Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I store personal information about my customers in Washington? What are the requirements?

Storing Personal Information of Customers in Washington

Yes, you can store personal information about your customers in Washington, but you must comply with the state’s privacy laws. The Washington Administrative Code (WAC) 284-04-205 requires that licensees provide a clear and conspicuous notice to customers that accurately reflects its privacy policies and practices not less than annually during the continuation of the customer relationship. The notice must include the categories of nonpublic personal financial information that the licensee collects, discloses, and the categories of affiliates and nonaffiliated third parties to whom the licensee discloses nonpublic personal financial information [1.1][1.6].

Additionally, WAC 284-04-300 limits the disclosure of nonpublic personal financial information to nonaffiliated third parties. A licensee may not disclose any nonpublic personal financial information about a consumer to a nonaffiliated third party unless the licensee has provided the consumer with an initial notice, an opt-out notice, and given the consumer a reasonable opportunity to opt-out of the disclosure [1.4].

However, there are exceptions to the opt-out requirements for disclosure of nonpublic personal financial information for service providers and joint marketing under WAC 284-04-400. The opt-out requirements do not apply when a licensee provides nonpublic personal financial information to a nonaffiliated third party to perform services for the licensee or functions on the licensee’s behalf, if the licensee has provided the initial notice and entered into a contractual agreement with the third party that prohibits the third party from disclosing or using the information other than to carry out the purposes for which the licensee disclosed the information [1.5].

Other exceptions to notice and opt-out requirements for disclosure of nonpublic personal financial information are listed in WAC 284-04-410. These exceptions include, but are not limited to, disclosure with the consent or at the direction of the consumer, disclosure to protect the confidentiality or security of a licensee’s records pertaining to the consumer, disclosure to persons holding a legal or beneficial interest relating to the consumer, and disclosure to comply with federal, state or local laws, rules and other applicable legal requirements [1.2].

Furthermore, WAC 284-04-305 limits the redisclosure and reuse of nonpublic personal financial information. If a licensee receives nonpublic personal financial information from a nonaffiliated financial institution under an exception in WAC 284-04-405 or 284-04-410, the licensee’s disclosure and use of that information is limited. If a licensee receives nonpublic personal financial information from a nonaffiliated financial institution other than under an exception in WAC 284-04-405 or 284-04-410, the licensee may disclose the information only to its affiliates or to any other person if the disclosure would be lawful if made directly to that person by the financial institution from which the licensee received the information [1.3].

In summary, you can store personal information about your customers in Washington, but you must comply with the state’s privacy laws, including providing annual privacy notices, limiting the disclosure of nonpublic personal financial information to nonaffiliated third parties, and providing opt-out notices. There are exceptions to the opt-out requirements for disclosure of nonpublic personal financial information for service providers and joint marketing, as well as other exceptions listed in WAC 284-04-410. Additionally, the redisclosure and reuse of nonpublic personal financial information is limited under WAC 284-04-305.

Source(s):
Jurisdiction

Washington