Ask Reggi Your Question Now
Can I store personal information about my customers in Pennsylvania? What are the requirements?
Storing Personal Information of Customers in Pennsylvania
Yes, you can store personal information about your customers in Pennsylvania, but you must comply with the state’s privacy laws. The Pennsylvania Code Title 31, Chapter 146a outlines the requirements for storing and disclosing nonpublic personal financial information of customers.
According to Section 146a.21 of the Pennsylvania Code, a licensee (which includes any person or entity that engages in the business of insurance in Pennsylvania) may not disclose nonpublic personal financial information about a consumer to a nonaffiliated third party unless certain conditions are met. These conditions include providing the consumer with an initial notice and an opt-out notice, and giving the consumer a reasonable opportunity to opt-out of the disclosure.
Additionally, Section 146a.12 requires a licensee to provide a clear and conspicuous annual privacy notice to customers that accurately reflects its privacy policies and practices not less than annually during the continuation of the customer relationship.
There are also exceptions to the notice and opt-out requirements for disclosure of nonpublic personal financial information. These exceptions include disclosing information with the consent or at the direction of the consumer, to protect the confidentiality or security of a licensee’s records pertaining to the consumer, to protect against or prevent actual or potential fraud or unauthorized transactions, and for required institutional risk control or for resolving consumer disputes or inquiries [1.2].
It is important to ensure that you are in compliance with Pennsylvania’s privacy laws when storing personal information about your customers. Failure to comply with these requirements may result in penalties and legal action [1.1][1.2].
Source(s):
- [1.1] Annual privacy notice to customers required.
- [1.2] Other exceptions to notice and opt out requirements for disclosure of nonpublic personal financial information.
Jurisdiction
Pennsylvania