial information that is not publicly available.
"Opt out" means a direction by a consumer that a licensee not disclose nonpublic financial information about that consumer to a nonaffiliated third party, other than as permitted by part IV of this article.
"Personally identifiable financial information" means any information:
(1) A consumer provides to a licensee to obtain an insurance product or service from the licensee;
(2) About a consumer resulting from a transaction involving an insurance product or service between a licensee and a consumer; or
(3) The licensee otherwise obtains about a consumer in connection with providing an insurance product or service to that consumer.
"Personally identifiable financial information" does not include:
(1) Health information;
(2) A list of names and addresses of customers of an entity that is not a financial institution; and
(3) Information that does not identify a consumer, such as aggregate information or blind data that does not contain personal identifiers such as account numbers, names, or addresses.
"Publicly available information" means any information that a licensee has a reasonable basis to believe is lawfully made available to the general public from:
(1) Federal, state, or local government records;
(2) Widely distributed media; or
(3) Disclosures to the general public that are required to be made by federal, state, or local law.
A licensee has a reasonable basis to believe that information is lawfully made available to the general public if the licensee has taken steps to determine:
(1) That the information is of the type that is available to the general public; and
(2) Whether an individual can direct that the information not be made available to the general public and, if so, that the licensee’s consumer has not done so.
PART II. PRIVACY AND OPT OUT NOTICES FOR
FINANCIAL INFORMATION
§431:___-201 Initial privacy notice to consumers required. (a) A licensee shall provide a clear and conspicuous notice that accurately reflects its privacy policies and practices to:
(1) A customer not later than when the licensee establishes a customer relationship, except as provided in subsection (e) of this section; and
(2) A consumer, before the licensee discloses any nonpublic personal financial information about the consumer to any nonaffiliated third party, if the licensee makes a disclosure other than as authorized by sections 431:___-402 and 431:___-403.
(b) A licensee is not required to provide an initial notice to a consumer under subsection (a)(2) of this section if:
(1) The licensee does not disclose any nonpublic personal financial information about the consumer to any nonaffiliated third party, other than as authorized by sections 431:___-402 and 431:___-403, and the licensee does not have a customer relationship with the consumer; or
(2) A notice has been provided by an affiliated licensee, as long as the notice clearly identifies all licensees to whom the notice applies and is accurate with respect to the licensee and the other institutions.
(c) A licensee establishes a customer relationship at the time the licensee and the consumer enter into a continuing relationship.
(d) When an existing customer obtains a new insurance product or service from a licensee that is to be used primarily for personal, family, or household purposes, the licensee satisfies the initial notice requirements of subsection (a) of this section as follows:
(1) The licensee may provide a revised policy notice, under section 431:___-205, that covers the customer’s new insurance product or service; or
(2) If the initial, revised, or annual notice that the licensee most recently provided to that customer was accurate with respect to the new insurance product or service, the licensee does not need to provide a new privacy notice under subsection (a) of this section.
(e) A licensee may provide the initial notice required by subsection (a)(1) of this section within a reasonable time after the licensee establishes a customer relationship if:
(1) Establishing the customer relationship is not at the customer’s election; or
(2) Providing notice not later than when the licensee establishes a customer relationship would substantially delay the customer’s transaction and the customer agrees to receive the notice at a later time.
(f) When a licensee is required to deliver an initial privacy notice by this section, or uses a short-form initial notice for non-customers according to 431:___-203(c), the licensee shall deliver the notice according to 431:___-206.
§431:___-202 Annual privacy notice to customers required. (a) A licensee shall provide a clear and conspicuous notice to customers that accurately reflects its privacy policies and practices not less than annually during the continuation of the customer relationship. Annually means at least once in any period of twelve consecutive months during which that relationship exists. A licensee may define the twelve-consecutive-month period, but the licensee shall apply it to customers on a consistent basis.
(b) A licensee is not required to provide an annual notice to a former customer. A former customer is an individual with whom a licensee no longer has a continuing relationship.
(c) When a licensee is required by this section to deliver an annual privacy notice, the licensee shall deliver it according to section 431:___-206.
