Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I ignore my obligations as a service provider with access to personal information in North Carolina? What are the requirements?

Obligations of Service Providers with Access to Personal Information in North Carolina

As a service provider with access to personal information in North Carolina, you cannot ignore your obligations. North Carolina General Statutes 75-64 requires any business that conducts business in North Carolina and any business that maintains or otherwise possesses personal information of a resident of North Carolina to take reasonable measures to protect against unauthorized access to or use of the information in connection with or after its disposal. The reasonable measures must include implementing and monitoring compliance with policies and procedures that require the destruction or erasure of electronic media and other nonpaper media containing personal information so that the information cannot practicably be read or reconstructed. Additionally, any business that owns or licenses personal information of residents of North Carolina or any business that conducts business in North Carolina that owns or licenses personal information in any form shall provide notice to the affected person that there has been a security breach following discovery or notification of the breach [1.1][1.3].

Publication of Personal Information

It is a violation of North Carolina General Statutes 75-66 for any person to knowingly broadcast or publish to the public on radio, television, cable television, in a writing of any kind, or on the Internet, the personal information of another with actual knowledge that the person whose personal information is disclosed has previously objected to any such disclosure. Personal information includes a person’s first name or first initial and last name in combination with any of the following information: social security or employer taxpayer identification numbers, driver’s license, state identification card, or passport numbers, checking account numbers, savings account numbers, credit card numbers, debit card numbers, personal identification (PIN) code, digital signatures, any other numbers or information that can be used to access a person’s financial resources, biometric data, fingerprints, and passwords [1.2].

Access to Recorded Personal Information

If any individual, after proper identification, submits a written request to an insurance institution, agent, or insurance-support organization for access to recorded personal information about the individual that is reasonably described by the individual and reasonably locatable and retrievable by the insurance institution, agent, or insurance-support organization, the insurance institution, agent, or insurance-support organization shall provide the individual with the nature and substance of such recorded personal information in writing, by telephone, or by other oral communication, whichever the insurance institution, agent, or insurance-support organization prefers. The individual can see and copy, in person, such recorded personal information pertaining to him or to obtain a copy of such recorded personal information by mail, whichever the individual prefers, unless such recorded personal information is in coded form, in which case an accurate translation in plain language shall be provided in writing. The insurance institution, agent, or insurance-support organization shall disclose to the individual the identity, if recorded, of those persons to whom the insurance institution, agent, or insurance-support organization has disclosed such personal information within two years prior to such request, and if the identity is not recorded, the names of those insurance institutions, agents, insurance-support organizations or other persons to whom such information is normally disclosed. The individual shall also be provided with a summary of the procedures by which he may request correction, amendment, or deletion of recorded personal information. Any personal information provided shall identify the source of the information if such source is an institutional source. An insurance institution, agent, or insurance-support organization may charge a reasonable fee to cover the costs incurred in providing a copy of recorded personal information to individuals [3.1].

Service on Customer Certification

A government authority may have access to a customer’s financial record pursuant to G.S. 53B-4(11) only if: (1) The court order or subpoena describes with reasonable specificity the financial record to which access is sought; (2) A copy of the court order or subpoena has been served on the customer pursuant to G.S. 1A-1, Rule 4 (j) of the N.C. Rules of Civil Procedure or by certified mail to the customer’s last known address and the court order or subpoena states the name of the government authority seeking access to the financial record and the purpose for which access is sought; (3) The following notice has been served on the customer pursuant to G.S. 1A-1, Rule 4 (j) of the N.C. Rules of Civil Procedure or by certified mail to the customer’s last known address together with the court order or subpoena: “Records or information held by the financial institution named in the attached process are being sought by government authority in accordance with the North Carolina Financial Privacy Act. You may have rights under the act to challenge access to the records or information. You must, however, act within 10 days from the date this notice was served on you to make a challenge in court or the records or information will be made available. You may wish to employ an attorney to represent you and protect your rights.”; (4) The customer has not challenged the court order or subpoena within 10 days after service by certified mail which is presumed to be received three days from mailing; (5) The government authority has certified in writing to the financial institution that it has complied with the applicable provisions of this Chapter [2.1].

Therefore, it is important to comply with the requirements set forth in the North Carolina General Statutes to avoid any legal consequences.

Source(s):
Jurisdiction

North Carolina