Can I share personal information about my customers with third parties in North Dakota? What are the requirements?

Sharing Personal Information with Third Parties in North Dakota

In North Dakota, a licensee may not disclose any nonpublic personal financial information about a consumer to a nonaffiliated third party unless the licensee has provided the consumer with an initial notice as required under section 45-14-01-05, provided the consumer with a notice as required in section 45-14-01-08, and obtained authorization from the consumer whose nonpublic personal information is sought to be disclosed ^[1.1]. The authorization must be in written or electronic form separate from that used for any other purpose and must contain specific information about the types of nonpublic personal information to be disclosed, the parties to whom the information will be disclosed, the purpose of the disclosure, and how the information will be used. The authorization must also include notice of the length of time for which the authorization is valid and that the consumer may revoke the authorization at any time and the procedure for making a revocation ^[1.1].

However, there are exceptions to the authorization requirements for disclosure of nonpublic personal financial information for processing and servicing transactions, service providers and joint marketing, and for information received under an exception ^{[1.3][1.6][1.7]}. For example, a licensee may disclose nonpublic personal financial information as necessary to effect, administer, or enforce a transaction that a consumer requests or authorizes, or in connection with servicing or processing an insurance product or service that a consumer requests or authorizes ^[1.6]. Additionally, a licensee may provide nonpublic personal financial information to a nonaffiliated third party to perform services for the licensee or functions on the licensee’s behalf, if the licensee provides the initial notice in accordance with section 45-14-01-05 and enters into a contractual agreement with the third party that prohibits the third party from disclosing or using the information other than to carry out the purposes for which the licensee disclosed the information ^[1.3].

Annual Privacy Notice

A licensee shall provide a clear and conspicuous notice to customers that accurately reflects its privacy policies and practices not less than annually during the continuation of the customer relationship ^[1.2]. The notice must be delivered according to section 45-14-01-10.

Other Exceptions to Notice and Authorization Requirements

There are other exceptions to the notice and authorization requirements for disclosure of nonpublic personal financial information ^[1.4]. For example, a licensee may disclose nonpublic personal financial information to comply with federal, state, or local laws, rules, and other applicable legal requirements, or to comply with a properly authorized civil, criminal, or regulatory investigation, or subpoena or summons by federal, state, or local authorities ^[1.4].

Personal Health Information

In North Dakota, a licensee shall not disclose nonpublic personal health information about a consumer or customer unless an authorization is obtained from the consumer or customer whose nonpublic personal health information is sought to be disclosed ^[1.5]. However, there are exceptions to this requirement for certain insurance functions, such as claims administration, underwriting, and policy placement or issuance, among others ^[1.5].

Conclusion

In summary, a licensee in North Dakota may share personal information about customers with third parties under certain circumstances, such as when the customer has provided authorization or when the disclosure is necessary to effect, administer, or enforce a transaction that the customer has requested or authorized. However, there are strict requirements for obtaining authorization and limitations on the redisclosure and reuse of nonpublic personal financial information. It is important to review the relevant North Dakota Administrative Code sections and consult with legal counsel to ensure compliance with these requirements.

Source(s):

• [1.1] Limits on disclosure of nonpublic personal financial information to nonaffiliated third parties.
• [1.2] Annual privacy notice to customers required.
• [1.3] Exception to authorization requirements for disclosure of nonpublic personal financial information for service providers and joint marketing.
• [1.4] Other exceptions to notice and authorization requirements for disclosure of nonpublic personal financial information.
• [1.5] When authorization required for disclosure of nonpublic personal health information.
• [1.6] Exceptions to notice and authorization requirements for disclosure of nonpublic personal financial information for processing and servicing transactions.
• [1.7] Limits on redisclosure and reuse of nonpublic personal financial information.

Jurisdiction

North Dakota

• Privacy