Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I ignore consumer requests for information or deletion in Pennsylvania? What are the requirements?

Consumer Requests for Information or Deletion in Pennsylvania

In Pennsylvania, a licensee cannot ignore consumer requests for information or deletion. The licensee must comply with the Gramm-Leach-Bliley Act (GLBA) and the Pennsylvania Code by providing consumers with access to their nonpublic personal financial information and deleting such information upon request, unless an exception applies.

Under GLBA, a licensee must provide consumers with the right to request access to their nonpublic personal financial information and the right to request that the licensee delete such information [1.1].

The Pennsylvania Code also requires that a licensee comply with consumer requests for information or deletion. Specifically, a licensee may not disclose nonpublic personal financial information about a consumer to a nonaffiliated third party unless the licensee has provided the consumer with an initial notice, an opt-out notice, and a reasonable opportunity to opt-out of the disclosure [1.1].

However, there are exceptions to the notice and opt-out requirements for disclosure of nonpublic personal financial information. For example, a licensee may disclose nonpublic personal financial information without providing an opt-out notice when the disclosure is necessary to process transactions at the consumer’s request [1.4].

Additionally, the Pennsylvania Code requires authorization from the consumer whose nonpublic personal health information is sought to be disclosed before a licensee can disclose nonpublic personal health information about a consumer [2.1].

Therefore, a licensee must comply with consumer requests for information or deletion in Pennsylvania, unless an exception applies.

Source(s):
Jurisdiction

Pennsylvania