Can I ensure that my company is compliant with expanding privacy protections in Idaho? What are the requirements?

To ensure that your company is compliant with expanding privacy protections in Idaho, you must follow the requirements outlined in IDAPA 18.01.01.202, IDAPA 18.01.01.452, IDAPA 18.01.01.100, IDAPA 18.01.01.300, IDAPA 18.01.01.200, IDAPA 18.01.01.450, and IDAPA 18.01.01.451.

IDAPA 18.01.01.202

This document outlines the requirements for satisfying the privacy notice information requirements. Your company must categorize the nonpublic personal financial information it collects and discloses, identify the types of businesses in which the third parties to which the licensee discloses nonpublic personal financial information about consumers engage, and describe its policies and practices with respect to protecting the confidentiality and security of nonpublic personal financial information.

IDAPA 18.01.01.452

This document outlines the exceptions to notice and opt-out requirements for disclosure of nonpublic personal financial information. Your company may use these exceptions to opt-out requirements to disclose nonpublic personal financial information.

IDAPA 18.01.01.100

This document outlines the initial notice requirement. Your company must provide a clear and conspicuous notice that accurately reflects its privacy policies and practices to a customer no later than when the licensee establishes a customer relationship, except as provided in Subsection 100.03 of this rule.

IDAPA 18.01.01.300

This document outlines the revised privacy notices. Your company must provide a clear and conspicuous revised notice that accurately describes its policies and practices, a new opt-out notice, and a reasonable opportunity for the consumer to opt-out of the disclosure.

IDAPA 18.01.01.200

This document outlines the information to be included in privacy notices. Your company must include the categories of nonpublic personal financial information the licensee collects or discloses, the categories of third parties to whom the licensee discloses nonpublic personal financial information, and an explanation of the consumer’s right to opt-out of the disclosure of nonpublic personal financial information to nonaffiliated third parties.

IDAPA 18.01.01.450

This document outlines the exception to opt-out requirements for disclosure of nonpublic personal financial information for service providers and joint marketing. Your company may provide nonpublic personal financial information to a nonaffiliated third party to perform services for the licensee or functions on the licensee’s behalf if the licensee provides the initial notice and enters into a contractual agreement with the third party that prohibits the third party from disclosing or using the information other than to carry out the purposes for which the licensee disclosed the information.

IDAPA 18.01.01.451

This document outlines the exceptions to notice and opt-out requirements for disclosure of nonpublic personal financial information for processing and servicing transactions. Your company may disclose nonpublic personal financial information as necessary to effect, administer or enforce a transaction that a consumer requests or authorizes.

Your company must follow these requirements to ensure compliance with expanding privacy protections in Idaho. ^{[1.2][1.3][1.4][1.6][1.7][1.8]}.

Source(s):

• [1.2] REVISED PRIVACY NOTICES.
• [1.3] INITIAL PRIVACY NOTICE TO CONSUMERS.
• [1.4] INFORMATION TO BE INCLUDED IN PRIVACY NOTICES.
• [1.6] EXCEPTION TO OPT OUT REQUIREMENTS FOR DISCLOSURE OF NONPUBLIC PERSONAL FINANCIAL INFORMATION FOR SERVICE PROVIDERS AND JOINT MARKETING.
• [1.7] EXCEPTIONS TO NOTICE AND OPT OUT REQUIREMENTS FOR DISCLOSURE OF NONPUBLIC PERSONAL FINANCIAL INFORMATION FOR PROCESSING AND SERVICING TRANSACTIONS.
• [1.8] LIMITS ON DISCLOSURE OF NONPUBLIC PERSONAL FINANCIAL INFORMATION TO NONAFFILIATED THIRD PARTIES.

Jurisdiction

Idaho

• Privacy