§431:___-203 Information to be included in privacy notices. (a) The initial, annual and revised privacy notices that a licensee provides under sections 431___-201, 431:___-202, and 431:___-205 shall include each of the following items of information, in addition to any other information the licensee wishes to provide, that applies to the licensee and to the consumers to whom the licensee sends its privacy notice:
(1) The categories of nonpublic personal financial information that the licensee collects;
(2) The categories of nonpublic personal financial information that the licensee discloses;
(3) The categories of affiliates and nonaffiliated third parties to whom the licensee discloses nonpublic personal financial information, other than those parties to whom the licensee discloses information under sections 431:___-402 and 431:___-403;
(4) The categories of nonpublic personal financial information about the licensee’s former customers that the licensee discloses and the categories of affiliates and nonaffiliated third parties to whom the licensee discloses nonpublic personal financial information about the licensee’s former customers, other than those parties to whom the licensee discloses information under sections 431:___-402 and 431:___-403;
(5) If a licensee discloses nonpublic personal financial information to a nonaffiliated third party under section 431___-401, and no other exception in sections 431:___-402 and 431:___-403 applies to that disclosure, a separate description of the categories of information the licensee discloses and the categories of third parties with whom the licensee has contracted;
(6) An explanation of the consumer’s right under section 431:___-301(a) to opt out of the disclosure of nonpublic personal financial information to nonaffiliated third parties, including the methods by which the consumer may exercise that right at that time;
(7) Any disclosures that the licensee makes under Section 603(d)(2)(A)(iii) of the Fair Credit Reporting Act (15 U.S.C. 1681a(d)(2)(A)(iii));
(8) The licensee’s policies and practices with respect to protecting the confidentiality and security of nonpublic personal information; and
(9) Any disclosure that the licensee makes under subsection (b) of this section.
(b) If a licensee discloses nonpublic personal financial information as authorized under sections 431:___-402 and 431:___-403, the licensee is not required to list those exceptions in the initial or annual privacy notices required by sections 431:___-201 and 431:___-202. When describing the categories of parties to whom disclosure is made, the licensee is required to state only that it makes disclosures to other affiliated or nonaffiliated third parties, as applicable, as permitted by law.
(c) Short-form initial notice with opt out notice for non-customers. A licensee may satisfy the initial notice requirements in sections 431:___-201(a)(2) and 431:___-204(c) for a consumer who is not a customer by providing a short-form initial notice at the same time as the licensee delivers an opt out notice as required in section 431:___-204. A short-form initial notice shall:
(1) Be clear and conspicuous;
(2) State that the licensee’s privacy notice is available upon request; and
(3) Explain a reasonable means by which the consumer may obtain that notice.
The licensee shall deliver its short-form initial notice according to section 431:___-206. The licensee is not required to deliver its privacy notice with its short-form initial notice. The licensee instead may provide the consumer a reasonable means of obtaining the licensee's privacy notice. If a consumer who receives the licensee’s short-form notice requests the licensee’s privacy notice, the licensee shall deliver its privacy notice according to section 431:___-206.
(d) The licensee’s notice may include:
(1) Categories of nonpublic personal financial information that the licensee reserves the right to disclose in the future, but does not currently disclose; and
(2) Categories of affiliates or nonaffiliated third parties to whom the licensee reserves the right in the future to disclose, but to whom the licensee does not currently disclose, nonpublic personal financial information.
§431:___-204 Form and delivery of opt out notice to consumers; opt out methods. (a) An opt out notice provided by a licensee pursuant to section 431:___-301 shall clearly, conspicuously, and accurately explain to the consumer the right to opt out under that section. The notice shall include:
(1) A statement that the licensee discloses or reserves the right to disclose nonpublic personal financial information about its consumer to a nonaffiliated third party;
(2) A statement that the consumer has the right to opt out of that disclosure; and
(3) A reasonable means by which the consumer may exercise the opt out right.
(b) A licensee may provide the opt out notice together with or on the same written or electronic form as the initial notice the licensee provides in accordance with 431:___-201.
(c) If a licensee provides the opt out notice later than required for the initial notice under section 431:___-201, the licensee shall also include a copy of the initial notice with the opt out notice in writing or, if the consumer agrees, electronically.
