Can I use third-party email marketing tools that collect personal information in Iowa? What are the requirements?

Third-Party Email Marketing Tools and Personal Information Collection in Iowa

If you are using third-party email marketing tools that collect personal information in Iowa, you must comply with the state’s data privacy laws. The disclosure of personal information is regulated by the Iowa Administrative Code, specifically IACO 321N.10 ^[4.1].

According to IACO 321N.10, a transportation network company shall not disclose a transportation network company rider’s personal information to a third party unless the rider consents to the disclosure, the disclosure is required by law, the disclosure is required to protect or defend the terms of use of the company’s services, or the disclosure is required to investigate a violation of the terms of use. For purposes of this section, “personal information” includes but is not limited to the rider’s name, home address, telephone number, and payment information.

However, this regulation applies specifically to transportation network companies and may not be directly applicable to email marketing tools.

Limits on Sharing Account Number Information for Marketing Purposes

Iowa Administrative Code 191 IAAC 90.11 ^[2.1] limits the sharing of account number information for marketing purposes. A licensee shall not directly or through an affiliate disclose, other than to a consumer reporting agency, a policy number or similar form of access number or access code for a consumer’s policy or transaction account to any nonaffiliated third party for use in telemarketing, direct-mail marketing, or marketing through electronic mail to the consumer. However, this rule does not apply if a licensee discloses a policy number or similar form of access number or access code to a licensee’s service provider solely to perform marketing for the licensee’s own products or services, as long as the service provider is not authorized to directly initiate charges to the account.

Third-Party Service Provider Arrangements

Iowa Administrative Code 507F.5 ^[6.1] requires licensees to exercise due diligence in the selection of third-party service providers, conduct oversight of all third-party service provider arrangements, and require all third-party service providers to implement appropriate administrative, technical, and physical measures to protect and secure the information systems and nonpublic information that are accessible to, or held by, the licensee’s third-party service providers.

Conclusion

Based on the available information, it is unclear whether there are specific requirements for using third-party email marketing tools that collect personal information in Iowa. However, Iowa Administrative Code 191 IAAC 90.11 and 507F.5 provide guidance on the limits of sharing account number information for marketing purposes and third-party service provider arrangements, respectively.

Source(s):

• [2.1] Limits on sharing account number information for marketing purposes.
• [4.1] Disclosure of personal information.
• [6.1] Third-party service provider arrangements.

Jurisdiction

Iowa

• Privacy