Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I share personal information about my customers with third parties in Florida? What are the requirements?

Sharing Personal Information with Third Parties in Florida

In Florida, you may share personal information about your customers with third parties only if the following conditions are met [1.1]:

  1. You have provided to the customer an initial notice as required under rule 69O-128.005, F.A.C.
  2. You have provided to the customer an opt-out notice as required in rule 69O-128.008, F.A.C.
  3. You have given the customer a reasonable opportunity, before disclosing the information to the nonaffiliated third party, to opt-out of the disclosure.
  4. The customer does not opt-out.

You may allow a customer to select certain nonpublic personal financial information or certain nonaffiliated third parties with respect to which the customer wishes to opt-out [1.1].

Requirements for Privacy Notices

The initial, annual, and revised privacy notices that you provide under rules 69O-128.005, 69O-128.006, and 69O-128.009, F.A.C., shall include each of the following items of information, in addition to any other information you wish to provide, that applies to you and to the customers to whom you send your privacy notice [1.4]:

  1. The categories of nonpublic personal financial information that you collect.
  2. The categories of nonpublic personal financial information that you disclose.
  3. The categories of affiliates and nonaffiliated third parties to whom you disclose nonpublic personal financial information, other than those parties to whom you disclose information under rules 69O-128.015 and 69O-128.016, F.A.C.
  4. The categories of nonpublic personal financial information about your former customers that you disclose and the categories of affiliates and nonaffiliated third parties to whom you disclose nonpublic personal financial information about your former customers, other than those parties to whom you disclose information under rules 69O-128.015 and 69O-128.016, F.A.C.
  5. If you disclose nonpublic personal financial information to a nonaffiliated third party under rule 69O-128.014, F.A.C. (and no other exception in rules 69O-128.015 and 69O-128.016, F.A.C., applies to that disclosure), a separate description of the categories of information you disclose and the categories of third parties with whom you have contracted.
  6. An explanation of the customer’s right under subsection 69O-128.011(1), F.A.C., to opt-out of the disclosure of nonpublic personal financial information to nonaffiliated third parties, including the methods by which the customer may exercise that right at that time.
  7. Any disclosures that you make under Section 603(d)(2)(A)(iii) of the federal Fair Credit Reporting Act (15 U.S.C. 1681a(d)(2)(A)(iii))(that is, notices regarding the ability to opt-out of disclosures of information among affiliates).
  8. Your policies and practices with respect to protecting the confidentiality and security of nonpublic personal information; and,
  9. Any disclosure that you make under subsection (2) of this rule.

If you do not disclose, and do not wish to reserve the right to disclose, nonpublic personal financial information about customers or former customers to affiliates or nonaffiliated third parties except as authorized under rules 69O-128.015 and 69O-128.016, F.A.C., you may simply state that fact, in addition to the information you shall provide under paragraphs (1)(a), (h), and (i), and subsection (2) of this rule [1.4].

Annual Privacy Notice to Customers Required

You are required to provide a clear and conspicuous notice to customers that accurately reflects your privacy policies and practices not less than annually during the continuation of the customer relationship [1.2].

Other Exceptions to Notice and Opt Out Requirements for Disclosure of Nonpublic Personal Financial Information

There are certain exceptions to the notice and opt-out requirements for disclosure of nonpublic personal financial information. For example, the requirements for initial notice to customers, opt-out, and service providers and joint marketing do not apply when you disclose nonpublic personal financial information with the consent or at the direction of the customer, provided that the customer has not revoked the consent or direction [1.3].

In summary, you may share personal information about your customers with third parties in Florida only if you meet the conditions mentioned in rule 69O-128.011. Additionally, you must provide privacy notices that include specific information about the categories of nonpublic personal financial information collected and disclosed, the categories of affiliates and nonaffiliated third parties to whom the information is disclosed, and the customer’s right to opt-out of the disclosure of nonpublic personal financial information to nonaffiliated third parties. You are also required to provide an annual privacy notice to customers. There are certain exceptions to the notice and opt-out requirements for disclosure of nonpublic personal financial information [1.1][1.2][1.3][1.4].

Source(s):
Jurisdiction

Florida