(d) If two or more consumers jointly obtain an insurance product or service from a licensee, the licensee may provide a single opt out notice. The licensee’s opt out notice shall explain how the licensee will respond to an opt out direction by a joint consumer. The licensee shall allow any of the joint consumers to exercise the right to opt out. The licensee shall not require all joint consumers to opt out before it implements any opt out direction. The licensee may either:
(1) Treat an opt out direction by a joint consumer as applying to all of the associated joint consumers; or
(2) Permit each joint consumer to opt out separately.
(e) The licensee shall deliver the opt out notice according to section 431:___-206.
(f) A licensee shall comply with a consumer’s opt out direction as soon as reasonably practicable after the licensee receives it.
(g) A consumer may exercise the right to opt out at any time.
(h) A consumer’s direction to opt out is effective until the consumer revokes it in writing or, if the consumer agrees, electronically. When a customer relationship terminates, the customer’s opt out direction continues to apply to the nonpublic personal financial information that the licensee collected during or related to that relationship. If the individual subsequently establishes a new customer relationship with the licensee, the opt out direction that applied to the former relationship shall not apply to the new relationship.
§431:___-205 Revised privacy notices. (a) Except as otherwise authorized in this article, a licensee shall not, directly or through an affiliate, disclose any nonpublic personal financial information about a consumer to a nonaffiliated third party other than as described in the initial notice that the licensee provided to that consumer under section 431:___-201, unless:
(1) The licensee has:
(A) Provided the consumer a clear and conspicuous revised notice that accurately describes its policies and practices;
(B) Provided the consumer a new opt out notice; and
(C) Given the consumer a reasonable opportunity, before the licensee discloses the information to the nonaffiliated third party, to opt out of the disclosure;
and
(2) The consumer does not opt out.
(b) The licensee shall deliver a revised privacy notice according to section 431:___-206.
§431:___-206 Delivery. (a) A licensee shall provide any notices required under this article in a manner that the licensee reasonably expects the consumer to receive actual notice in writing or, if the consumer agrees, electronically.
(b) A licensee reasonably expects that a customer will receive actual notice of the licensee’s annual privacy notice if:
(1) The customer uses the licensee’s web site to access insurance products and services electronically and agrees to receive notices at the web site, and the licensee posts its current privacy notice continuously in a clear and conspicuous manner on the web site; or
(2) The customer has requested that the licensee refrain from sending any information regarding the customer relationship, and the licensee’s current privacy notice remains available to the customer upon request.
(c) A licensee shall not provide any notice required by this article solely through an oral explanation of the notice, either in person or over the telephone.
(d) For customers only, a licensee shall provide the initial notice required by section 431:___-201(a)(1), the annual notice required by section 431:___-202(a), and the revised notice required by section 431:___-205 so that the customer can retain them, or obtain them later in writing or, if the customer agrees, electronically.
(e) A licensee may provide a joint notice from the licensee and one or more of its affiliates or other financial institutions, as identified in the notice, as long as the notice is accurate with respect to the licensee and the other institutions. A licensee also may provide a notice on behalf of another financial institution.
(f) If two or more consumers jointly obtain an insurance product or service from a licensee, the licensee may satisfy the initial, annual, and revised notice requirements of sections 431:___-201(a), 431:___-202(a), and 431:___-205 by providing a single notice for each respective section to those consumers, jointly.
§431:___-207 Surplus lines licensee notice and opt out compliance. A surplus lines broker or surplus lines insurer shall be deemed to be in compliance with the notice and opt out requirements for nonpublic personal financial information set forth in this article; provided:
(1) The broker or insurer does not disclose nonpublic personal financial information of a consumer or a customer to nonaffiliated third parties for any purpose, including joint servicing or marketing under section 431:___-401, except as permitted by sections 431:___-402 and 431:___-403.
