Can I share personal information about my customers with third parties in Maryland? What are the requirements?

Sharing Personal Information with Third Parties in Maryland

In Maryland, a licensee is generally required to provide a clear and conspicuous notice to customers that accurately reflects its privacy policies and practices for nonpublic financial information. However, there are exceptions to notice and opt-out requirements for disclosure of nonpublic personal financial information ^[1.1].

Exceptions to Notice and Opt-Out Requirements

A licensee is not required to provide an annual privacy notice to a current customer if the licensee provides nonpublic personal information to nonaffiliated third parties only in accordance with Regulations .14-.16 of this chapter and has not changed its policies and practices with regard to disclosing nonpublic personal information from the policies and practices that were disclosed in the most recent disclosure sent to consumers ^[1.1].

Other exceptions to notice and opt-out requirements for disclosure of nonpublic personal financial information include, but are not limited to, disclosures made with the consent or at the direction of the consumer, disclosures made to protect the confidentiality or security of a licensee’s records pertaining to the consumer, disclosures made to protect against or prevent actual or potential fraud or unauthorized transactions, and disclosures made to comply with federal, state, or local laws, rules, and other applicable legal requirements ^[1.4].

Limits on Disclosure of Nonpublic Personal Financial Information to Nonaffiliated Third Parties

A licensee may not, directly or through an affiliate, disclose nonpublic personal financial information about a consumer to a nonaffiliated third party unless the licensee has provided to the consumer an initial notice as required under Regulation .05 of this chapter, has provided to the consumer an opt-out notice as required in Regulation .08 of this chapter, has given the consumer a reasonable opportunity, before it discloses the information to the nonaffiliated third party, to opt out of the disclosure, and the consumer does not opt out ^[1.5].

Exception to Opt-Out Requirements for Disclosure of Nonpublic Personal Financial Information for Service Providers and Joint Marketing

The opt-out requirements in Regulations .08 and .11 of this chapter do not apply when a licensee provides nonpublic personal financial information to a nonaffiliated third party to perform services for the licensee or functions on the licensee’s behalf, if the licensee provides the initial notice in accordance with Regulation .05 of this chapter and enters into a contractual agreement with the third party that prohibits the third party from disclosing or using the information other than to carry out the purposes for which the licensee disclosed the information, including use under an exception in Regulation .15 or .16 of this chapter in the ordinary course of business to carry out those purposes ^[1.6].

Conclusion

In general, a licensee in Maryland is required to provide a clear and conspicuous notice to customers that accurately reflects its privacy policies and practices for nonpublic financial information. However, there are exceptions to notice and opt-out requirements for disclosure of nonpublic personal financial information. A licensee may not disclose nonpublic personal financial information about a consumer to a nonaffiliated third party unless the licensee has provided to the consumer an initial notice as required under Regulation .05 of this chapter, has provided to the consumer an opt-out notice as required in Regulation .08 of this chapter, has given the consumer a reasonable opportunity, before it discloses the information to the nonaffiliated third party, to opt out of the disclosure, and the consumer does not opt out. There is an exception to opt-out requirements for disclosure of nonpublic personal financial information for service providers and joint marketing ^{[1.1][1.4][1.5][1.6]}.

Therefore, it is important to review the specific regulations and exceptions to determine whether sharing personal information with third parties is permissible in a particular situation.

Source(s):

• [1.1] Annual Privacy Notice for Financial Information to Customers Required.
• [1.4] Other Exceptions to Notice and Opt Out Requirements for Disclosure of Nonpublic Personal Financial Information.
• [1.5] Limits on Disclosure of Nonpublic Personal Financial Information to Nonaffiliated Third Parties.
• [1.6] Exception to Opt Out Requirements for Disclosure of Nonpublic Personal Financial Information for Service Providers and Joint Marketing.

Jurisdiction

Maryland

• Privacy