Can I use third-party collaboration tools that collect personal information in North Dakota? What are the requirements?

Yes, you can use third-party collaboration tools that collect personal information in North Dakota, but you must ensure that you comply with North Dakota’s laws and regulations regarding the disclosure and use of personal information and nonpublic personal financial information.

Disclosure of Personal Information

Under NDCC Section 39-33-02, the department may not knowingly disclose personal information about any person obtained by the department in connection with a motor vehicle record, except as provided in certain sections ^[1.1]. Therefore, if the third-party collaboration tool collects personal information from a motor vehicle record, you must ensure that the disclosure of such information is in compliance with the applicable sections of NDCC Section 39-33-02.

Disclosure of Nonpublic Personal Financial Information

Under NDAC Section 45-14-01-11, a licensee may not disclose any nonpublic personal financial information about a consumer to a nonaffiliated third party unless certain conditions are met ^[3.4]. These conditions include providing the consumer with an initial notice and obtaining authorization from the consumer whose nonpublic personal information is sought to be disclosed. However, there are exceptions to this requirement for service providers and joint marketing ^[3.1] and for processing and servicing transactions ^[3.5]. Therefore, if the third-party collaboration tool collects nonpublic personal financial information, you must ensure that the disclosure of such information is in compliance with the conditions set forth in NDAC Section 45-14-01-11 or the exceptions in NDAC Section 45-14-01-14 and NDAC Section 45-14-01-15.

Limits on Redisclosure and Reuse of Nonpublic Personal Financial Information

Under NDAC Section 45-14-01-12, the disclosure and use of nonpublic personal financial information obtained under an exception is limited ^[3.6]. If a licensee receives nonpublic personal financial information from a nonaffiliated financial institution under an exception, the licensee’s disclosure and use of that information is limited. If a licensee receives nonpublic personal financial information from a nonaffiliated financial institution other than under an exception, the licensee may disclose the information only to certain parties. If a licensee discloses nonpublic personal financial information to a nonaffiliated third party under an exception, the third party may disclose and use that information only as specified. Therefore, if the third-party collaboration tool collects nonpublic personal financial information obtained under an exception, you must ensure that the disclosure and use of such information is in compliance with the limitations set forth in NDAC Section 45-14-01-12.

Limitation on Use of Exchanged Information

Criminal history record information exchanged between criminal justice agencies for criminal justice purposes may not be used or disseminated for purposes other than those for which it was originally obtained ^[2.1].

Security Requirements

The criminal justice data information sharing system, including its system design and access requirements, is a critical infrastructure and part of a security system plan under North Dakota Century Code section 44-04-24 ^[4.1]. Authorized individuals and authorized agencies shall keep access passwords and procedures secure and may not disclose access passwords and procedures to individuals or agencies that do not have access to the criminal justice information sharing system ^[4.1].

Conclusion

In summary, if you are using third-party collaboration tools that collect personal information in North Dakota, you must ensure that you comply with North Dakota’s laws and regulations regarding the disclosure and use of personal information and nonpublic personal financial information. You must also ensure that the use of exchanged information is limited to its original purpose and that security requirements are met.

Source(s):

• [1.1] Disclosure and use of personal information from department records prohibited.
• [2.1] Limitation on use of exchanged information.
• [3.1] Exception to authorization requirements for disclosure of nonpublic personal financial information for service providers and joint marketing.
• [3.4] Limits on disclosure of nonpublic personal financial information to nonaffiliated third parties.
• [4.1] Security requirements.
• [3.5] Exceptions to notice and authorization requirements for disclosure of nonpublic personal financial information for processing and servicing transactions.
• [3.6] Limits on redisclosure and reuse of nonpublic personal financial information.

Jurisdiction

North Dakota

• Privacy