Can I prioritize privacy compliance to gain a competitive advantage, reduce the possibility of regulatory issues, and help secure valuable partnerships in South Dakota? What are the requirements?

Privacy Compliance in South Dakota

Yes, prioritizing privacy compliance can provide a competitive advantage, reduce the possibility of regulatory issues, and help secure valuable partnerships in South Dakota.

Requirements for Privacy Compliance

The South Dakota Codified Laws and Administrative Rules provide requirements for privacy compliance.

Privacy Notices

Licensees must provide initial, annual, and revised privacy notices that accurately reflect their privacy policies and practices to customers and consumers ^[2.1]. The notices must include the following information:

• The categories of nonpublic personal financial information that the licensee collects
• The categories of nonpublic personal financial information that the licensee discloses
• The categories of affiliates and nonaffiliated third parties to whom the licensee discloses nonpublic personal financial information, other than those parties to whom the licensee discloses information under §§ 20:06:45:14 and 20:06:45:15
• The categories of nonpublic personal financial information about the licensee’s former customers that the licensee discloses and the categories of affiliates and nonaffiliated third parties to whom the licensee discloses nonpublic personal financial information about the licensee’s former customers, other than those parties to whom the licensee discloses information under §§ 20:06:45:14 and 20:06:45:15
• If a licensee discloses nonpublic personal financial information to a nonaffiliated third party under § 20:06:45:13 (and no other exception in §§ 20:06:45:14 and 20:06:45:15 applies to that disclosure), a separate description of the categories of information the licensee discloses and the categories of third parties with whom the licensee has contracted
• An explanation of the consumer’s right under subdivision 20:06:45:10(1) to opt out of the disclosure of nonpublic personal financial information to nonaffiliated third parties, including the methods by which the consumer may exercise that right at that time
• Any disclosures that the licensee makes under § 603(d)(2)(A)(iii) of the federal Fair Credit Reporting Act (15 U.S.C. 1681a(d)(2)(A)(iii)) (that is, notices regarding the ability to opt out of disclosures of information among affiliates)
• The licensee’s policies and practices with respect to protecting the confidentiality and security of nonpublic personal information
• Any disclosure that the licensee makes under subdivision 20:06:45:06(2)

Exceptions to Notice and Opt-Out Requirements

Exceptions to notice and opt-out requirements for disclosure of nonpublic personal financial information include, but are not limited to, disclosures made with the consent or at the direction of the consumer, disclosures made to protect against or prevent actual or potential fraud or unauthorized transactions, and disclosures made to comply with federal, state, or local laws, rules, and other applicable legal requirements ^[2.4].

Exception to Opt-Out Requirements for Disclosure of Nonpublic Personal Financial Information for Service Providers and Joint Marketing

The opt-out requirements do not apply when a licensee provides nonpublic personal financial information to a nonaffiliated third party to perform services for the licensee or functions on the licensee’s behalf, if the licensee provides the initial notice and enters into a contractual agreement with the third party that prohibits the third party from disclosing or using the information other than to carry out the purposes for which the licensee disclosed the information ^[2.5].

Preferences to Certain Resident Businesses, Qualified Agencies, and Businesses Using South Dakota Supplies or Services

In awarding a contract, if all things are equal, including the price and quality of the supplies or services, a purchasing agency shall give preference to certain resident businesses, qualified agencies, and businesses using South Dakota supplies or services ^[1.1].

Conclusion

Prioritizing privacy compliance can provide a competitive advantage, reduce the possibility of regulatory issues, and help secure valuable partnerships in South Dakota. The requirements for privacy compliance include providing initial, annual, and revised privacy notices that accurately reflect the licensee’s privacy policies and practices to customers and consumers, exceptions to notice and opt-out requirements, and preferences to certain resident businesses, qualified agencies, and businesses using South Dakota supplies or services.

Source(s):

• [1.1] Preferences to certain resident businesses, qualified agencies, and businesses using South Dakota supplies or services.
• [2.1] Information to be included in privacy notices.
• [2.4] Other exceptions to notice and opt out requirements for disclosure of nonpublic personal financial information.
• [2.5] Exception to opt out requirements for disclosure of nonpublic personal financial information for service providers and joint marketing.

Jurisdiction

South Dakota

• Privacy