Statutes, codes, and regulations
Alaska Administrative Code
Title 3 - Commerce, Community, and Economic DevelopmentPart 2 - Division of InsuranceChapter 26 - Trade Practices
Article 5 - Privacy of Consumer Financial and Health Information
Section 3 AAC 26.620 - Information included in privacy notices

3 Alaska Admin. Code § 26.620

Download
PDF
Current through September 25, 2024
Section 3 AAC 26.620 - Information included in privacy notices
(a) In a privacy notice required under 3 AAC 26.610, 3 AAC 26.615, and 3 AAC 26.630, a licensee shall include the following:
(1) the categories of nonpublic personal financial information that the licensee collects;
(2) the categories of nonpublic personal financial information that the licensee discloses;
(3) except for persons to whom the licensee discloses information as allowed under 3 AAC 26.665 and 3 AAC 26.670, the categories of affiliates and nonaffiliated third parties to which the licensee discloses a consumer's nonpublic personal financial information;
(4) except for persons to whom the licensee discloses information as allowed under 3 AAC 26.665 and 3 AAC 26.670, the categories of nonpublic personal financial information that the licensee discloses about a consumer who is no longer a customer of the licensee;
(5) except for persons to whom the licensee discloses information as allowed under 3 AAC 26.665 and 3 AAC 26.670, the categories of affiliates and nonaffiliated third parties to whom the licensee discloses nonpublic personal financial information about a consumer who is no longer a customer of the licensee;
(6) if the licensee discloses nonpublic personal financial information to a nonaffiliated third party under 3 AAC 26.660 and an exception in 3 AAC 26.665 or 3 AAC 26.670 does not apply to the disclosure, a separate description of the categories of information that the licensee discloses and the categories of nonaffiliated third parties with whom the licensee has contracted;
(7) an explanation of the consumer's right under 3 AAC 26.645 to opt out of the disclosure of nonpublic personal financial information to nonaffiliated third parties, including the methods by which the consumer may opt out;
(8) a disclosure that the licensee makes under 15 U.S.C. 1681 a(d)(2)(A)(iii) (Fair Credit Reporting Act) regarding the ability of a consumer to opt out of disclosures of information among affiliates;
(9) a description of the licensee's policies and practices regarding the protection of the confidentiality and security of nonpublic personal financial information;
(10) a disclosure that the licensee makes under (b) of this section.
(b) If a licensee discloses nonpublic personal financial information as allowed under 3 AAC 26.665 or 3 AAC 26.670, the licensee
(1) is not required to list the persons subject to the exceptions in a notice required under 3 AAC 26.610 or 3 AAC 26.615; and
(2) shall state in a notice required under 3 AAC 26.610 or 3 AAC 26.615 that the licensee makes disclosures to other affiliates or nonaffiliated third parties as allowed by law.
(c) A licensee meets the requirements of 3 AAC 26.610(a) (2) and 3 AAC 26.625(d) for a consumer who is not a customer if the
(1) licensee prepares a privacy notice containing the information required in (a) of this section;
(2) licensee, upon the consumer's request, provides the privacy notice to the consumer;
(3) consumer may obtain a copy of the privacy notice by at least one of the following means:
(A) calling a toll-free number provided by the licensee;
(B) sending a written request to a mailing address provided by the licensee;
(C) making an in-person request at the licensee's office for immediate provision of a copy;
(D) another means that the director determines to be a reasonable means for the consumer to obtain a copy; and
(4) licensee provides, at the same time that the opt out notice required under 3 AAC 26.625 is provided, a short-form initial notice to the consumer that
(A) is clear and conspicuous;
(B) states that the licensee's privacy notice is available upon request; and
(C) explains how the consumer may obtain the privacy notice.
(d) A licensee may include in the notices required under 3 AAC 26.610, 3 AAC 26.615, and 3 AAC 26.630 the following:
(1) the categories of nonpublic personal financial information that the licensee does not currently disclose, and that the licensee reserves the right to disclose in the future;
(2) the categories of affiliates or nonaffiliated third parties to whom the licensee does not currently disclose nonpublic personal financial information, but to whom the licensee may disclose nonpublic personal financial information in the future;
(3) other information that applies to the licensee and to the consumer.
(e) A licensee, including a group of financial holding company affiliates that use a common privacy notice, may use the following sample statements to comply with the applicable requirements of this section regarding content of privacy notices, if each statement used is accurate for each institution that uses the notice:
(1)categories of information a licensee collects (all institutions): a licensee may use the following statement to meet the requirement of 3 AAC 26.620(a) (1) to describe the categories of nonpublic personal financial information the licensee collects:

We collect nonpublic personal financial information about you from the following sources:

Information we receive from you on applications or other forms;

Information about your transactions with us, our affiliates, or any others; and

Information we receive from a consumer-reporting agency.

