Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I share personal information about my customers with third parties in Vermont? What are the requirements?

Sharing Personal Information with Third Parties in Vermont

In Vermont, you may share nonpublic personal financial information about a consumer to a nonaffiliated third party only if you have provided the consumer with an initial notice as required under § 5, an opt-in notice under § 8, and the consumer has authorized the disclosure in writing or electronically [1.1][2.1][3.1].

The opt-in notice means the written or electronic authorization by the consumer allowing you to disclose nonpublic personal financial information about that consumer to a nonaffiliated third party, other than as permitted by § 14, § 15, and § 16 [1.1][2.1][3.1].

You must comply with the opt-in requirements regardless of whether you and the consumer have established a customer relationship. Unless you comply with this section, you may not disclose any nonpublic personal financial information about a consumer that you have collected, regardless of whether you collected it before or after providing the opt-in notice [1.1][2.1][3.1].

You may allow a consumer to select certain nonpublic personal financial information or certain nonaffiliated third parties with respect to which the consumer wishes to opt-in [2.1][3.1].

There are exceptions to the opt-in requirements for disclosure of nonpublic personal financial information for service providers and joint marketing. The opt-in requirements do not apply when you provide nonpublic personal financial information to a nonaffiliated third party to perform services for you or functions on your behalf, if you provide the initial notice in accordance with § 5, enter into a contractual agreement with the third party that prohibits the nonaffiliated third party from disclosing or using the information other than to carry out the purposes for which you disclosed the information, including use under an exception in § 15 or § 16 in the ordinary course of business to carry out those purposes, and for joint marketing agreements, you provide only the consumer’s name, contact information, and own transaction and experience information within the meaning of the federal Fair Credit Reporting Act [1.1][2.4].

If you comply with the provisions of § 14(a)(1)(i) and (ii) of this Regulation, you may provide nonpublic personal information to a service provider that is a nonaffiliated third party agent of yours to enable the agent to offer, renew or service products on your behalf. Such disclosure shall not be subject to the limitations of (a)(1)(iii) of this section [2.4].

Annual Privacy Notice to Customers

A financial institution shall provide a clear and conspicuous notice to customers that accurately reflects its privacy policies and practices with respect to nonpublic personal information not less than annually during the continuation of the customer relationship. A financial institution may define the twelve-consecutive-month period, but the financial institution shall apply it to the customer on a consistent basis. A financial institution is not required to provide an annual notice to a former customer [2.3].

Conclusion

In summary, you may share personal information about your customers with third parties in Vermont only if you have provided the consumer with an initial notice, an opt-in notice, and the consumer has authorized the disclosure in writing or electronically. There are exceptions to the opt-in requirements for disclosure of nonpublic personal financial information for service providers and joint marketing. Additionally, financial institutions are required to provide an annual privacy notice to customers.

Source(s):
Jurisdiction

Vermont