Can I ignore my obligations as a service provider with access to personal information in Arizona? What are the requirements?

Based on the context documents, as a service provider with access to personal information in Arizona, you cannot ignore your obligations. The following are the requirements you need to comply with:

Obligations as a Third-Party Electronic Service Provider

If you are a third-party electronic service provider authorized by a state agency in Arizona, you must meet all the requirements established by the state agency and must be selected through a competitive bid process. You must also submit to the state agency all statutorily prescribed fees and taxes you collect and deposit the fees and taxes with the state treasurer. ^[1.1]

Obligations as a Regulatory Entity

If you are a regulatory entity established pursuant to Title 32 of the Arizona Revised Statutes, you must maintain the confidentiality of a professional’s residential address and residential telephone number or numbers. ^[3.1]

Obligations as a Utility

If you are a utility in Arizona, you must comply with the minimum customer information requirements. You must make available upon customer request a concise summary of the rate schedule applied for by such customer, and a concise summary of the utility’s tariffs or the Commission’s rules and regulations concerning deposits, terminations of service, billing and collection, and complaint handling. ^[4.1]

Obligations as a Telecommunications Carrier

If you are a telecommunications carrier in Arizona, you must provide notification to obtain opt-in approval through oral, written, or electronic methods. The notification must include language the same as or substantially similar to the definition of customer proprietary network information contained in 47 U.S.C. 222(h)(1), state that the customer has a right to direct the company not to use the customer’s CPNI or limit the use, disclosure, and access to the customer’s CPNI, and state that CPNI includes all information related to specific calls initiated or received by a customer. ^[5.1]

Obligations as an Insurance Institution or Insurance Producer

If you are an insurance institution or insurance producer in Arizona, you must provide a notice of information practices to applicants and policyholders in connection with insurance transactions. The notice must contain information required for compliance with the notice requirements established under section 503 of the Gramm-Leach-Bliley act (15 United States Code section 6803) or shall state whether personal information may be collected from persons other than the individual or individuals proposed for coverage, the types of personal information that may be collected and the types of sources and investigative techniques that may be used to collect the information, the types of disclosures identified in section 20-2113, paragraphs 2 through 6, 9, 11, 12 and 14 and the circumstances under which the disclosures may be made without prior authorization, a description of the rights established under sections 20-2108 and 20-2109 and the manner in which those rights may be exercised, and that information obtained from a report prepared by an insurance support organization may be retained by the insurance support organization and disclosed to other persons. ^[2.2]

Obligations as a Utility Regarding Termination of Service

If you are a utility in Arizona, you may not disconnect service for certain reasons, such as delinquency in payment for services rendered to a prior customer at the premises where service is being provided, except in the instance where the prior customer continues to reside on the premises, or failure of the customer to pay for services or equipment which are not regulated by the Commission. You may disconnect service without advance written notice under certain conditions, such as the existence of an obvious hazard to the safety or health of the consumer or the general population or the utility’s personnel or facilities, or evidence of tampering or evidence of fraud. You may also disconnect service to any customer for any reason stated below provided the utility has met the notice requirements established by the Commission, such as customer violation of any of the utility’s tariffs filed with the Commission and/or violation of the Commission’s rules and regulations. ^[4.1][4.2]

Access to recorded personal information

If you are an insurance institution, insurance producer, or insurance support organization in Arizona, you must provide access to recorded personal information about an individual upon request. You must inform the individual of the nature and substance of the recorded personal information, permit the individual to see and copy the recorded personal information, disclose to the individual the identity of those persons to whom the information has been disclosed, and provide the individual with a summary of the procedures by which the individual may request correction, amendment, or deletion of recorded personal information. ^[2.1]

Discarding and disposing of records containing personal identifying information

If you are an entity in Arizona, you must not knowingly discard or dispose of records or documents containing personal identifying information without redacting the information or destroying the records or documents. Personal identifying information includes an individual’s first and last name or first initial and last name in combination with a corresponding complete social security number, credit card, charge card or debit card number, retirement account number, savings, checking or securities entitlement account number, or driver license number or nonoperating identification license number. ^[6.1]

Obtaining Customer Approval to Use, Disclose, or Permit Access to CPNI to Third Parties and Affiliates That Do Not Provide Communications-Related Services

If you are a telecommunications carrier in Arizona, you may use, disclose, or permit access to a customer’s individually identifiable CPNI to affiliates that do not provide telecommunications-related services subject to opt-in approval. You may use, disclose, or permit access to a customer’s individually identifiable CPNI to a third party only upon written, electronic, or oral request by the customer that specifically identifies the third party to whom the CPNI may be disseminated. You must provide a notice to the customer of the customer’s right to restrict use of, disclosure of, and access to that customer’s CPNI. ^[5.2]

Therefore, you cannot ignore your obligations as a service provider with access to personal information in Arizona.

Source(s):

• [1.1] State agencies; third-party electronic service provider authorization; definitions
• [2.1] Access to recorded personal information
• [3.1] Personal information maintained by regulatory entities; confidentiality
• [4.1] Minimum Customer Information Requirements
• [5.1] Information Requirements for Customer CPNI Opt-In Notice
• [6.1] Discarding and disposing of records containing personal identifying information; civil penalty; enforcement; definition
• [2.2] Notice of insurance information practices
• [5.2] Obtaining Customer Approval to Use, Disclose, or Permit Access to CPNI to Third Parties and Affiliates That Do Not Provide Communications-Related Services
• [4.2] Termination of Service

Jurisdiction

Arizona

• Privacy