Can I use third-party collaboration tools that collect personal information in Pennsylvania? What are the requirements?

Use of Third-Party Collaboration Tools in Pennsylvania

If you plan to use third-party collaboration tools that collect personal information in Pennsylvania, you must ensure that you comply with the regulations regarding the use and release of personal information, as well as the specific requirements for the disclosure of nonpublic personal financial and health information.

Under Pennsylvania law, personal information may be used and released for official purposes and routine uses by the Department, the Bureau, the Division, the Commission, or the Advisory Councils in processing applications, assessing eligibility, and managing veterans’ programs ^[1.1](^[1.1]). However, personal information may only be disclosed to third parties under certain circumstances, such as with the written consent of the participant or a valid court order ^[1.1](^[1.1]).

Regarding nonpublic personal financial information, a licensee may only disclose such information to its affiliates or to nonaffiliated third parties under certain exceptions ^[2.2](^[2.3]). For example, a licensee may disclose nonpublic personal financial information to protect against or prevent actual or potential fraud or unauthorized transactions ^[2.2](^[2.2]). Additionally, the opt-out requirements for disclosure of nonpublic personal financial information do not apply when a licensee provides nonpublic personal financial information to a nonaffiliated third party to perform services for the licensee or functions on the licensee’s behalf, if the licensee meets certain conditions ^[2.3](^[2.3]).

As for nonpublic personal health information, a licensee may not disclose such information without obtaining authorization from the consumer whose information is sought to be disclosed ^[3.1](^[3.1]). However, there are exceptions to this requirement, such as when the disclosure is necessary for claims administration or underwriting ^[3.1](^[3.1]).

In summary, if you plan to use third-party collaboration tools that collect personal information in Pennsylvania, you must ensure that you comply with the regulations regarding the use and release of personal information, as well as the specific requirements for the disclosure of nonpublic personal financial and health information. Additionally, you should be aware of the exceptions to the opt-out requirements for disclosure of nonpublic personal financial information when providing such information to a nonaffiliated third party to perform services for the licensee or functions on the licensee’s behalf ^[2.3](^[2.3]).

Source(s):

• [1.1] Use and release of personal information.
• [2.2] Limits on redisclosure and reuse of nonpublic personal financial information.
• [2.3] Limitation on disclosure of nonpublic personal financial information to nonaffiliated third parties.
• [3.1] Authorization required for disclosure of nonpublic personal health information.

Jurisdiction

Pennsylvania

• Privacy