Ask Reggi Your Question Now
Can I use third-party project management tools that collect personal information in Pennsylvania? What are the requirements?
Use of Third-Party Project Management Tools that Collect Personal Information in Pennsylvania
Pennsylvania has specific requirements for the use and release of personal information [1.1]. The use and release of personal information is allowed for official purposes and routine uses by the Department, the Bureau, the Division, the Commission, or the Advisory Councils in processing applications, assessing eligibility, and managing the veterans’ programs, including discussions and dispositions at public meetings of the Commission and Advisory Councils [1.1].
If the third-party project management tool collects nonpublic personal financial information, the licensee must comply with the limitations on redisclosure and reuse of such information, including providing the consumer with an initial notice, an opt-out notice, and a reasonable opportunity to opt-out of the disclosure [3.1][3.3].
Additionally, if the third-party project management tool collects nonpublic personal health information, the licensee may not disclose such information unless an authorization is obtained from the consumer whose nonpublic personal health information is sought to be disclosed [2.1].
However, there is an exception to the opt-out requirements for disclosure of nonpublic personal financial information for service providers and joint marketing [3.2]. The opt-out requirements do not apply when a licensee provides nonpublic personal financial information to a nonaffiliated third party to perform services for the licensee or functions on the licensee’s behalf, if the licensee meets certain conditions, including providing the initial notice and entering into a contractual agreement with the nonaffiliated third party that prohibits the nonaffiliated third party from disclosing or using the information other than to carry out the purposes for which the licensee disclosed the information [3.2].
In summary, the use of third-party project management tools that collect personal information in Pennsylvania is allowed as long as the licensee complies with the requirements for the use and release of personal information and the limitations on redisclosure and reuse of nonpublic personal financial information. If the tool collects nonpublic personal health information, the licensee must obtain authorization from the consumer. There is an exception to the opt-out requirements for disclosure of nonpublic personal financial information for service providers and joint marketing.
Source(s):
- [1.1] Use and release of personal information.
- [2.1] Authorization required for disclosure of nonpublic personal health information.
- [3.1] Limits on redisclosure and reuse of nonpublic personal financial information.
- [3.2] Exception to opt out requirements for disclosure of nonpublic personal financial information for service providers and joint marketing.
- [3.3] Limitation on disclosure of nonpublic personal financial information to nonaffiliated third parties.
Jurisdiction
Pennsylvania