(2)categories of information a licensee discloses (institutions that disclose outside of the exceptions): a licensee may use one of the following statements, if applicable, to meet the requirement of 3 AAC 26.620(a) (2) to describe the categories of nonpublic personal financial information the licensee discloses; a licensee may use the following statements if the licensee discloses nonpublic personal financial information other than as allowed by the exceptions in 3 AAC 26.660 - 3 AAC 26.670:

Alternative 1:

We may disclose the following kinds of nonpublic personal financial information about you:

Information we receive from you on applications or other forms, such as [provide illustrative examples, such as "your name, address, social security number, assets, income, and beneficiaries"];

Information about your transactions with us, our affiliates, or any others, such as [provide illustrative examples, such as "your policy coverage, premiums, and payment history"]; and

Information we receive from a consumer-reporting agency, such as [provide illustrative examples, such as "your creditworthiness and credit history"].

Alternative 2:

We may disclose all of the information that we collect, as described [describe location in the notice, such as "above" or "below"].

(3)categories of information a licensee discloses and persons to whom the licensee discloses (institutions that do not disclose outside of the exceptions): a licensee may use the following statement to meet the requirements of 3 AAC 26.620(a) (2), (3), (4), and (5) to describe the categories of nonpublic personal financial information about customers and former customers that the licensee discloses and the categories of affiliates and nonaffiliated third parties to whom the licensee discloses; a licensee may use the following statement if the licensee does not disclose nonpublic personal financial information to any person, other than as allowed by the exceptions in 3 AAC 26.665 and 3 AAC 26.670:

We do not disclose any nonpublic personal financial information about our customers or former customers to anyone, except as allowed by law.

(4)categories of parties to whom a licensee discloses (institutions that disclose outside of the exceptions): a licensee may use the following statement to meet the requirement of 3 AAC 26.620(a) (3) to describe the categories of affiliates and nonaffiliated third parties to whom the licensee discloses nonpublic personal financial information; the following statement may be used if the licensee discloses nonpublic personal financial information other than as allowed by the exceptions in 3 AAC 26.660 - 3 AAC 26.670, as well as when allowed by the exceptions in 3 AAC 26.665 and 3 AAC 26.670:

We may disclose nonpublic personal financial information about you to the following types of third parties:

Financial service providers, such as [provide illustrative examples, such as "life insurers, automobile insurers, mortgage bankers, securities broker-dealers, and insurance agents"];

Non-financial companies, such as [provide illustrative examples, such as "retailers, direct marketers, airlines, and publishers"]; and

Others, such as [provide illustrative examples, such as "non-profit organizations"].

We may also disclose nonpublic personal financial information about you to nonaffiliated third parties as allowed by law.

(5)service provider/joint marketing exception: a licensee may use one of the following statements to meet the requirements of 3 AAC 26.620(a) (6) related to the exception in 3 AAC 26.660 for provision of nonpublic personal financial information to a nonaffiliated third party to act as a service provider or to perform joint marketing services; if a licensee discloses nonpublic personal financial information under the exception in 3 AAC 26.660, the licensee shall describe the categories of nonpublic personal financial information the licensee discloses and the categories of third parties with which the licensee has contracted:

Alternative 1:

We may disclose the following information to companies that perform marketing services on our behalf or to other financial institutions with which we have joint marketing agreements:

Information we receive from you on applications or other forms, such as [provide illustrative examples, such as "your name, address, social security number, assets, income, and beneficiaries"];

Information about your transactions with us, our affiliates, or any others, such as [provide illustrative examples, such as "your policy coverage, premium, and payment history"]; and

Information we receive from a consumer-reporting agency, such as [provide illustrative examples, such as "your creditworthiness and credit history"].

Alternative 2:

We may disclose all of the information we collect, as described [describe location in the notice, such as "above" or "below"] to companies that perform marketing services on our behalf or to other financial institutions with which we have joint marketing agreements.

(6)explanation of opt out right (institutions that disclose outside of the exceptions): a licensee may use the following statement to meet the requirement of 3 AAC 26.620(a) (7) to provide an explanation of the consumer's right to opt out of the disclosure of nonpublic personal financial information to nonaffiliated third parties, including the method by which the consumer may exercise that right; the licensee may use this statement if the licensee discloses nonpublic personal financial information other than as allowed under 3 AAC 26.660 - 3 AAC 26.670:

If you prefer that we not disclose nonpublic personal financial information about you to nonaffiliated third parties, you may opt out of those disclosures, that is, you may direct us not to make those disclosures, other than disclosures allowed by law. If you wish to opt out of disclosures to nonaffiliated third parties, you may [describe a reasonable means of opting out, such as "call the following toll-free number: (insert number)"].

(7)confidentiality and security (all institutions): a licensee may use the following statement to meet the requirement of 3 AAC 26.620(a) (9) to describe the licensee's policies and practices with respect to protecting the confidentiality and security of nonpublic personal financial information:

We restrict access to nonpublic personal financial information about you to [provide an appropriate description, such as "those employees who need to know that information to provide products or services to you"]. We maintain physical, electronic, and procedural safeguards that comply with federal regulations to guard your nonpublic personal financial information.

3 AAC 26.620

Eff. 1/1/2005, Register 172

In 2010 the revisor of statutes, acting under AS 01.05.031, renumbered former AS 21.36.162 as AS 21.36.510. As of Register 196 (January 2011), the regulations attorney made a conforming technical revision under AS 44.62.125(b)(6), to the authority citation that follows 3 AAC 26.620, so that the citation to former AS 21.36.162 now refers to the renumbered statute, AS 21.36.510.

Authority:AS 21.06.090

AS 21.36.510