Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I share personal information about my customers with third parties in Indiana? What are the requirements?

Yes, you may share personal information about your customers with third parties in Indiana under certain circumstances. However, there are requirements that must be met in order to do so.

Annual Privacy Notice to Customers

According to [1.2], a licensee must provide a clear and conspicuous notice to customers that accurately reflects its privacy policies and practices not less than annually during the continuation of the customer relationship. The licensee must define the twelve (12) consecutive month period, but the licensee shall apply it to the customer on a consistent basis. A licensee is not required to provide an annual notice to a former customer.

Limits on Disclosure of Nonpublic Personal Financial Information to Nonaffiliated Third Parties

A licensee may not disclose any nonpublic personal financial information about a consumer to a nonaffiliated third party unless the following requirements are met, as stated in [1.1]:

  • The licensee has provided to the consumer an initial notice as required under section 3 of this rule.
  • The licensee has provided to the consumer an opt-out notice as required in section 6 of this rule.
  • The licensee has given the consumer a reasonable opportunity, before it discloses the information to the nonaffiliated third party, to opt out of the disclosure.
  • The consumer does not opt out.

Exception to Opt-Out Requirements for Disclosure of Nonpublic Personal Financial Information for Service Providers and Joint Marketing

However, there is an exception to the opt-out requirements for disclosure of nonpublic personal financial information for service providers and joint marketing, as stated in [1.3]. A licensee may provide nonpublic personal financial information to a nonaffiliated third party to perform services for the licensee or functions on the licensee’s behalf if the licensee:

  • Provides the initial notice in accordance with section 3 of this rule.
  • Enters into a contractual agreement with the third party that prohibits the third party from disclosing or using the information other than to carry out the purposes for which the licensee disclosed the information, including use under an exception in section 13 or 14 of this rule in the ordinary course of business to carry out those purposes.

Other Exceptions to Notice and Opt-Out Requirements for Disclosure of Nonpublic Personal Financial Information

There are other exceptions to the notice and opt-out requirements for disclosure of nonpublic personal financial information, as stated in [1.4]. These include:

  • With the consent or at the direction of the consumer, provided that the consumer has not revoked the consent or direction.
  • To protect the confidentiality or security of a licensee’s records pertaining to the consumer, service, product, or transaction.
  • To protect against or prevent actual or potential fraud or unauthorized transactions.
  • For required institutional risk control or for resolving consumer disputes or inquiries.
  • To persons holding a legal or beneficial interest relating to the consumer.
  • To persons acting in a fiduciary or representative capacity on behalf of the consumer.
  • To provide information to certain organizations, agencies, attorneys, accountants, and auditors.
  • To comply with or respond to federal, state, or local laws, rules, and other applicable legal requirements, properly authorized civil, criminal, or regulatory investigation, or subpoena, or summons by federal, state, or local authorities, judicial process or governmental regulatory authorities having jurisdiction over a licensee for examination, compliance, or other purposes as authorized by law, or for purposes related to the replacement of a group benefit plan, a group health plan, a group welfare plan, or a workers’ compensation plan.

Therefore, in order to share personal information about your customers with third parties in Indiana, you must provide an initial notice and opt-out notice to the consumer, give them a reasonable opportunity to opt out, and ensure that the third party is under a contractual agreement that prohibits them from disclosing or using the information other than to carry out the purposes for which the licensee disclosed the information. Additionally, there are exceptions to the notice and opt-out requirements for disclosure of nonpublic personal financial information.

Source(s):
Jurisdiction

Indiana