(2) The broker or insurer delivers a notice to the consumer at the time a customer relationship is established on which the following is printed in sixteen-point type:
"PRIVACY NOTICE: NEITHER THE U.S. BROKERS THAT HANDLED THIS INSURANCE NOR THE INSURERS THAT HAVE UNDERWRITTEN THIS INSURANCE WILL DISCLOSE NONPUBLIC PERSONAL FINANCIAL INFORMATION CONCERNING THE BUYER TO NONAFFILIATES OF THE BROKERS OR INSURERS EXCEPT AS PERMITTED BY LAW."
PART III. LIMITS ON DISCLOSURES OF FINANCIAL INFORMATION
§431:___-301 Limits on disclosure of nonpublic personal financial information to nonaffiliated third parties. (a) Except as otherwise authorized in this article, a licensee shall not, directly or through any affiliate, disclose any nonpublic personal financial information about a consumer to a nonaffiliated third party unless:
(1) The licensee has:
(A) Provided the consumer an initial notice as required under 431:___-201;
(B) Provided the consumer an opt out notice as required in 431:___-204; and
(C) Given the consumer a reasonable opportunity, before it discloses the information to the nonaffiliated third party, to opt out of the disclosure;
and
(2) The consumer does not opt out.
(b) A licensee shall comply with this section, regardless of whether the licensee and the consumer have established a customer relationship. If a licensee fails to comply with this section, the licensee may not, directly or through any affiliate, disclose to an unaffiliated third party any nonpublic personal financial information about a consumer that the licensee has collected, regardless of whether the licensee collected it before or after receiving the direction to opt out from the consumer.
(c) A licensee may allow a consumer to select certain nonpublic personal financial information or certain nonaffiliated third parties with respect to which the consumer wishes to opt out.
§431:___-302 Limits on redisclosure and reuse of nonpublic personal financial information. (a) If a licensee receives nonpublic personal financial information from a nonaffiliated financial institution under an exception in sections 431:___-402 and 431:___-403, the licensee’s disclosure and use of that information is limited as follows:
(1) The licensee may disclose the information to the affiliates of the financial institution from which the licensee received the information;
(2) The licensee may disclose the information to its affiliates, but the licensee’s affiliates may, in turn, disclose and use the information only to the extent that the licensee may disclose and use the information; and
(3) The licensee may disclose and use the information pursuant to an exception in sections 431:___-402 and 431:___-403, in the ordinary course of business to carry out the activity covered by the exception under which the licensee received the information.
(b) If a licensee receives nonpublic personal financial information from a nonaffiliated financial institution other than under an exception in sections 431:___-201 and 431:___-202, the licensee may disclose the information only:
(1) To the affiliates of the financial institution from which the licensee received the information;
(2) To its affiliates, but its affiliates may, in turn, disclose the information only to the extent that the licensee may disclose the information; and
(3) To any other person, if the disclosure would be lawful if made directly to that person by the financial institution from which the licensee received the information.
(c) If a licensee discloses nonpublic personal financial information to a nonaffiliated third party under an exception in sections 431:___-201 and 431:___-202, the third party may disclose and use that information only as follows:
(1) The third party may disclose the information to the licensee’s affiliates;
(2) The third party may disclose the information to its affiliates, but its affiliates may, in turn, disclose and use the information only to the extent that the third party may disclose and use the information; and
(3) The third party may disclose and use the information pursuant to an exception sections 431:___-201 and 431:___-202 in the ordinary course of business to carry out the activity covered by the exception under which it received the information.
(d) If a licensee discloses nonpublic personal financial information to a nonaffiliated third party other than under an exception in sections 431:___-201 and 431:___-202 of this article, the third party may disclose the information only:
(1) To the licensee’s affiliates;
(2) To the third party's affiliates, but the third party's affiliates, in turn, may disclose the information only to the extent the third party can disclose the information; and
(3) To any other person, if the disclosure would be lawful if the licensee made it directly to that person.
§431:____-303 Limits on sharing account number information for marketing purposes. (a) A licensee shall not, directly or through an affiliate, disclose, other than to a consumer reporting agency, a policy number or similar form of access number or access code for a consumer’s policy or transaction account to any nonaffiliated third party for use in telemarketing, direct mail marketing, or other marketing through electronic mail to the consumer.
