Can I use third-party project management tools that collect personal information in North Dakota? What are the requirements?

Use of Third-Party Project Management Tools in North Dakota

Based on the provided documents, North Dakota has strict regulations on the disclosure and use of personal information. The use of third-party project management tools that collect personal information is subject to these regulations.

According to NDAC Section 45-14-01-11, a licensee may not disclose any nonpublic personal financial information about a consumer to a nonaffiliated third party unless the licensee has provided an initial notice, a notice as required in section 45-14-01-08, and obtained an authorization from the consumer whose nonpublic personal information is sought to be disclosed. The authorization must contain specific information, including the identity of the consumer, the types of nonpublic personal information to be disclosed, the parties to whom the information will be disclosed, and the purpose of the disclosure.

Furthermore, NDAC Section 45-14-01-14 provides an exception to the authorization requirements for disclosure of nonpublic personal financial information for service providers and joint marketing. However, the licensee must enter into a contractual agreement with the third party that prohibits the third party from disclosing or using the information other than to carry out the purposes for which the licensee disclosed the information.

NDAC Section 45-14-01-16 provides other exceptions to notice and authorization requirements for disclosure of nonpublic personal financial information. The requirements for initial notice to consumers, notice and authorization, and initial notice do not apply when a licensee discloses nonpublic personal financial information with the consent or at the direction of the consumer, provided that the consumer has not revoked the consent or direction. Additionally, the requirements do not apply when the disclosure is necessary to protect the confidentiality or security of a licensee’s records pertaining to the consumer, service, product, or transaction; to protect against or prevent actual or potential fraud or unauthorized transactions; for required institutional risk control or for resolving consumer disputes or inquiries; to persons holding a legal or beneficial interest relating to the consumer; or to persons acting in a fiduciary or representative capacity on behalf of the consumer.

NDAC Section 45-14-01-15 provides exceptions to notice and authorization requirements for disclosure of nonpublic personal financial information for processing and servicing transactions. The requirements for initial notice, notice and authorization, and service providers and joint marketing do not apply if the licensee discloses nonpublic personal financial information as necessary to effect, administer, or enforce a transaction that a consumer requests or authorizes.

Therefore, if a third-party project management tool collects personal information, the licensee must obtain authorization from the consumer and ensure that the third party is contractually bound to use the information only for the purposes for which it was disclosed. Additionally, the licensee may disclose nonpublic personal financial information without authorization in certain circumstances, such as with the consent or at the direction of the consumer, to protect against fraud or unauthorized transactions, or to process and service transactions that a consumer requests or authorizes.

Authorized individuals and agencies must comply with security requirements under 28 C.F.R. Part 20 and NCIC, and criminal history record information exchanged between criminal justice agencies for criminal justice purposes may not be used or disseminated for purposes other than those for which it was originally obtained ^{[2.1][3.1][2.4]}.

In summary, the use of third-party project management tools that collect personal information in North Dakota is subject to strict regulations. The licensee must obtain authorization from the consumer and ensure that the third party is contractually bound to use the information only for the purposes for which it was disclosed. Additionally, the licensee may disclose nonpublic personal financial information without authorization in certain circumstances. Authorized individuals and agencies must comply with security requirements under 28 C.F.R. Part 20 and NCIC, and criminal history record information exchanged between criminal justice agencies for criminal justice purposes may not be used or disseminated for purposes other than those for which it was originally obtained ^{[2.1][3.1][2.4]}.

Source(s):

• [2.1] Other exceptions to notice and authorization requirements for disclosure of nonpublic personal financial information.
• [3.1] Limitation on use of exchanged information.
• [2.4] Exceptions to notice and authorization requirements for disclosure of nonpublic personal financial information for processing and servicing transactions.

Jurisdiction

North Dakota

• Privacy