Ask Reggi Your Question Now
Reggi is the free generative AI assistance for regulatory compliance
Can I ensure that my company is compliant with expanding privacy protections in Hawaii? What are the requirements?
Hawaii Privacy Protections Compliance Requirements
To ensure compliance with expanding privacy protections in Hawaii, companies must adhere to the following requirements:
Initial Privacy Notice to Consumers
- A licensee must provide a clear and conspicuous notice that accurately reflects its privacy policies and practices to a consumer:
- Not later than when the licensee establishes a customer relationship, except as provided in subsection (d); and
- Before the licensee discloses any nonpublic personal financial information about the consumer to any nonaffiliated third party, if the licensee makes a disclosure other than as authorized by sections 431:3A-402 and 431:3A-403 [1.1].
Annual Privacy Notice to Customers
- A licensee shall provide a clear and conspicuous notice to customers that accurately reflects its privacy policies and practices not less than annually during the continuation of the customer relationship [1.3].
Revised Privacy Notices
- A licensee shall not, directly or through an affiliate, disclose any nonpublic personal financial information about a consumer to a nonaffiliated third party other than as described in the initial notice that the licensee provided to that consumer under section 431:3A-201, unless:
- The licensee has provided to the consumer a clear and conspicuous revised notice that accurately describes its policies and practices;
- The licensee has provided to the consumer a new opt-out notice;
- The licensee has given the consumer a reasonable opportunity, before the licensee discloses the information to the nonaffiliated third party, to opt-out of the disclosure; and
- The consumer does not opt-out [1.4].
Exception to Opt-Out Requirements for Disclosure of Nonpublic Personal Financial Information for Service Providers and for Joint Marketing
- The opt-out requirements in sections 431:3A-204 and 431:3A-301 shall not apply if a licensee provides nonpublic personal financial information to a nonaffiliated third party to perform services for the licensee or functions on the licensee’s behalf, if the licensee:
- Provides the initial notice in accordance with section 431:3A-201; and
- Enters into a contractual agreement with the third party that prohibits the third party from disclosing or using the information other than to carry out the purposes for which the licensee disclosed the information, including use under an exception in sections 431:3A-402 and 431:3A-403 in the ordinary course of business to carry out those purposes [1.6].
Policy and Oversight Responsibility
- Each government agency shall designate an agency employee to have policy and oversight responsibilities for the protection of personal information [3.1].
Minimum Insurance Requirements for a Professional Corporation
- A professional accounting corporation may provide security for professional responsibility by procuring errors and omissions insurance or a surety bond issued by an insurance company, or any combination thereof, as the corporation may elect [4.1].
Notices of Employee Protections and Obligations
- An employer shall post notices and use other appropriate means to keep the employer’s employees informed of their protections and obligations under this subpart [2.1].
Therefore, to ensure compliance with expanding privacy protections in Hawaii, companies must provide initial and annual privacy notices to consumers and customers, respectively, deliver revised privacy notices when necessary, and adhere to opt-out requirements for disclosure of nonpublic personal financial information for service providers and for joint marketing. Additionally, government agencies must designate an employee to have policy and oversight responsibilities for the protection of personal information. Employers must post notices and use other appropriate means to keep the employer’s employees informed of their protections and obligations under this subpart.
Source(s):
- [1.1] Initial privacy notice to consumers required.
- [2.1] Notices of employee protections and obligations.
- [1.3] Annual privacy notice to customers required.
- [1.4] Revised privacy notices.
- [3.1] Policy and oversight responsibility.
- [4.1] Minimum insurance requirements for a professional corporation
- [1.6] Exception to opt out requirements for disclosure of nonpublic personal financial information for service providers and for joint marketing.
Jurisdiction
Hawaii