Can I use third-party customer service tools that collect personal information in West Virginia? What are the requirements?

Using Third-Party Customer Service Tools that Collect Personal Information in West Virginia

If you are a licensee in West Virginia and you use a third-party customer service tool that collects personal information, you may disclose nonpublic personal financial information to the third party without providing an opt-out option to the consumer if you meet the following requirements:

• You provide the initial notice in accordance with section 3.
• You enter into a contractual agreement with the third party that prohibits the third party from disclosing or using the information other than to carry out the purposes for which you disclosed the information, including use under an exception in sections 13 or 14 in the ordinary course of business to carry out those purposes. ^[1.1]

Additionally, you may disclose nonpublic personal financial information without providing an opt-out option to the consumer if the disclosure is necessary to effect, administer or enforce a transaction that a consumer requests or authorizes, or in connection with servicing or processing an insurance product or service that a consumer requests or authorizes. ^[1.5]

However, you must obtain authorization from the consumer or customer whose nonpublic personal health information is sought to be disclosed before disclosing nonpublic personal health information about a consumer or customer. ^[1.2]

Furthermore, if you disclose any nonpublic personal financial information about a consumer to a nonaffiliated third party, you must provide the consumer with an initial notice, an opt-out notice, and a reasonable opportunity to opt-out before disclosing the information to the nonaffiliated third party. ^[1.6]

If you experience a breach of security of computerized personal information, you must give notice of the breach of the security of the system following discovery or notification of the breach of the security of the system to any resident of West Virginia whose unencrypted and unredacted personal information was or is reasonably believed to have been accessed and acquired by an unauthorized person and that causes, or the individual or entity reasonably believes has caused or will cause, identity theft or other fraud to any resident of West Virginia. ^[3.2]

Therefore, if you use a third-party customer service tool that collects personal information, you must ensure that you meet the requirements outlined in ^[1.1], ^[1.2], ^[1.5], and ^[1.6]. If you experience a breach of security of computerized personal information, you must follow the requirements outlined in ^[3.2].

Source(s):

• [1.1] Exception to Opt-Out Requirements for Disclosure of Nonpublic Personal Financial Information for Service Providers and Joint Marketing.
• [1.2] When Authorization Required for Disclosure of Nonpublic Personal Health Information.
• [1.5] Exceptions to Notice and Opt-Out Requirements for Disclosure of Nonpublic Personal Financial Information for Processing and Servicing Transactions.
• [1.6] Limits on Disclosure of Nonpublic Personal Financial Information to Nonaffiliated Third Parties.
• [3.2] Notice of breach of security of computerized personal information.

Jurisdiction

West Virginia

• Privacy