Ask Reggi Your Question Now
Can I collect personal information from my customers in California in Iowa? What are the requirements?
Collecting Personal Information from Customers in California in Iowa
If you are collecting personal information from customers in California while being located in Iowa, you must comply with the Principles of Personal Information Management outlined in 5 CACR Section 42396.2. These principles require that personal information should not be collected unless the need for it has been clearly established in advance, and that personal information should be appropriate and relevant to the purpose for which it has been collected. Additionally, precautions should be taken to prevent the unauthorized access to or use of personal information retained by The California State University [1.1].
If you are a licensee, you must provide a clear and conspicuous notice to customers that accurately reflects your privacy policies and practices not less than annually during the continuation of the customer relationship. You must also provide an initial notice and an opt-out notice to the consumer before disclosing any nonpublic personal financial information about a consumer to a nonaffiliated third party. The consumer must be given a reasonable opportunity to opt-out of the disclosure before the licensee discloses the information to the nonaffiliated third party, and the consumer must not opt-out [4.1][4.5].
It is important to note that these requirements apply regardless of whether the licensee and the consumer have established a customer relationship [4.5].
If you are a retailer with a physical presence in Iowa, you must collect and remit Iowa sales tax and any applicable local option sales tax pursuant to Iowa Code section 423.14 even if the sales threshold is not met. You must also report on your Iowa sales tax return your gross revenue from all Iowa sales, including any marketplace sales on which the marketplace facilitator collected Iowa sales tax and applicable local option tax, regardless of whether the sales threshold is met [2.1].
Source(s):
- [1.1] Principles of Personal Information Management.
- [2.1] Retailers with physical presence in Iowa.
- [4.1] Annual privacy notice to customers required.
- [4.5] Limits on disclosure of nonpublic personal financial information to nonaffiliated third parties.
Jurisdiction
Iowa, California