Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance

Can I ensure that my company is compliant with expanding privacy protections in Iowa? What are the requirements?

October 18, 2023

Ensuring Compliance with Expanding Privacy Protections in Iowa

To ensure compliance with expanding privacy protections in Iowa, companies must comply with the requirements for Personally Identifiable Information (PII) and the information to be included in privacy notices. Companies must also review any applicable federal laws, such as the Fair Credit Reporting Act, and ensure that they are in compliance with those laws as well.

Personally Identifiable Information

Personally identifiable information (PII) is defined as information that can be used to identify an individual. PII is collected, maintained, and retrieved by the agency by personal identifier in record systems ^[2.1](^[2.1]). The record systems maintained by the agency include escheats to the state, litigation files, criminal data, other investigative files, attorney advice records, and antitrust investigations.

Information to be Included in Privacy Notices

Licensees must provide initial annual and revised privacy notices that include specific items of information ^[1.1](^[1.1]). These items include the categories of nonpublic personal financial information that the licensee collects and discloses, the categories of affiliates and nonaffiliated third parties to which the licensee discloses nonpublic personal financial information, the licensee’s policies and practices with respect to protecting the confidentiality and security of nonpublic personal financial information, and any disclosures that the licensee makes under Section 603(d)(2)(A)(iii) of the federal Fair Credit Reporting Act.

Licensees must also provide a separate description of the categories of information the licensee discloses and the categories of third parties with which the licensee has contracted if a licensee discloses nonpublic personal financial information to a nonaffiliated third party under rule 90.12(505) and no other exception in rules 90.13(505) and 90.14(505) applies to that disclosure.

Notice to Suppliers of Information

When the division requests a person to supply information about that person, the division must notify the person of the use that will be made of the information, which persons outside the division might routinely be provided this information, which parts of the requested information are required and which are optional, and the consequences of a failure to provide the information requested ^[4.1](^[4.1]).

Conclusion

To ensure compliance with expanding privacy protections in Iowa, companies should review the requirements for compliance with PII and the information to be included in privacy notices. Companies should also review any applicable federal laws and implement policies and procedures to protect the confidentiality and security of nonpublic personal financial information. These policies and procedures should be reviewed and updated regularly to ensure that they remain effective and in compliance with applicable laws and regulations.

Source(s):

[1.1] Information to be included in privacy notices.
[2.1] Personally identifiable information.
[4.1] Notice to suppliers of information.

Jurisdiction

Iowa

Privacy