Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I prioritize privacy compliance to gain a competitive advantage, reduce the possibility of regulatory issues, and help secure valuable partnerships in Indiana? What are the requirements?

Prioritizing Privacy Compliance in Indiana

Yes, prioritizing privacy compliance can help you gain a competitive advantage, reduce the possibility of regulatory issues, and help secure valuable partnerships in Indiana. To comply with privacy regulations in Indiana, you must follow the Revised Privacy Notices and Information to be Included in Privacy Notices as outlined in the Indiana Administrative Code (IAC) 760 1-67-7 and IAC 760 1-67-5, respectively [1.1].

Revised Privacy Notices

Under IAC 760 1-67-7, a licensee must provide a clear and conspicuous revised notice that accurately describes its policies and practices before disclosing any nonpublic personal financial information about a consumer to a nonaffiliated third party other than as described in the initial notice. The licensee must also provide a new opt-out notice and give the consumer a reasonable opportunity to opt-out of the disclosure before disclosing the information to the nonaffiliated third party.

Information to be Included in Privacy Notices

Under IAC 760 1-67-5, the initial, annual, and revised privacy notices that a licensee provides shall include each of the following items of information:

  1. The categories of nonpublic personal financial information that the licensee collects.
  2. The categories of nonpublic personal financial information that the licensee discloses.
  3. The categories of affiliates and nonaffiliated third parties to whom the licensee discloses nonpublic personal financial information, other than those parties to whom the licensee discloses information under sections 13 and 14 of this rule.
  4. The categories of nonpublic personal financial information about the licensee’s former customers that the licensee discloses and the categories of affiliates and nonaffiliated third parties to whom the licensee discloses nonpublic personal financial information about the licensee’s former customers, other than those parties to whom the licensee discloses information under sections 13 and 14 of this rule.
  5. If a licensee discloses nonpublic personal financial information to a nonaffiliated third party under section 12 of this rule, a separate description of the categories of information the licensee discloses and the categories of third parties with whom the licensee has contracted.
  6. An explanation of the consumer’s right to opt-out of the disclosure of nonpublic personal financial information to nonaffiliated third parties, including the methods by which the consumer may exercise that right at that time.
  7. Any disclosures that the licensee makes under Section 603(d)(2)(A)(iii) of the federal Fair Credit Reporting Act, 15 U.S.C. 1681a(d)(2)(A)(iii), regarding the ability to opt-out of disclosures of information among affiliates.
  8. The licensee’s policies and practices with respect to protecting the confidentiality and security of nonpublic personal information.
  9. Any disclosure that the licensee makes under subsection (b).

If a licensee discloses nonpublic personal financial information as authorized under sections 13 and 14 of this rule, the licensee is not required to list those exceptions in the initial or annual privacy notices required by sections 3 and 4 of this rule.

Other Relevant Regulations

In addition to the privacy regulations outlined above, Indiana also has regulations related to initial privacy notices to consumers [1.2], compliance monitoring and certification [2.1], and exceptions to opt-out requirements for disclosure of nonpublic personal financial information for service providers and joint marketing [1.4].

Conclusion

Prioritizing privacy compliance can help you build trust with your customers and partners, which can lead to increased loyalty and revenue. By complying with the Revised Privacy Notices and Information to be Included in Privacy Notices, you can ensure that you are protecting the privacy of your customers and providing them with the necessary information about your policies and practices.

Source(s):
Jurisdiction

Indiana