Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I use third-party customer service tools that collect personal information in New York? What are the requirements?

Using Third-Party Customer Service Tools in New York

If you are using third-party customer service tools that collect personal information in New York, you must comply with the provisions of the Personal Privacy Protection Law and its regulations [4 NYCRR 60.3].

Under the law, you must designate a privacy compliance officer responsible for ensuring compliance with the Personal Privacy Protection Law and its regulations. The privacy compliance officer is also responsible for coordinating responses to requests for records or amendment of records [5 NYCRR 2.7][17 NYCRR 2.7].

Requests for access to, correction, or amendment of records must be made in writing and filed with or referred to the personal privacy compliance officer [5 NYCRR 2.7][17 NYCRR 2.7].

If you are disclosing nonpublic personal financial information for processing and servicing transactions, you may be exempt from the notice and opt-out requirements under certain circumstances [11 NYCRR 420.14]. However, if you receive nonpublic personal financial information from a nonaffiliated financial institution, your disclosure and use of that information is limited [11 NYCRR 420.11].

If you intend to disclose protected health information, you must provide a clear and conspicuous authorization form to the consumer or customer [11 NYCRR 420.19]. The authorization must contain the identity of the consumer or customer who is the subject of the nonpublic personal health information, a general description of the types of nonpublic personal health information to be disclosed, general descriptions of the parties to whom the licensee discloses nonpublic personal health information, the purpose of the disclosure and how the information will be used, the signature of the consumer or customer who is the subject of the nonpublic personal health information or the individual who is legally empowered to grant authority and the date signed, and notice of the length of time for which the authorization is valid and that the consumer or customer may revoke the authorization at any time and the procedure for making a revocation [11 NYCRR 420.18].

Fees for photocopies or data printouts of records available pursuant to the Personal Privacy Protection Law and its regulations shall be 25 cents per page [4 NYCRR 209.5].

In summary, if you are using third-party customer service tools that collect personal information in New York, you must comply with the Personal Privacy Protection Law and its regulations, including designating a privacy compliance officer, responding to requests for records, and paying fees for photocopies or data printouts of records.

Requirements for Using Third-Party Customer Service Tools in New York

  • Comply with the Personal Privacy Protection Law and its regulations
  • Designate a privacy compliance officer
  • Respond to requests for records
  • Pay fees for photocopies or data printouts of records
  • Limit disclosure and use of nonpublic personal financial information received from nonaffiliated financial institutions [11 NYCRR 420.11]
  • Provide a clear and conspicuous authorization form to the consumer or customer before disclosing protected health information [11 NYCRR 420.19]

[4 NYCRR 60.3][5 NYCRR 2.7][17 NYCRR 2.7][11 NYCRR 420.14][11 NYCRR 420.18][4 NYCRR 209.5]

Jurisdiction

New York