Can I use third-party customer service tools that collect personal information in North Carolina? What are the requirements?

Using Third-Party Customer Service Tools that Collect Personal Information in North Carolina

Yes, you can use third-party customer service tools that collect personal information in North Carolina, but you must comply with the state’s laws and regulations regarding the collection, use, and disclosure of personal information.

Notice of Information Practices

Under NCGS 58-39-25, an insurance institution or agent must provide a notice of information practices to all applicants or policyholders in connection with insurance transactions. The notice must state whether personal information may be collected from persons other than the individual or individuals proposed for coverage, the types of personal information that may be collected, and the types of disclosures that may be made without prior authorization. The notice must also describe the rights established under NCGS 58-39-45 and 58-39-50 and the manner in which such rights may be exercised.

Information Security Program

Under NCGS 58-39-145 and 58-39-150, each licensee must implement a comprehensive written information security program that includes administrative, technical, and physical safeguards for the protection of customer information. The administrative, technical, and physical safeguards included in the information security program shall be appropriate to the size and complexity of the licensee and the nature and scope of its activities.

Federal Privacy Disclosure Notice Requirements

Under NCGS 58-39-26, an insurance institution or agent shall provide, to all applicants and policyholders, a clear and conspicuous notice, in written or electronic form, of the insurance institution or agent’s policies and practices with respect to disclosing nonpublic personal information to affiliates and nonaffiliated third parties, consistent with section 502 of Public Law 106-102, including the categories of information that may be disclosed. The notice must also include the policies and practices of the insurance institution or agent with respect to disclosing nonpublic personal information of persons who have ceased to be customers of the financial institution, the categories of nonpublic personal information that are collected by the insurance institution or agent, and the policies that the insurance institution or agent maintains to protect the confidentiality and security of nonpublic personal information in accordance with section 501 of Public Law 106-102.

Limitation on Use of Information; Security of Marketplace Information

Under NCGS 66-494, information or documents collected solely to comply with the requirements of this Article shall not be used for any other purpose unless required by law. An online marketplace shall implement and maintain reasonable security procedures and practices, including administrative, physical, and technical safeguards, appropriate to the nature of the data and the purposes for which the data will be used, to protect the information or documents collected to comply with the requirements of this Article from unauthorized use, disclosure, access, destruction, or modification.

Based on the above laws and regulations, it is important to provide notice to individuals regarding the collection, use, and disclosure of their personal information, and to obtain their consent where necessary. Additionally, personal information should only be disclosed to third parties in accordance with the requirements of the relevant laws and regulations.

Jurisdiction

North Carolina

• Privacy