Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I ensure that my company is compliant with expanding privacy protections in Missouri? What are the requirements?

Missouri Privacy of Financial Information Requirements

To ensure compliance with expanding privacy protections in Missouri, companies must adhere to the requirements set forth in MOCS 20 CSR 100-6.100, 20 CSR 100-6.100. This rule is designed to effectuate, interpret, and carry out the provisions of section 362.422, RSMo, regarding the disclosure of nonpublic personal information in violation of Title V of the Gramm-Leach-Bliley Financial Modernization Act of 1999.

Definitions

The rule provides definitions for key terms used throughout the document. Some of the key definitions include:

  • Affiliate: any company that controls, is controlled by, or is under common control with another company.
  • Clear and conspicuous: a notice that is reasonably understandable and designed to call attention to the nature and significance of the information in the notice.
  • Collect: to obtain information that the licensee organizes or can retrieve by the name of an individual or by identifying number, symbol, or other identifying particular assigned to the individual, irrespective of the source of the underlying information.
  • Consumer: an individual who seeks to obtain, obtains, or has obtained an insurance product or service from a licensee that is to be used primarily for personal, family, or household purposes, and about whom the licensee has nonpublic personal information, or that individual’s legal representative.
  • Customer: a consumer who has a customer relationship with a licensee.
  • Customer relationship: a continuing relationship between a consumer and a licensee under which the licensee provides one or more insurance products or services to the consumer that are to be used primarily for personal, family, or household purposes.
  • Financial institution: any institution the business of which is engaging in activities that are financial in nature or incidental to such financial activities as described in section 4(k) of the Bank Holding Company Act of 1956 (12 U.S.C. 1843(k)).
  • Financial product or service: any product or service that a financial holding company could offer by engaging in an activity that is financial in nature or incidental to such a financial activity under section 4(k) of the Bank Holding Company Act of 1956 (12 U.S.C. 1843(k)).
  • Insurance product or service: any product or service that is offered by a licensee pursuant to the insurance laws of this state, including a licensee’s evaluation, brokerage, or distribution of information that the licensee collects in connection with a request or an application from a consumer for an insurance product or service.
  • Licensee: all licensed insurers, producers, and other persons licensed, authorized, or registered, or required to be licensed, authorized, or registered by the director pursuant to the laws of this state.

Notice and Opt-Out Requirements

The rule requires that licensees provide consumers with a clear and conspicuous notice that accurately reflects their privacy policies and practices. The notice must be provided to the consumer at the time of establishing a customer relationship and annually thereafter. The notice must also be provided to the consumer before disclosing any nonpublic personal financial information to a nonaffiliated third party.

The notice must include:

  • The categories of nonpublic personal financial information that the licensee collects.
  • The categories of nonpublic personal financial information that the licensee discloses.
  • The categories of affiliates and nonaffiliated third parties to whom the licensee discloses nonpublic personal financial information.
  • An explanation of the consumer’s right to opt-out of the disclosure of nonpublic personal financial information to nonaffiliated third parties.
  • A reasonable means for the consumer to opt-out of the disclosure of nonpublic personal financial information to nonaffiliated third parties.

Exceptions to Notice and Opt-Out Requirements

The rule provides exceptions to the notice and opt-out requirements for certain situations, including:

  • Disclosures to service providers and joint marketers.
  • Disclosures to nonaffiliated third parties with whom the licensee has a contractual relationship.
  • Disclosures to nonaffiliated third parties as necessary to effect, administer, or enforce a transaction requested or authorized by the consumer.
  • Disclosures to nonaffiliated third parties as necessary to comply with federal, state, or local laws, rules, or other applicable legal requirements.
  • Disclosures to nonaffiliated third parties with the consent or at the direction of the consumer.

Conclusion

To ensure compliance with expanding privacy protections in Missouri, companies must adhere to the requirements set forth in MOCS 20 CSR 100-6.100, 20 CSR 100-6.100. This rule provides definitions for key terms and outlines notice and opt-out requirements for licensees. Companies should review the rule in its entirety to ensure compliance.

Jurisdiction

Missouri