Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I share personal information about my customers with third parties in New York? What are the requirements?

Sharing Personal Information with Third Parties in New York

In New York, you may share personal information about your customers with third parties if certain conditions are met [1.1]. These conditions include providing the consumer with an initial notice, an opt-out notice, and a reasonable opportunity to opt-out of the disclosure [1.1].

Requirements for Sharing Personal Information

To share personal information with third parties in New York, you must meet the following requirements [1.1]:

  1. Provide the consumer with an initial notice as required under section 420.4 of this Part.
  2. Provide the consumer with an opt-out notice as required in section 420.7 of this Part.
  3. Give the consumer a reasonable opportunity, before you disclose the information to the nonaffiliated third party, to opt out of the disclosure.
  4. The consumer does not opt out.

Opt-Out Definition

Opt-out means a direction by the consumer that you not disclose nonpublic personal financial information about that consumer to a nonaffiliated third party, other than as permitted by section 420.13, 420.14 or 420.15 of this Part [1.1].

Partial Opt-Out

You may allow a consumer to select certain nonpublic personal financial information or certain nonaffiliated third parties with respect to which the consumer wishes to opt-out [1.1].

Annual Privacy Notice

You must provide a clear and conspicuous notice to customers that accurately reflects your privacy policies and practices not less than annually during the continuation of the customer relationship [1.3].

Information to be Included in Privacy Notices

The initial, annual, and revised privacy notices that you provide shall include each of the following items of information that applies to you and to the consumers to whom you send your privacy notice [1.6]:

  1. The categories of nonpublic personal financial information that you collect.
  2. The categories of nonpublic personal financial information that you disclose.
  3. The categories of affiliates and nonaffiliated third parties to whom you disclose nonpublic personal financial information, other than those parties to whom you disclose information under section 420.14 or 420.15 of this Part.
  4. The categories of nonpublic personal financial information about your former customers that you disclose and the categories of affiliates and nonaffiliated third parties to whom you disclose nonpublic personal financial information about your former customers, other than those parties to whom you disclose information under section 420.14 or 420.15 of this Part.
  5. If you disclose nonpublic personal financial information to a nonaffiliated third party under section 420.13 of this Part (and no other exception in section 420.14 or 420.15 of this Part applies to that disclosure), a separate description of the categories of information you disclose and the categories of third parties with whom you have contracted.
  6. An explanation of the consumer’s right under section 420.10(a) of this Part to opt out of the disclosure of nonpublic personal financial information to nonaffiliated third parties, including the methods by which the consumer may exercise that right at that time.
  7. Any disclosures that you make under section 603(d)(2)(A)(iii) of the Federal Fair Credit Reporting Act (15 U.S.C. 1681a[d][2][A][iii]) (that is, notices regarding the ability to opt out of disclosures of information among affiliates).
  8. Your policies and practices with respect to protecting the confidentiality and security of nonpublic personal information.
  9. Any disclosure that you make under subdivision (b) of this section [1.6].

Exceptions to General Rule

You shall not be required to provide an annual disclosure if you provide nonpublic personal information to nonaffiliated third parties only, in accordance with sections 420.13, 420.14 or 420.15 of this Part, and have not changed your policies and practices, with regard to disclosing nonpublic personal information, from the policies and practices that you disclosed in the most recent disclosure sent to consumers [1.3].

Termination of Customer Relationship

You shall not be required to provide an annual notice to a former customer. A former customer is an individual with whom you no longer have a continuing relationship [1.3].

Delivery

When you are required by this section to deliver an annual privacy notice, you shall deliver it according to section 420.9 of this Part [1.3].

Exceptions to General Rule

Exceptions to the notice and opt-out requirements for disclosure of nonpublic personal financial information are described in section 420.15 of this Part [1.2]. These exceptions include, but are not limited to, disclosure with the consent or at the direction of the consumer, disclosure to protect the confidentiality or security of your records pertaining to the consumer, disclosure to protect against or prevent actual or potential fraud or unauthorized transactions, and disclosure to comply with Federal, State, or local laws, rules and other applicable legal requirements [1.2].

Conclusion

In summary, you may share personal information about your customers with third parties in New York if certain conditions are met, including providing the consumer with an initial notice, an opt-out notice, and a reasonable opportunity to opt-out of the disclosure. You must also provide an annual privacy notice to customers that accurately reflects your privacy policies and practices. The notice must include specific information about the categories of nonpublic personal financial information that you collect and disclose, the categories of affiliates and nonaffiliated third parties to whom you disclose nonpublic personal financial information, and the consumer’s right to opt-out of the disclosure of nonpublic personal financial information to nonaffiliated third parties. Exceptions to the notice and opt-out requirements for disclosure of nonpublic personal financial information are described in section 420.15 of this Part.

Source(s):
Jurisdiction

New York