(b) Subsection (a) does not apply if a licensee discloses a policy number or similar form of access number or access code:
(1) To the licensee’s service provider solely to perform marketing for the licensee’s own products or services, as long as the service provider is not authorized to directly initiate charges to the account;
(2) To a licensee who is a producer solely to perform marketing for the licensee’s own products or services; or
(3) To a participant in an affinity or similar program where the participants in the program are identified to the customer when the customer enters into the program.
PART IV. EXCEPTIONS TO LIMITS ON DISCLOSURES OF FINANCIAL INFORMATION
§431:___-401 Exception to opt out requirements for disclosure of nonpublic personal financial information for service providers and joint marketing. (a) The opt out requirements in sections 431:___-204 and 431:___-301 shall not apply when a licensee provides nonpublic personal financial information to a nonaffiliated third party to perform services for the licensee or functions on the licensee’s behalf, if the licensee:
(1) Provides an initial notice in accordance with section 431:___-201; and
(2) Enters into a contractual agreement with the third party that prohibits the third party from disclosing or using the information other than to carry out the purposes for which the licensee disclosed the information, including use under an exception in sections 431:___-402 and 431:___-403 in the ordinary course of business to carry out those purposes.
(b) The services a nonaffiliated third party performs for a licensee under subsection (a) may include marketing of the licensee’s own products or services or marketing of financial products or services offered pursuant to joint agreements between the licensee and one or more financial institutions.
(c) For purposes of this section, "joint agreement" means a written contract pursuant to which a licensee and one or more financial institutions jointly offer, endorse, or sponsor a financial product or service.
§431:___-402 Exceptions to notice and opt out requirements for disclosure of nonpublic personal financial information for processing and servicing transactions. (a) The requirements for initial notice in section 431:___-201(a)(2), the opt out in sections 431:___-204 and 431:___-301, and requirements for disclosure for service providers and joint marketing in sections 431:___-401 do not apply if the licensee discloses nonpublic personal financial information as necessary to effect, administer or enforce a transaction that a consumer requests or authorizes, or in connection with:
(1) Servicing or processing an insurance product or service that a consumer requests or authorizes;
(2) Maintaining or servicing the consumer’s account with a licensee, or with another entity as part of a private label credit card program or other extension of credit on behalf of the entity;
(3) A proposed or actual securitization, secondary market sale (including sales of servicing rights) or similar transaction related to a transaction of the consumer; or
(4) Reinsurance or stop loss or excess loss insurance.
(b) As used in this section, "necessary to effect, administer, or enforce a transaction" means that the disclosure is:
(1) Required, or is one of the lawful or appropriate methods, to enforce the licensee’s rights or the rights of other persons engaged in carrying out the financial transaction or providing the product or service; or
(2) Required, or is a usual, appropriate, or acceptable method:
(A) To carry out the transaction or the product or service business of which the transaction is a part, and record, service, or maintain the consumer’s account in the ordinary course of providing the insurance product or service;
(B) To administer or service benefits or claims relating to the transaction or the product or service business of which it is a part;
(C) To provide a confirmation, statement, or other record of the transaction or information on the status or value of the insurance product or service to the consumer or the consumer’s agent or broker;
(D) To accrue or recognize incentives or bonuses associated with the transaction that are provided by a licensee or any other party;
(E) To underwrite insurance at the consumer’s request or for any of the following purposes as they relate to a consumer’s insurance or as otherwise required or specifically permitted by federal or state law, including:
(i) Account administration;
(ii) Reporting, investigating, or preventing fraud or material misrepresentation;
(iii) Processing premium payments or insurance claims;
(iv) Administering insurance benefits (including utilization review activities); and
(v) Participating in research projects;
or
(F) In connection with:
(i) The authorization, settlement, billing, processing, clearing, transferring, reconciling, or collection of amounts charged, debited, or otherwise paid using a debit, credit, or other payment card, check or account number, or by other payment means;
(ii) The transfer of receivables, accounts or interests therein; or
(iii)The audit of debit, credit, or other payment information.
§431:-___-403 Other exceptions to notice and opt out requirements for disclosure of nonpublic personal financial information. (a) The requirements for initial notice in section 431:___-201(a)(2), the opt out in sections 431:___-204 and 431:___-301, and requirement for disclosure for service providers and joint marketing in sections 431:___-401 shall not apply when a licensee discloses nonpublic personal financial information:
(1) With the consent or at the direction of the consumer; provided that the consumer has not revoked the consent or direction;
(2) To protect the confidentiality or security of a licensee’s records pertaining to the consumer, service, product, or transaction; protect against or prevent actual or potential fraud or unauthorized transactions; for required institutional risk control or for resolving consumer disputes or inquiries; to persons holding a legal or beneficial interest relating to the consumer; or to persons acting in a fiduciary or representative capacity on behalf of the consumer;
(3) To provide information to insurance rate advisory organizations, guaranty funds or agencies, agencies that are rating a licensee, persons that are assessing the licensee’s compliance with industry standards, and the licensee’s attorneys, accountants, and auditors;
(4) To the extent specifically permitted or required under other provisions of law and in accordance with the Right to Financial Privacy Act of 1978 (12 U.S.C. 3401 et seq.), to law enforcement agencies (including the Federal Reserve Board, Office of the Comptroller of the Currency, Federal Deposit Insurance Corporation, Office of Thrift Supervision, National Credit Union Administration, the Securities and Exchange Commission, the Secretary of the Treasury, with respect to 31 U.S.C. Chapter 53, Subchapter II (Records and Reports on Monetary Instruments and Transactions) and 12 U.S.C. Chapter 21 (Financial Recordkeeping), a state insurance authority, and the Federal Trade Commission), self-regulatory organizations, or for an investigation on a matter related to public safety;
(5) To a consumer reporting agency in accordance with the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.), or from a consumer report reported by a consumer reporting agency;
(6) In connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit if the disclosure of nonpublic personal financial information concerns solely consumers of the business or unit;
(7) To comply with federal, state, or local laws, rules, and other applicable legal requirements; to comply with a properly authorized civil, criminal, or regulatory investigation, or subpoena or summons by federal, state, or local authorities; to respond to judicial process or government regulatory authorities having jurisdiction over a licensee for examination, compliance, or other purposes as authorized by law; or
(8) For purposes related to the replacement of a group benefit plan, a group health plan, a group welfare plan, or a workers’ compensation plan.
(b) A consumer may revoke consent by subsequently exercising the right to opt out of future disclosures of nonpublic personal information as permitted under section 431:___-204(g).
PART V. ADDITIONAL PROVISIONS
§431:___-501 Protection of Fair Credit Reporting Act. Nothing in this article shall be construed to modify, limit, or supersede the operation of the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.), and no inference shall be drawn on the basis of the provisions of this article regarding whether information is transaction or experience information under Section 603 of that Act.
§431:___-502 Nondiscrimination. A licensee shall not unfairly discriminate against any consumer or customer because that consumer or customer has opted out from disclosure of his or her nonpublic personal financial information pursuant to the provisions of this article.
§431:___-503 Violation. A violation of this article shall be deemed an unfair or deceptive trade practice in violation 431:13-102.
§431:___-504 Rules. The commissioner shall have the authority to establish administrative rules to further the purposes of this article."
SECTION 2. A contract between a licensee and a nonaffiliated third party for services or functions performed by the third party on the licensee’s behalf entered into on or before July 1, 2000, satisfies the provisions of section 431:___-401(a)(2) of section 1 of this Act, regardless of whether the contract requires that the third party maintain the confidentiality of nonpublic personal information.
SECTION 3. The commissioner may extend the time for licensee compliance until July 1, 2001, to provide sufficient time for licensees to establish policies and systems to comply with the requirements of this Act; provided that by July 1, 2001, a licensee shall provide an initial notice, as required by 431:____-201 of section 1 of this Act, to consumers who are the licensee’s customers on July 1, 2001.
SECTION 4. If any section or portion of a section of this Act or its applicability to any person or circumstance is held invalid by a court, the remainder of the Act or the applicability of the provision to other persons or circumstances shall not be affected.
SECTION 5. This Act shall take effect upon its approval.
|
INTRODUCED BY: |
_____________________________ |